To start capturing network packets, select [File] | [Wireless Network Sniffer] menu item, select the correct device (AipPCap adapter; typically listed as \\.\airpcap00 device) and channel and press [OK]. If you're not sure about the channel, press [Detect networks] button, and the programs start monitoring all channels:
Select (highlight) an access point, and press [Use selected]. The program will start monitoring the selected channel, and will show the handshakes captured:
Once you get the one you need, press [Stop sniffing], then [OK], and now you can the recovery process. But please note that if you're using trial or standard version of the product, the packets will be still captured, but you will not be able to import them for further password recovery; this feature is available in professional edition only (for more details, see Limitations of unregistered version and Registration chapters).
If you don't have a compatible AirPCap adapter, there are some alternatives. tcpdump is a common packet sniffer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by several people working in the Lawrence Berkeley Laboratory; now distributed under a permissive free software licence, and works on most Unix-like operating systems. There are also a few ports of tcpdump for Windows.
All existing packet sniffers can export the packets in tcpdump format:
In addition, EWSA supports the 'native' file format produced by CommView for Wi-Fi software.
The captured data should contain the full authentication handshake from a real client and the access point. Please note that the program does not work with the packets where linktype is LINKTYPE_ETHERNET (they come from wired, not wireless networks).