#! /usr/bin/env perl
#16:44:00.094758 1.0 Mb/s 2427 MHz 11b -53dBm signal antenna 1 Probe Request (M-PM-0M-PM-1M-PM-2M-PM-3M-PM-4M-PM-5M-QM-^QM-PM-6M-PM-7M-PM-8M-PM-9M-PM-:) [1.0 2.0 5.5 11.0 Mbit]
#	0x0000:  0018 d0b0 d0b1 d0b2 d0b3 d0b4 d0b5 d191
#	0x0010:  d0b6 d0b7 d0b8 d0b9 d0ba 0104 0204 0b16
#	0x0020:  3208 0c12 1824 3048 606c 0301 072d 1a2c
#	0x0030:  0103 ff00 0000 0000 0000 0000 0000 0000
#	0x0040:  0000 0000 0000 0000 00dd 0700 50f2 0800
#	0x0050:  5400

#use strict;

sub capture {
    my $iface = shift;
    my %hashes;
    open my $fd, "tcpdump -lnxi $iface subtype probe-req |" or die $!;
    my @bytes;
    while (<$fd>) {
        if (/^\s*(0x\w+):\s+(.+)/) {
            push @bytes, hex($_) for $2 =~ /\w{2}/g;
        }
        elsif (@bytes) {
            shift @bytes;
            my $essid_length = shift @bytes;
            my $essid = join '', map chr, @bytes[0 .. $essid_length - 1];
            unless ($hashes{$essid}) {
                $hashes{$essid} = 1;
                print "$essid\n" if $essid_length;
            }
            @bytes = ();
        }
    }
    close $fd;
    
}

$| = 1;
my $iface = @ARGV ? $ARGV[0] : 'wlan0';
capture($iface);