You are mentioning using a offline pcap? I use the "Net::PcapUtils" Module. You can lookup the cpan module: http://search.cpan.org/~timpotter/Net-PcapUtils-0.01/PcapUtils.pm. I use this module to seek DHCP packets. Parsing our data inside of the packet then output into a file. Here's a snippet that maybe a guide. 
use Net::Pcap;
use FileHandle;
use Net::PcapUtils;
use Data::HexDump;
use NetPacket::IP qw(:ALL);
use NetPacket::TCP qw(:ALL);
use NetPacket::UDP qw(:ALL);
use NetPacket::Ethernet qw(:ALL);
use DBI;
use Net::DHCP::Packet;

Net::PcapUtils::loop(\&process, DEV => 'p3p1', FILTER => 'port 67', SN
+APLEN => 1500, PROMISC => 0);



sub process
  {

 my($ip, $eth, $udp, $len, $tcp);
  my $debug = 0;

  if($debug == 1) { print "ENTERED SUB PROCESS\n"; }
  my $v1 = undef;
  my $v2 = undef;
  my $pkt = undef;
  my $key = undef;
  my $val = undef;

  ($v1, $v2, $pkt) = @_;


  if($debug == 1) { print "V1: \"$v1\"\n"; }
  if($debug == 1) { print "V2: \"$v2\"\n"; }
  if($debug == 1) { print "PKT: \"$pkt\"\n"; }

  $eth = NetPacket::Ethernet->decode($pkt);

  if($eth->{type} != 2048)  #1500 Ethernet_II, 2048 IP, 
     { print "UNK ETH FRAME TYPE \"" . $eth->{type} . "\"\n"; return; 
+} 

  $ip = NetPacket::IP->decode($eth->{data});
  #foreach $key (keys %$ip) { print "$key\n"; }
  

  my $src_ip = $ip->{src_ip};

  if($ip->{proto} != 17) #6 = tcp, 17 = udp
    { print "NON UDP FRAME.. NEXT\n"; return; }

  $udp=NetPacket::UDP->decode($ip->{data});

  my $packet = Net::DHCP::Packet->new($udp->{data});

  my $output = $packet->toString();
  if($debug == 1) { print "OUTPUT: \"$output\" L:\"" . __LINE__ . "\"\
+n"; }

  }

[download]
Please keep in mind this script will not work as is. You will need to add a few things (#!)..

In reply to Re: Net::Pcap print ip address by t_rex_joe
in thread Net::Pcap print ip address by raj_paps

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.