Hardware-wise all cards can send and receive radio packets on Wi-Fi frequencies.

The problem is that the cards have a firmware that controls all the low-level stuff, like frequency-hopping, etc… for example when your computer requests to scan all available networks it doesn’t manually tune the card to each frequency, listen on it and repeats the process for each channel; instead it just tells the card to scan and the firmware takes care of the rest.

Some cards have a more permissive firmware (Atheros is probably the best one in this case) that allows to transmit (injection) and listen (monitor) without being associated (connected and authenticated) to a network beforehand, whereas others won’t allow you to do such things until you connect to the network you’re attacking, which is of course impossible because you don’t yet have the key.

Wireless networks work in predefined modes which have specific functionality but also come with strict functional restrictions. Wireless attacks require a higher control over the lower layers of communication in order to send and receive any kind of data.

When you are in the default mode (Station Infrastructure Mode), you have to follow strict rules imposed by that mode, you can’t even directly talk to a different client in default mode. So, for more control, you need Monitor mode to listen to any communication in the air. But Monitor mode (if supported by your hardware, chipset, firmware, driver, driver hack and OS wrapper) doesn’t standardly allow you to send data. This is where packet injection comes in.

Packet injection means sending data while in Monitor mode because it’s a passive-only mode (Source: wireless.kernel.org).

Sending and receiving management and control frames is necessary for impersonating base stations and clients, and for listening to frames that are meant for specific adapters. The dreadful deauthentication frame, apart from the DoS it can cause, it’s the first stage in a multi-stage attack. It can be used to capture the WPA 4-way handshake or to force a user into a malicious AP, or to recover a hidden SSID, and even generate ARP frames for a WEP replay attack.

So, packet injection and monitor mode are two features that provide the much neaded low level control for attacks. And they are missing from some wireless adapters in order to restrict certain layer 2 operations for security reasons, like sniffing and spoofing frames because of poor manufacturer support, lack of open drivers, and people hacking drivers.