I'm not familiar with NetPacket specifically, but it looks like it processes, well, packets when what you need is to look at assembled TCP conversations, the packets of which may be fragmented and arrive out-of-sequence.

Unless you find a module that does that work for you, you need to accumulate packets and associate them with HTTP requests yourself.

In the simple case, you can stop accumulating data from a particular connection once you successfully match a GET header, and then clear it from the temporary store. This is not true for HTTP/1.1 connections though, since they may have several requests in them.

That said, a very quick'n'dirty and unreliable way that may work some of the time is to match the payload of each packet with something that looks like a GET request:

print "Requested: $1\n" if $payload =~ /GET (\S+)/;

Here too there is place for added robustness; many things can look like a URI and you only want to match the ones from an actual header.

Oh: and if you know which end of the connection is the web client, only look for GETs in packets sent from that end :)