This is a question in the generic sense, I am just asking this out of interest.

While in the program I can press a button, and a certain Send packet will always show up in the sniffer when I press that button. So when I press the button I know what packet to expect. The problem is that the data in the packet bears little relation to the value in question.

I know that in IP packet structure you have all the sections of the header, and then the data section.

Would you set a BP on a winsock function, and then look for an encryption algo before it? Or should I go back a bit in the code and then trace forward checking the value of EAX on each line as I go?

Finding the packet for a particular action isn't the hard part, the hard part is making sense of the data in the packet, lol.