I had to add "use Exporter;" to the top in order for it to work. Otherwise you get this error:

$ perl -wc netpacket.pl
Can't locate package Exporter for @NetPacket::Ethernet::ISA at netpacket.pl line 5.
Can't locate package Exporter for @NetPacket::ISA at /usr/lib/perl5/site_perl/5.10/NetPacket/IP.pm line 17.
Can't locate package Exporter for @NetPacket::IP::ISA at netpacket.pl line 6.
Can't locate package Exporter for @NetPacket::TCP::ISA at netpacket.pl line 7.
netpacket.pl syntax OK

Also, I changed the "foo.pcap" to be $ARGV[0] so I could just pass it an argument.

my $log = Net::TcpDumpLog->new();
$log->read($ARGV[0]);

Now you can do "netpacket.pl ", put netpacket.pl in your path and use it anywhere.

I was wondering if anyone knew of any scripts that already existed that used these modules and exported useful information about the pcap, such as

– total number of flows
– total number of unique IP's seen (src vs dst)
– total number of unique ports seen (src vs dst)
– breakdown of traffic types (percentages based on dst port)
– top n flows, IP's, dst ports, packet sizes, etc

Basically I'm looking to get via text / perl the same stuff I might get from Wireshark's analysis. I just want it in text instead of graphical format or to have to launch wireshark.

Do you mean to use localtime($secs) instead of localtime(time)?