This is an old revision of the document!
The classic ARP-request replay attack is the most effective to generate new IVs, and works very reliably. You need either the MAC address of an associated client (00:09:5B:EB:C5:2B), or a fake MAC from attack 1 (00:11:22:33:44:55). You may have to wait for a couple of minutes, or even longer, until an ARP request shows up; this attack will fail if there is no traffic.
Please note that you can also reuse ARP requests from a previous capture using the -r switch.
aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:11:22:33:44:55 ath0 Saving ARP requests in replay_arp-0627-121526.cap You must also start airodump to capture replies. Read 2493 packets (got 1 ARP requests), sent 1305 packets...