Skype是現今應用P2P技術最成功且是全球最多人使用的VOIP通訊軟體，巧妙的利用P2P的特性解決防火牆的阻擋以及不同類型的NAT的設置，並且為了保持在低頻寬依然有好的通訊品質以及傳送資料的安全性，採用了高規格的語音編碼和加密處理，這些都是讓Skype目前廣泛在網路世界上使用的主要原因。不過目前Skype仍非開放軟體，所以沒有人確切知道其運作行為，我們長期分析觀察，發現Skype在不同階段會根據不同功能傳送不同種類封包，所以如果擁有一個有力的分析工具將有助於對Skype進行更深一步的研究。我們結合Skype TCP/IP傳送特性，以及封包的特徵，在知名側錄軟體Wireshark開發出Skype的分析器，使我們即使是在後端的主機設備側錄，亦能及時抓取過濾出所要的封包資訊，無須另外建立單純可掌握Skype傳送的側錄環境，並且輔以Skyemu對於實際Skype傳送的封包進行解密，來研究真實的運作行為，力求了解Skype通訊協定的真實原貌。

Skype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since it was developed in 2003. Skype claims that it can work almost seamlessly across NATs and firewalls and has better voice quality than other VoIP applications. Skype uses wideband codecs which allows it to maintain reasonable call quality at a low bandwidth and adopts the strong encryption mechanisms to protect its service.
Skype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since it was developed in 2003. Skype claims that it can work almost seamlessly across NATs and firewalls and has better voice quality than other VoIP applications. Skype uses wideband codecs which allows it to maintain reasonable call quality at a low bandwidth and adopts the strong encryption mechanisms to protect its service.
However, Skype is a proprietary software so that the protocols and algorithms are unknown. From long-term observations, we found that the different types of packets will be sent according to different functions and stages. Therefore, it is helpful for research of Skype if there is a powerful analytical tool. Combining the characteristics of Skype with TCP/IP and packet signature, we develop the Skype module in Wireshark. Our tool is able to sniff the Skype packet information even if there are mixed (included Skype and Non-Skype) traffic. To understand the protocol for Skype, we decrypt the packet by using the Skyemu to study the real behaviors among nodes (e.g., SN and SC).

[1] S. A. Baset and H. G. Schulzrinne, “An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol,” Proc. of IEEE INFOCOM’06, Barcelona, Spain, Apr. 2006.
[2] Lubos Ptacek, "Analysis and detection of Skype network traffic," M.S.thesis, Dept. Informatics. Eng., Masaryk Univ., Brno, Czech Republic
[3] P. Biondi and F. Desclaux, “Silver needle in the Skype,” in Black Hat Europe’06, Amsterdam, the Netherlands, Mar. 2006
[4] B. Trammell, E. Boschi, G. Procissi, C. Callegari, P. Dorfnger, and D. Schatzmann, “Identifying Skype Traffic in a Large-Scale Flow Data Repository” In Proceedings of the Third COST TMA International Workshop on Traffic Monitoring and Analysis (TMA 2011), Vienna Austria, Apr 2011
[5] D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, “Detailed Analysis of Skype Traffic”, IEEE Transactions on Multimedia, Vol. 11, No.1, Jan 2009
[6] S. Ehlert and S. Petgang, “Analysis and signature of Skype VoIP session traffic”, Technical Report NGNI-SKYPE-06b, Fraunhofer FOKUS, Berlin, Germany
[7] F. Desclaux and K. Kortchinsky. “Vanilla Skype part 2,” in Recon, Montreal, Canada, June　2006
[8] D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, P. Tofanelli, Revealing Skype traffic: when randomness plays with you, in Proceedings of the 2007 ACM SIGCOMM, August 2007
[9] William Stallings, “Cryptography and Network Security: Principles and Practice” 4/E, 2006
[10] Skype Privacy and security https://support.skype.com/en-us/faq/FA31/does-skype-use-encryption
[11] The Programming Language Lua, [online] Available: http://www.lua.org
[12] Lua - The Wireshark Wiki http://wiki.wireshark.org/Lua/
[13] Serice names and port numbers are assigned by IANA http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
[14] IP Tracing and IP Tracking http://www.ip-adress.com/ip_tracer/
[15] Wireshark目前有支援的通訊協定 http://www.wireshark.org/docs/dfref/
[16] Skype整併到Microsoft的官方聲明 http://www.microsoft.com/zh-tw/skype/