I sniffed traffic in Monitor mode and examined the packets to see the Initialization Vector.
Here are three packets:
The IVs are not random! They are just counting up.
To see the IVs, I sorted by Source, and look only at Data frames.
Here are some IVs I observed for frames sent from Cisco to Apple, labelled with Packet Number and IV:
Here are some IVs I observed for frames sent from Apple to Cisco, labelled with Packet Number and IV:
The pcap file is here.
I now see that some cards do start at a random value of the IV and count up: WEP Vulnerabilities .