From 0ba91812be8b592f18c9b8dad692cea71020cf4d Mon Sep 17 00:00:00 2001 From: daerath Date: Wed, 6 Feb 2019 10:15:53 -0500 Subject: [PATCH] Updated Packet and OpCode Analysis (markdown) --- Packet-and-OpCode-Analysis.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packet-and-OpCode-Analysis.md b/Packet-and-OpCode-Analysis.md index ec28949..e59d117 100644 --- a/Packet-and-OpCode-Analysis.md +++ b/Packet-and-OpCode-Analysis.md @@ -29,7 +29,7 @@ Navigate to the ShowEQ repo’s [Tags](https://sourceforge.net/p/seq/svn/HEAD/tr Look at the Date column to see when each patch was released. Select one of the folders and then select the conf subfolder. The only files we are concerned with are worldopcodes.xml and zoneopcodes.xml. These contain the world and zone opcodes, but not all of them were updated for the latest patch. Only the ones ShowEQ needs were updated. Thankfully, if you look inside each file you can see the date/time each opcode was updated. # Reading a capture -You cannot directly use a packet capture. Most packets will be compressed and most likely transmitted as Combined or Oversized packets. Making sense of them requires understanding the network-level packet structures so that you can decompress them and break them into individual packets. The only good way to do this is via code. I’m sure there is an existing toolset to do this, but I opted for writing one. I’m happy to share it and the underlying source. +You cannot directly use a packet capture. Most packets will be compressed and most likely transmitted as Combined or Oversized packets. Making sense of them requires understanding the network-level packet structures so that you can decompress them and break them into individual packets. The only good way to do this is via code. I’m sure there is an existing toolset to do this, but I opted for writing one. You can find the source [here](https://github.com/daerath/EQPacketParser). It is fairly basic in function, which is perfectly fine for my purposes (so far). Once the packets have been uncompressed and split apart, the opcodes from ShowEQ come into play. The tool maps packet opcodes to known opcodes and indicates packet direction (to or from the server). It also outputs each packet in byte format, hex format, and as a string. This helps make some calculations easier and the raw string output can enable faster identification of packet structure if it contains string values.