What we're going to do in this particular recipe is go through a few steps on how to break a WPA that happens be using a weak passphrase.
The way we start our attack against WPS is to use a familiar command, airmon-ng:
airmon-ng start wlan0
Again we are putting our card into monitor mode to detect wireless networks in the area. We could follow this command up with airodump-ng, like we did with WEP and WPA/WPA2, but we will instead switch over to using the reaver suite and use it's built-in commands. In this case we will issue the following command:
wash -i mon0
This command is designed to hunt for networks that use WPA specifically. When you run the command, you will get an output similar to the following: