Initial analysis of the ping-pong packets

LOTRO sends "ping-pong" packets between the client and the server to verify the connection is established and both sides are working. These happen in the background without any user interaction. And these also happen in the menu. As far as I understood it so far, the client sends a "ping-packet" to the server and the server "pongs" it.
So far I've seen the following types of ping-pong-packets:

Fast-ping-pong (0x08004002)

This packet contains 10 bytes of data. The first 4 bytes is the sequence number of the last packet seen from the server (e.g. the last packet from the server was 0x0000001F, so this byte sequence will be the four bytes).
This is followed by 6 bytes which are currently unknown. The first four bytes always seem to be a number where only the first byte varies. Their purpose is completely unknown.
The last two bytes of these unknown bytes seem always to be increasing in small steps (between 1 and 4) so it might be the amount of seconds since the client started or even the sum of all bytes sent or something similar.
0x08004002 packets are (almost) always answered by the server with the same type of packet.

Full-ping-pong (0x0B004002)

This packet contains 22 bytes of data. The first 4 are againt the sequence number from the server. This is followed by a constant A§Úõ (at least during my capture) and a few other bytes. The byte at 0x1C always is the same value as the one at 0x28. The next 3 bytes are unknown, but the first always seems to be 0xA0. It might be that this might change once the last 2 bytes of the packet gets larger than 0xFF. Bytes 0x20 to 0x23 is an (increasing?) number that the server will have to put into his reply.
Again the packet ends with 6 bytes, which seem to be the same as in the 0x08004002 packet.
This packet is answered by a 0x0C0040002 packet.

Full-ping-pong-repsonse (0x0C004002)

This packet is the repsonse of the server to the clients 0x0B004002 packet. It constists of 18 bytes of data. The first 4 bytes are again the sequence number of the last packet the server saw from the client. The following 4 bytes are the copy of the bytes 0x20 to 0x23 from the clients packet. The following four bytes are unknown. Again the packet ends with 6 bytes, which seem to be the same as in the 0x08004002 and the 0x0B004002 packets.

Non-sequentiell-ping-pong's (0x0?000002)

These packets seem to be the same as their 0x0?004002 counterparts, except for the facts they are missing the 4 sequence number bytes at the beginning of the data. It is unclear why and when these are issued.

Clarification on the projects status

First of all thanks for the comments that show your interest! Unlike you might have thought I did not stop working on analyzing the packets sent between the client and the server. It's just that "real live" sometimes gets in the way ;-)

So I recently started capturing packets again to see how they are assembled. This is a time consuming process but I'll explain the very easy steps.

1.) Clone the repository from http://gitorious.org/lotro/lotro-server
2.) Import the project into your Visual Studio (Monodevelop is not supported right now)
3.) Run the Project LOTROPacketCaptureAndAutoDecryption
4.) Launch the game and "do something"
5.) Take a look at the packages generated by LOTROPacketCaptureAndAutoDecryption (you can also upload them to http://bwgypyth.appspot.com/ but be aware that they might contain sensitive data)
6.) Repeat steps 3.) to 5.) over and over again

We already know some of the details on the decrypted packets, like to be seen in http://bwgypyth.appspot.com/packet.jsp?packet=35004. All of the analyzed packets so far contain a header and data block. The header always is 20 bytes long (the initial packets sent have a header of 22 bytes, but more on that in a later post) and describes the data.

The data packets themselves can be distinguished by the "root command" (as we call it). This defines the type of data that is sent. So far we know the most about 0x00000006 packets, which are used when doing a character creation request.

The server and client also exchange "ping pong" packets to verify they can talk to each other and didn't loose the connection. I case someone is interested in understanding the process you can try to identify these packets (simply do nothing in the game and these will be the most frequent packages) and analyze how they are built up. Feel free to ask questions regarding this process in the comments and I'll try to answer them as quickly as possible.

And a quick sidenote: Everything we did so far is open source and can be found at http://gitorious.org/lotro. Feel free to play with the code and add things. The web application for visualizing packets is written in Java while the dumping of packets is written in C#. Both of these languages are pretty easy to learn (you don't have to deal with memory allocation), but feel free to contribute in whichever language you prefer.