• Skype;
  • traffic identification;
  • flow-dynamics;
  • analysis


Skype applies strong encryption to provide secure communication inside the whole Skype network. It also uses several techniques to conceal the traffic and the protocol. As a consequence, traditional port-based or payload-based identification of Skype traffic cannot be applied. In this paper, after an overview of the Skype P2P system, network entities and operation, we introduce novel algorithms to detect several types of communications (including voice calls primarily) that the Skype client initiates toward dedicated servers of the Skype network and other peers.

The common point in these algorithms is that all of them are based on packet headers only and the extracted flow level information. We do not need information from packet payloads. The identification methods allow us to discover logged on Skype users and their voice calls. The whole identification process is scripted in Transact-SQL; it can thus be executed automatically on a prerecorded (offline) data set. We present identification results, analysis and comparison of data sets captured in mobile and fixed networks. We also present the validation of the algorithms in both network types. Copyright © 2010 John Wiley & Sons, Ltd.