document updated 19 years ago, on Jul 25, 2005
Tools
Ethereal is what I specifically use, but
there are many (free and commercial) tools available.
Communications are done over TCP. The local client connects to server port# 3724.
Gold Values
By searching for gold values, you can quickly find incoming/outgoing mail that contains money, auctions, and
person-to-person trades that involve money. Underneath, everything is done in amounts of copper (eg. 5 gold =
50000 copper). Here's some example values to make sure you have your byte-order correct:
| gold | silver | copper | network bytes | ethereal filter
|
|---|
| 9999 | 99 | 99 | ff e0 f5 05 | tcp matches "\\xff\\xe0\\xf5\\x05"
|
| 200 | 95 | 00 | 9c a9 1e 00 | tcp matches "\\x9c\\xa9\\x1e\\x00"
|
| 5 | 0 | 0 | 50 c3 00 00 | tcp matches "\\x50\\xc3\\x00\\x00"
|
| | 50 | 0 | 88 13 00 00 | tcp matches "\\x88\\x13\\x00\\x00"
|
| | | 10 | a0 00 00 00 | tcp matches "\\x0a\\x00\\x00\\x00"
|
Time Values
Time-remaining values (at least those found at the auction house) are stored in milliseconds. Here are a
few examples for reference:
Item UID's
Download Auctioneer.
Unpack, and take a look at ItemData.lua, and you'll find the UIDs that WoW uses:
decimal
ItemData.lua | network bytes | Item Description
|
|---|
| 13446 | 86 34 | Major Healing Potion
|
| 14342 | 06 38 | Mooncloth
|
|
|
Basic filters
| Type | Filter | Description
|
|---|
| tcpdump | tcp port 3724 | Only capture WorldOfWarcraft packets
|
| ethereal | tcp matches "\\xa8\\xe6\\x50\\x00" | Only display packets that include "Cilia@Thunderhorn"'s UID
|