On the identification and analysis of Skype traffic
Version of Record online: 21 APR 2010
Copyright © 2010 John Wiley & Sons, Ltd.
International Journal of Communication Systems
Volume 24, Issue 1, pages 94–117, January 2011
How to Cite
Molnár, S. and Perényi, M. (2011), On the identification and analysis of Skype traffic. Int. J. Commun. Syst., 24: 94–117. doi: 10.1002/dac.1142
- Issue online: 21 APR 2010
- Version of Record online: 21 APR 2010
- Manuscript Accepted: 2 MAR 2010
- Manuscript Revised: 14 FEB 2010
- Manuscript Received: 5 FEB 2009
- NKTH-OTKA. Grant Number: CNK77802
- János Bolyai Research Scholarship of the Hungarian Academy of Sciences
- Ericsson Hungary Ltd
- traffic identification;
Skype applies strong encryption to provide secure communication inside the whole Skype network. It also uses several techniques to conceal the traffic and the protocol. As a consequence, traditional port-based or payload-based identification of Skype traffic cannot be applied. In this paper, after an overview of the Skype P2P system, network entities and operation, we introduce novel algorithms to detect several types of communications (including voice calls primarily) that the Skype client initiates toward dedicated servers of the Skype network and other peers.
The common point in these algorithms is that all of them are based on packet headers only and the extracted flow level information. We do not need information from packet payloads. The identification methods allow us to discover logged on Skype users and their voice calls. The whole identification process is scripted in Transact-SQL; it can thus be executed automatically on a prerecorded (offline) data set. We present identification results, analysis and comparison of data sets captured in mobile and fixed networks. We also present the validation of the algorithms in both network types. Copyright © 2010 John Wiley & Sons, Ltd.