• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

L7 pattern for Skype

Scheduled Pinned Locked Moved Traffic Shaping
2 Posts 2 Posters 10.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dhatz
    last edited by Sep 2, 2011, 11:53 PM

    Since so many are interested in L7 patterns to identify Skype traffic (some to block it, others to prioritize it), I thought this might be of interest:

    pattern which can be used to identify Skype traffic, from http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf:

    The very first UDP packet received by a Skype client will be a NAck
    This packet is not crypted
    This packet is used to set up the obfuscation layer
    Skype can’t communicate on UDP without receiving this one

    NAck packet: how does Skype know the public IP
    1 At the begining, it uses 0.0.0.0
    2 Its peer won’t be able to decrypt the message (bad CRC)
    3 The peer sends a NAck with the public IP
    4 Skype updates what it knows about its public IP accordingly

    For more check http://forum.mikrotik.com/viewtopic.php?f=9&t=45209

    1 Reply Last reply Reply Quote 0
    • V
      valshare
      last edited by Sep 3, 2011, 8:20 PM

      Hi,

      thanx for the info. I am searching for a good solution to block skype in our network. I don´t understand how to integrade it in L7. Can you help?

      Regards, Valle

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received