Something I failed to mention earlier...
I noticed also that the activity after my aireplay-ng command does not go straight to the Deauth but first to
Referencing the aircrack-ng site describing fake authentication, there is a section specifically addressing this situation of "Waiting for beacon frame."
20:09:22 Waiting for beacon frame (BSSID: 00:C0:49:CC:8B:BC) on channel 11
The suggestions include:
The wireless card is set to a channel which is different then the AP. Solution: Use iwconfig and confirm the card is set to the same channel as the AP.
The card is scanning channels. Solution: Start airodump-ng with the ”-c” or ”–channel” parameter and set it to the same channel as the AP.
The ESSID is wrong. Solution: Enter the correct value. If if contains spaces or special characters then enclose it in quotes. For the complete details, see this FAQ entry.
The BSSID is wrong. Solution: Enter the correct value.
You are too far away from the AP and are not receiving any beacons. Solution: You can use tcpdump and/or airodump-ng to confirm you are in fact receiving beacons for the AP. If not, move closer.
You are not receiving beacons for the AP: Solution: Use “tcpdump -n -vvv -e -s0 -i <interface name>” to confirm you are receiving beacons. Assuming you have dealt with with potential problems above, it could be the drivers or you have not put the card into monitor mode.
I have none of these issues and my card is on CH11 @ 2.462 GHz.
I also looked at the data in wireshark and filtered it , unless I am reading it wrong, I am getting data both ways, right. I filtered with eapol.keydes.type == 254 and I see 3 from the AP to the client and 2 from the client to the AP.
Sorry about the link but I don't have enough posts yet to make it active. Copy and paste and you will see the screen shot from my Wireshark.
I'm also working with the good folks over at the aircrack forum so between the two I am sure we can find a solution to this issue.