The packets will look the same whether you are using tcpdump under linux, or wireshark under windows.
Basically a packet is usually a bunch of data that is loaded into a struct, then the struct is written out to a wire with a send() function that takes a pointer to the struct, and the length of data to write. On the other side, the recv() function take a void * pointer to a memory location to write the data to, then normally you overlay that same struct on top of it (typecasting) to read back the data.
By using a packet sniffer you can sometimes find the offsets in these fields. For example, lets say you can tell that the first 4 bytes of a network packet changes when you jump, this could be a 4 byte integer value pertaining to your Z axis. In reality it can get pretty hairy decoding raw packets, but it is really the only insight into EQ servers that we have =)
You can learn a lot about network programming by googling c++ sockets, write a simple hello world client / server application and you will be well on your way.
kukmuk