In monitor mode of operations, the interface does not join
to any network. This mode is generally used for passive
sniffing. The interface receives all packets in its listening
channel, even though it may not be destined for it. The protocol
driver mac80211 sends upstream the unaltered IEEE 802.11
MAC packet with certain extra header information. The extra
header radiotap includes physical layer information such as
received channel, signal quality, signal to noise ratio, antenna
and modulation scheme [19]. Sniffing tools such as Wireshark
[20] use Pcap [21] function to get these packets to the
application layer.
The other purpose of m
nitor mode is packet injection. It ispossible to inject random IEEE 802.11 MAC frames using the
radiotap header and monitor mode WLAN network interface.
Fig. 9 shows the functional flow of packet injection. This is
possible by assembling the packet with minimum required
radiotap header and sending it to the driver using kernel socket
functions. W-meter is one of the open source tool, which is
used for arbitrary frame injection [22].
