howto read the xml data dump

this is just a guide for small understanding and how you may get some information from there

first it would be good to have this dump with newlines (either take a new sniffitzt version or use sed (i just replaced the "><" with a newline)

a line in this file looks like this:

<packet date="12345" direction="s2c" opcode="123">123abfc</packet>
*date is the unix-timestamp when this packet gots logged (search for unix timestamp, you surely find a converter)

• direction is s2c (server sends to client) or c2s (client sends to server) a c2c and s2s was not seen yet (:
• opcode this represented by a decimal value, i tell you later more
• packetdata itself, this is represented in hexdata and is in little endian

opcodes

to understand the opcodes you need the mangossources or look at http://mangos.svn.sourceforge.net/viewvc/mangos/trunk/src/game/Opcodes.h cmsg_* are clientmessages and smsg_* are servermessages then you have to convert the hex-value into a decimal value (i use http://www.parkenet.com/apl/HexDecConverter.html) and then you can search the log for this (my searchterm is allways "123" (with the quotation marks) because else it will find to much senseless stuff in the packet data)

the packet data:

maybe you first will have a look at http://en.wikipedia.org/wiki/Endianness#Little-endian i don't know if this data can be saved as big endian too to read the data you need to know, many bytes represent a value. if you take the mangossource as reference uint32() = 4byte uint64=8byte uint8=1 byte and if there is text sent with length its length bytes note a byte represents a value like a3,ff,00... you also have to watch out for this, if you reorder it to human-readable endianness

practical example:

i want to understand a random soundid.
first i look for the soundopcode in src/game/opcodes.h in mangossource
SMSG_PLAY_SOUND = 0x2D2,
hex 2d2 ->dec 722
and then i search in my favorite editor for "722" and the first packet i found is:
<packet date="1215510790" direction="S2C" opcode="722">14200000</packet>
so now i know that the server sent the data to me(direction = s2c), and if i want i even can get out which day and which hour this happened
to decrypt the packet-data i will look what information is inside, so i search the mangosdir with grep or ack
ack SMSG_PLAY_SOUND src/game
and get the following in BattlegroundMgr.cpp:
data->Initialize(SMSG_PLAY_SOUND, 4);
*data << uint32(soundid);
so the data is only one chunk with uint32, which means we can take those 4 bytes: 14 20 00 00
to convert them into decimal you need to change ther endianness (just reverse it, or maybe your from arabia, so you can easily read this (:
00 00 20 14 is the reversed order of the bytes
so you can use the hex-dec converter and get 8212

example #2

another (shorter example) to demonstrate what happens with 2 values
i search for SMSG_UPDATE_WORLD_STATE which is 707 in decimal system
mangos sends the following s575
data->Initialize(SMSG_UPDATE_WORLD_STATE, 4+4);
*data << uint32(field);
*data << uint32(value);
so 2 times 4 byte
an example packet looks like this
..direction="S2C" opcode="707">370C000058020000</packet..
field = 37 0C 00 00 = 00 00 0C 37 = 3127
value = 58 02 00 00 = 00 00 02 58 = 600

===bigger example