Analysis and Signature of Skype VoIP Session Traffic

S. Ehlert, S. Petgang, T. Magedanz, and D. Sisalem (Germany)


Network Monitoring, VoIP, Skype Analysis, Traffic Detection, Signature


Skype is a peer-to-peer VoIP application that has gained substantial popularity since its launch in 2003. However, none of Skype’s algorithms or its protocol specification are available for public inspection which impedes evaluation from a security perspective. In this paper we present an analysis of Skype operation from the network point of view. From the analysis we de velop traffic signatures that allow a third party monitoring entity to detect the usage of the Skype application. These signatures concentrate on Skype signalling traffic and con tain different characteristics, including port usage, network packet sizes and payload content. The application of theses signatures in a detection tool shows their effectiveness to properly detect Skype versions 1.4, 2.0, and 2.5 traffic.

Important Links:

Go Back