I'm cracking a wpa2-psk wifi with aircrack-ng. After popullating the *cap file I'll apply brute-force with john.
The question is:
What time is it recommend to run airodump-ng before killing it's process?
How many beacons should be there, and how does that affects the brute-force procedure?
What you're looking for with cracking WPA-PSKs is handshakes (clients joining the network), so the exact amount of time that you'll need to wait depends on how busy the network is.
As a tip you can run airocrack-ng on the cap files whilst you're capturing traffic and see if there are any handshakes listed for the network that you're interested in.
Also another way to speed things up is to lock airodump-ng onto the channel that the network you're interested in is using (using the --channel switch) as that way it won't hop around all the channels and you'll get more traffic that you're interested in.
Additionally if there are clients on the network but there's not a lot of joining activity you can use a deauthentication attack to speed things along.
Bruteforce is completely a matter of Luck and victim's Ignorance . Run airodump for as long as you can and as much time and resources you wanna dedicate .
Regarding Beacons , it doesn't really matter . beacons are just unencrypted announcement packets. They are totally useless for cracking imho .
Not directly answer the question but if the access point has WiFi Protected Setup (WPS) enable, then take a look at Reaver. It works by cracking the setup pin which is much much quicker.
There is a further flaw in most access points which halves the attack time too. Worse is that a lot don't even let you turn this feature off.
