Hey guys,

Great job with ShowEQ, I have known people using it for years and I have always thought it was awsome.

I want to start a similar project for MxO (recently became an SOE product). I have got ethereal (finally Gentoo and Ethereal Sux with wirless) and I have started capturing masses of packets. The problem is that I don't know how to begin decoding the packets so that they make sense to me so I can code up an app that can start doing simple things.

How did you guys get started on this project and making sense of the packets that you had captured ?

http://www.spunge.org/~madforce/images/sig.png

I don't really know if anyone who was involved in the initial effort is still around here.

If you're serious about trying to understand the network stream of something, you probably want to stare at packet dumps and start trying to look for similarities or obvious things at the protocol level. If the traffic is UDP, there is probably some sort of sequencing mechanism for example. There might be checksums or obvious zlib compression headers so you can start to split the packet up until you can successfully uncompress it.

You might also want to disassemble the actual game client in order to work backward from the network recieve system calls to trace what happens to the data taken off the wire, and use this knowledge to reverse what the protocol is.

Once you kinda know the protocol, then you need to do actions in the game and look at what packets it makes, then start relating the information the client would need from the server to what is in the payloads.

Interestingly enough. Alot of people ask me similar questions about mxo. It would seem they are using the SoE protocol just like EQ, EQ2, and SWG. On top of the SoE protocol, each game has its own unique packets.

The SoE protocol is prety well documented in a few places including showeq source and Everdump (http://www.pptournament.m6.net/eq2).

You will have to figure out the mxo protocol yourself. You may also have to work through any encryption that may be in the way. Figuring out the encryption prety much requires disassembling the client. Once the packet stream is in plain text, you can do most of the analysis of the packets by just looking through the logs for meanigful data.

Thanx guys I will start my head bashing immediately :) I'll start witch EQ Packet Sniff and work from there.

I will keep ya updated provided the game (MxO) doesn't fail in the mean time, or if I get banned (which they seem to be doing alot of lately)