Quick question for you guys,

Does anyone know which method(s) they used to discover the original packet structures and opcodes way back in the day? Was it assembly/RE/debugging or was it analysis of the network packets?

As far as I know ShowEQ packet sniffed originally when packets were not encrypted.

Not sure about "back in the day" but we have a utility that analyses packet captures from Live:-

https://github.com/EQEmu/EQExtractor

But in reality you have to RE a lot of it as they intentionally mess up the structures. In terms of what opcode does what, you need to work it out based on what has gone before, as well as trying certain activities and seeing the opcode generated (e.g. "I only ever see that opcode generated when I invite someone to join the guild")

I haven't updated it in a while due to work/RL/summer, but will get back on it eventually :P