On Apr 6, 2016, at 7:21 PM, Yang Luo <hsluoyb@xxxxxxxxx> wrote:
> BTW, should adding radiotap header to a 802.11 packet be an option which can be selected by the user? If yes, which is by default? with radiotap or without it?
> In fact, I want to know how Linux implements this?
Newer Linux drivers are mac80211 drivers, which supply "fake Ethernet" headers when not in monitor mode and 802.11+radiotap headers when in monitor mode.
> I tend to keep the alike manner as other systems.
Different systems behave differently. BSD-flavored systems might offer the option of no radio header or radiotap headers, or might even offer a choice of no radio header or *multiple* radio headers:
$ tcpdump -i en0 -L
Data link types for en0 when not in monitor mode (use option -y to set):
RAW (Raw IP)
PPI (Per-Packet Information)
EN10MB (Ethernet)
$ tcpdump -i en0 -I -L
Data link types for en0 when in monitor mode (use option -y to set):
RAW (Raw IP)
IEEE802_11_RADIO_AVS (802.11 plus AVS radio information header)
IEEE802_11 (802.11)
IEEE802_11_RADIO (802.11 plus radiotap header)
PPI (Per-Packet Information)
but I think that's overkill - it's probably best to just provide 802.11+radiotap headers in monitor mode, with no option.