in reply to Finding patterns in packet data?
Have you ever looked at snort?
How are you going to sniff the packets? tcpdump? Or are you working on a Windows box?
I am not sure why you are looking for a magic number in the packet. The packet should have some port information, and the tool should be working on a port. Just sniff packets to the server port and to the client port.
Let us know more info if you have it.
UPDATE: I'm obliged to remind all that sniffing packets across a network that is not under your command is wrong and is considered computer abuse. You can be prosecuted. Don't try to break the security and don't try to make the administrator's job any harder.
J. J. Horner Linux, Perl, Apache, Stronghold, Unix firstname.lastname@example.org http://www.knoxlug.org/