Thanks for the explanation of the handshake. I wasn't really interested in capturing the incorrect password, just the fact that an attempt had been made. After researching this a bit more, it looks like it's possible through Wireshark: Tutorial: WPA Packet Capture Explained.
This is quick and dirty explanation of two sample WPA capture files. The first file (wpa.full.cap) is a capture of a successful wireless client WPA connection to an access point. The second file (wpa.bad.key.cap) is a capture of a wireless client attempting to use the wrong passphrase to connect to the AP.