I first performed an generic ARP broadcast attack, which got us an IV generation rate of around 400.
While attacking a network, it is likely that address range information could be captured. Typically using attacks such as the Korek Chop Chop, may reveal an associated clients IP information within unprotected network traffic.
With this information you can more than double your IV generation rates by sending an ARP request to a existing WiFi client which will create a 1-3 IV generation rate.
Using packetforge-ng we create a a more targeted ARP broadcast packet, this time from a valid address on the subnet in use. This packet is also destined for a valid authenticated client IP.