The format specifier "%.*s" is used to print a specific number of characters from a char* argument (avoids requirement for null termination). In this case, packet_length characters will be printed from in + 8.

From man asprintf():

The functions asprintf() and vasprintf() are analogs of sprintf(3) and vsprintf(3), except that they allocate a string large enough to hold the output including the terminating null byte, and return a pointer to it via the first argument. This pointer should be passed to free(3) to release the allocated storage when it is no longer needed.

It is safe in the sense of buffer overrun but is a non-standard function (from the linked page, it is a GNU extension). In the context of the posted code in which the size of the buffer is known prior to the asprintf() call, the asprintf() provides a convenience for the programmer in that it avoids a malloc() (which is necessary to avoid guessing the maximum size of the buffer to be populated).

If portability is not a requirement, then snprintf() offers nothing extra than asprintf() and asprintf() is more convenient to use.

As this is tagged C++ you could use a std::string instead:

#include <string>

std::string s(in + 8, packet_length);

and use std::string::c_str() if really required. This avoids having to manually free() the buffer produced by asprintf().