(original) (raw)
Skype
Know something interesting about Skype? Drop me an email.
There has been extensive research on various aspects of Skype. Skype continues to inspire new papers. I have grouped the published papers about Skype into several categories. The link within each category is preceded by Skype version number. 'W' indicates Windows and 'L' indicates Linux.
Skype Architecture
- [1.4W, 1.0L] An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol by Salman A. Baset and Henning Schulzrinne (Skype v1.4) [INFOCOM'06]
- dumps. (some skype dumps for my experiments)
- [0.97W,L] An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol by Salman A. Baset and Henning Schulzrinne, September 2004.
* . (some skype dumps for my experiments)
- [1.0W] An Analysis of the Skype VoIP application for use in a corporate environment by Dennis Bergstrom, October 2004.
- [0.97] Performance Analysis of a P2P-based VoIP Software by Gao Lisha and Luo Junzhou [AICT/ICIW'06]
Skype Executable Reverse Engineering
- [?] Silver Needle in the Skype by Philippe Biondi and Desclaux Fabrice
- [?] Vanilla Skype 1 by Desclaux Fabrice and Kostya Kortchinsky code
- [?] Vanilla Skype 2 by Desclaux Fabrice and Kostya Kortchinsky
- [?] Skype powered botnets by Cedric Blancher
- [0.97?] Skype Uncovered by Desclaux Fabrice
- [2.x?W] Logging Skype Traffic by Apoc Matrix (code coming soon)
- [?] Skype reverse engineering genesis, Video, Source code
Skype Quality and Reaction to Congestion
- [3.2/3.8] OneClick: A Framework for Measuring Network Quality of Experience by Kuan-Ta Chen, Cheng Chun Tu, and Wei-Cheng Xiao [INFOCOM'09]
- [3.2/3.8] Tuning the Redundancy Control Algorithm of Skype for User Satisfaction by Te-Yuan Huang, Kuan-Ta Chen, and Polly Huang [INFOCOM'09]
- [2.0.0.27L] Skype Video Responsiveness to Bandwidth Variations by L. De Cicco, S. Mascolo, and V. Palmisano [NOSSDAV'08]
- [1.3.0L] Skype Congestion Control Identification by L. De Cicco, S. Mascolo and V. Palmisano
- [2.5W] Analysis and Signature of Skype VoIP Session Traffic by Sven Ehlert and Sandrine Petgang
- [2.x?W] Quantifying Skype User Satisfaction by Kuan-Ta Chen Chun-Ying Huang Polly Huang Chin-Luang Lei [SIGCOMM'06]
- [1.2W] Measurement and Analysis of Skype VoIP Traffic in 3G UMTS Systems by Tobias Hobfeld et.al.
Skype Super Nodes and Call Relays
- [3.2] Skype Relay Calls: Measurements and Experiments by Wookyun Kho, Salman Baset, and Henning Schulzrinne [GI'08]
- [1.2L] An Experimental Study of the Skype Peer-to-Peer VoIP System by Saikat Guha and Neil Daswani [IPTPS'06]
- [?] A Measurementbased Study of the Skype PeertoPeer VoIP Performance by Haiyong Xie and Yang Richard Yang [IPTPS'07]
- [?] Skype report by Frank Bulk
Detecting and Blocking Skype Traffic
- [?] Characterizing and detecting relayed traffic: A case study using Skype by Kyoungwon Suh, Daniel R. Figueiredo, Jim Kurose, Don Towsley [INFOCOM'06]
- [?] Revealing skype traffic: when randomness plays with you by D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, and Paolo Tofanelli [SIGCOMM'07]
- [?] Tracking down Skype traffic by Dario Bonfiglio, Marco Mellia, Michela Meo, Nicolo Ritacca and Dario Rossi [INFOCOM'08]
- [?] Following Skype signaling footsteps by Dario Rossi, Marco Mellia, and Michela Meo [QoS-IP'08]
- Nework World articles:
- [1.4, 2.0W] Assessing Skype's Network Impact
- [?] Spotting and Stopping Skype (They seem to imply that blocking Skype is impossible which is not the case)
- In corporate by Case Manning
- In a Network with no NATs or firewalls: Payload inspection for headers is required.
