Project 1999 uses the Titanium client? So they can really only do what that client allows them plus whatever they inject into it. I guess it wouldn't be that hard to inject actual encryption into the client, but nothing in what you cut and pasted above screams "This is encrypted" to me. That last packet with the huge payload is an issue, but it could be a seq bug. If you are serious about making it work and they have been serious about stopping network sniffing, your biggest asset will be someone who can disassemble the client and see what it is doing differently. It's a really difficult problem to protect the network stream when the client is by default compromised.