Yes to the wireshark, but if there is a Mac filter in place you wouldn't have been able to fakeauth to the AP in the first place. That is not your problem (I am, by the way, assuming this is a post related to the other thread I've made posts in - Edit: Didn't see the post you made after mine - the below info is still useful, but I can remove the assumption).
macchanger is only useful if Mac filtering is actually in place from the start - if you can fakeauth, there is no mac filtering in place because the idea is to stop everything. I cannot, for example, crack my own dev wep network because my hacktop's wifi card is not in the permitted list.
But, in the event fakeauth fails at the beginning (and it's not SKA), a macfilter may be pertinent - in which case just let airodump run for a while and then read the .cap file to see what you can find coming from the lan*. Or you have to wait for a real client to show.
*Some routers don't do their mac filtering properly and will permit ethernet-side Mac address' on the wifi interface. I see this about 10% of the time on small business (i.e. "cheap-ass") routers, but never on better end stuff.
Have a play with macfiltering on your own dev network before you head back out to the client, there are some neat tricks (some of them, for example, fear non-corporate address' like 11:22:33:xx:xx:xx)