Transport Layer Identification of Skype Traffic

The Internet telephony application Skype is well-known for its capability to intelligently tunnel through firewalls by selecting customized ports and encrypting its traffic to evade content based filtering. Although this capability may give some convenience to Skype users, it increases the difficulty of managing firewalls to filter out unwanted traffic. In this paper, we propose two different schemes, namely payload-based and non-payload based, for identification of Skype traffic. As payload based identification is not always practical due to legal, privacy, performance, protocol change and software upgrade issues, we focus on the non-payload based scheme, and use the payload based scheme mainly to verify its non-payload based counterpart. Our research results reveal that, at least to a certain extent, encryption by Skype to evade content analysis can be overcome.

[1]  Donald F. Towsley,et al.  Characterizing and Detecting Skype-Relayed Traffic , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[2]  Ravi Jain,et al.  An Experimental Study of the Skype Peer-to-Peer VoIP System , 2005, IPTPS.

[3]  Henning Schulzrinne,et al.  An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol , 2004, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[4]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[5]  Mark Claypool,et al.  Network analysis of Counter-strike and Starcraft , 2003, Conference Proceedings of the 2003 IEEE International Performance, Computing, and Communications Conference, 2003..

[6]  Wu-chi Feng,et al.  A traffic characterization of popular on-line games , 2005, IEEE/ACM Transactions on Networking.

[7]  Chun-Ying Huang,et al.  Game traffic analysis: an MMORPG perspective , 2005, NOSSDAV '05.

[8]  Alberto Dainotti,et al.  A packet-level traffic model of Starcraft , 2005 .

[9]  A. Mena,et al.  An empirical study of real audio traffic , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[10]  K. Claffy,et al.  Trends in wide area IP traffic patterns - A view from Ames Internet Exchange , 2000 .

[11]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[12]  Jim Kurose,et al.  Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement 2004, Taormina, Sicily, Italy, October 25-27, 2004 , 2004 .