Hola alguna vez seguí el manual y funciona el detalle es el diccionario ya que si la clave no esta en el diccionario no la vas a conseguir nunca.
En la pagina oficial de aircrack esta el manualhttps://www.aircrack-ng.org/doku.php?id=cracking_wpa
aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap
Usa el programa!
Si buscas en google sobre la encriptacion
In summary, TKIP is an older encryption standard used by the old WPA standard. AES is a newer Wi-Fi encryption solution used by the new-and-secure WPA2 standard. In theory, that's the end of it. But, depending on your router, just choosing WPA2 may not be good enough
Y si buscas sobre protocolo usado en el handshake de WPA te recomiendan un libro y una sección si quieres entrar en detalles ahi esta el enlace http://security.stackexchange.com/questions/17767/four-way-handshake-in-wpa-personal-wpa-psk
This book is a very good resource on wireless security. This section explains the details of the four-way handshake, but you really need to read the whole chapter to understand it.
Both WPA2-PSK and WPA2-EAP result in a Pairwise Master Key (PMK) known to both the supplicant (client) and the authenticator (AP). (In PSK the PMK is derived directly from the password, whereas in EAP it is a result of the authentication process.) The four-way WPA2 handshake essentially makes the supplicant and authenticator prove to each other that they both know the PMK, and creates the temporal keys used to actually secure network data.
Capturing the four-way handshake will not divulge the PMK or PSK (since capturing the handshake is trivial over wireless this would be a major vulnerability). The PMK isn't even sent during the handshake, instead it is used to calculate a Message Integrity Check (MIC). You basically need to perform a dictionary or bruteforce attack on the handshake until you find a password which results in the same MIC as in the packets.