Wiki

By default, iwd suppresses all debug output. However, sometimes it is advantageous to enable this and can be easily accomplished by passing the '-d' command line option when starting iwd, as follows:

denkenz@iwd-test ~ $ sudo iwd -d

One can also selectively enable debug output if only a certain subset of debug messages are interesting. This is done by passing a filter (glob match rules apply) after the -d commannd line option, as follows:

denkenz@iwd-test ~ $ sudo iwd -d'station*'

The above would only print debug messages from the station module.

If you are having issues with WPA-Enterprise authentication methods based on TLS (e.g. EAP-TLS, EAP-TTLS, EAP-PEAP) then you can also enable much more verbose TLS debug output by setting the IWD_TLS_DEBUG environment variable. For example:

denkenz@iwd-test ~ $ export IWD_TLS_DEBUG=1
denkenz@iwd-test ~ $ sudo iwd -d

One can also spy on the netlink (NL80211) between iwd and the kernel using the 'iwmon' utility. To start it, simply issue the iwmon command as root prior to starting iwd, as follows:

denkenz@iwd-test ~ $ sudo iwmon

The above command will start iwmon and will dump out (to stdout) all NL80211, RTNL and EAPoL traffic ongoing between the kernel and iwd. If you're not interested in the contents of certain messages, you can filter these with iwmon command line options. For example, if you're trying to debug WPA-Enterprise authentication issues, then you can issue the following command to filter RTNL, scanning and wiphy capability related messages:

denkenz@iwd-test ~ $ sudo iwmon --nortnl --nowiphy --noscan

One can also have iwmon save all packets in PCAP format for later examination (e.g. in wireshark) as follows:

denkenz@iwd-test ~ $ sudo iwmon --write /path/to/file.pcap

NOTE: If you're interested in obtaining EAPoL traffic, then you must ensure that iwd's main.conf ControlPortOverNL80211 option is set to False.