Skype and Encrypted Traffic
- Inferring Speech Activities from Encrypted Skype Traffic, Yu-Chun Chang, Kuan-Ta Chen, Chen-Chi Wu, and Chin-Laung Lei [Globecom'08]
Other
- ASAP: an AS-aware Peer Relay Protocol for High Quality VoIP by Shansi Ren, Lei Guo, and Xiaodong Zhang [ICDCS'06]
- Tracking anoymous peer-to-peer VoIP calls on the Internet by Xinyuan Wang, Shiping Chen, and Sushil Jajodia [CCS'05]
Skype Security
- An Analysis of the Skype IMBot Logic and Functionality by Christian Wojner and L. Aaron Kaplan [CERT.at'10]
- Skype Security Evaluation Report by Tom Berson
- VoIP and Skype Security 2/12/2005 by Simson L. Garfinkel
Bill Campbell's commentary on this article - VoIP and Skype Security 1/26/2005
More on Simson Garfinkel analysis Skype by Dave Pollak
From the Skype website
Skype and Firewalls
Skype and Softice
- Skype Softice crack by Gery Casiez
Skype Supernode Map
- http://www.coobol.com
- Also, see the super node map in our Infocom paper.
Skype FAQ
These FAQs are for v1.0.0.1 unless stated otherwise. However, most of them apply to the most recent version of Skype including 1.4.
Q: I am a system administrator and I want to block Skype. How can I do that?
You have to inspect the payload of the network (TCP, UDP) traffic. Otherwise, you cannot block Skype.
Please refer to our paper on Skype (v1.4) which explains the login procedure. Use snort or any other packet inspection tool to inspect the network traffic.
At login Skype sends a login message to the login server. The first two messages in that flow are:
Skype LS
0x1603010000 -> (5 bytes)
<- 0x1703010000 (5 bytes)
By blocking all incoming messages who have the signature 0x17030100, Skype is blocked.
Note that the first three bytes of client_key_exchange SSL message are 0x160301 which correspond to:
0x16: the message type is client_key_exchange
03 01: SSL version 3.1
Skype uses the SSL signature header for client to server message exchange. But for server to client message exchange, it uses a non-SSL based header. So by blocking packets that have this header (0x170301), one can effectively block Skype without blocking any other application.
Q: I have a lot of bw and a public IP address. My Skype client becomes a SN. How can I prevent it?
Use any network monitoring tool. I recommend net-peeker. Use it to set the upload and download bandwidth to 100 bytes/s. Make sure to check 'Also appply to UDP sessions'. Most likely your node will not become a super node i.e. it will not route calls. However, it will still receive UDP and TCP traffic from other Skype clients.
Q: Are two Skype setup executables different? (potentially a different key embedded in each setup file)
No.
Q: I logged off but did not close my Skype client. Are all TCP and UDP connections closed?
No, they are not. You must completely shut down your Skype application. Perhaps it is a bug, or perhaps it is purposely done.
Q: How many active TCP and UDP connections a Skype client has at any particular time?
When a Skype client is not in a call and is running on a machine with public IP address, it has on the average 4-8 active TCP connections and atleast one UDP connection. I noticed a string in the Skype executable dumps which mentioned that Maximum allowable connections are 10.
Q: How can I debug Skype?
Windows: You can try SoftICE. Skype does not work with SoftICE but there is a nice crack written by Gery Casiez. You can also try OllyDbg.
Linux: Skype refuses to run when run with ltrace. Skype does run with strace. Unfortunately, Skype executable hides the symbols making it quite difficult to reverse engineer.
Q: On which ports Skype listens for requests?
It listens for TCP connections on port 80, 443, and a randomly selected port (PORT) in the Skype 'Options' dialog. It uses PORT for sending and receiving UDP messages.
Q: Can I find the IP addresses of my buddies without asking them?
Try sending your buddy a Skype instant message. If there is no intermediate node, then your IM is sent to the IP address of your buddy.
Q: Are there any plain text messages in Skype?
Skype sends a HTTP 1.1 GET request to the Skype login server to check for the latest version and receives a HTTP response. There are no other plain text Skype messages.
Q: How does Skype compare with MSN, Yahoo, and Google Talk in voice quality?
We have calculated a metric called mouth-to-ear delay for Skype, Yahoo, and MSN. Skype had the best result followed by MSN and Yahoo was a distant third. Skype mouth-to-ear delay was close to 90 ms, MSN was 180 ms, Yahoo was 150 ms and Google Talk was 109 ms.
Last updated by Salman A. Baset