# airodump-ng

airodump-ng "is used for packet capture, capturing raw 802.11 frames."

# Find APs to attack with a CERTAIN word in their names

sudo airodump-ng mon0 --essid-regex CORP --band abg -w inscope --output-format csv

# Listen for handshake on specific wifi name

sudo airodump-ng wlan0mon --essid "Name of Corp Wifi" -w capture.cap

# Start listening for a handshake using specific BSSID and specific channel

sudo airodump-ng -c 1 --bssid 00:11:22:33:44:55 -w name-of-file-to-output mon0

Now that you're taking a good dump (heh), you could speed the handshake-grabbing process along by disassociating clients using aireplay-ng!

# Extract and crack captured handshakes

Check the aircrack-ng page for more info.