Slashdot Mirror

← Back to Stories (view on slashdot.org)

An Analysis of the Skype Protocol

Posted by michael on from the past-the-firewall-nothing-but-net dept.

zib writes "Ever felt a need to peek under the hood of your Skype client? This paper (PDF) explains all the details. Among other issues, it focuses on the NAT capabilities of Skype and audio compression."

12 of 161 comments (clear)

  1. How future proof is this? by Samir+Gupta · · Score: 3, Insightful

    I believe the NAT traversal is done by routing via super-nodes which are not behind a NAT or firewall. Is this a valid assumption for the future? In other words, what if every host is behind a NAT or firewall -- it seems that way, given the increased security conciousness of hardware and software makers, that sometime in the near future, firewalling will be the norm and default, not the exception?

    --
    -- Samir Gupta, Ph. D. Head, New Technology Research Group, Nintendo Co. Ltd., Kyoto, Japan.
  2. Bad start by Sanity · · Score: 5, Informative
    Skype is a peer-to-peer VoIP client developed by KaZaa...
    KaZaa isn't a company, it is a piece of software. Skype was developed by the same guys that were behind the KaZaa software, but not (to the best of my knowledge) by the company that now owns KaZaa.
  3. Skype Banned by Realistic_Dragon · · Score: 4, Interesting

    Do you really want to be running Skype or let it onto your network? At my university Skype has been banned. Here is the reasoning:

    Skype Peer to Peer Telephony software is now also prohibited. Skype is a
    free application that facilitates free telephone calls through the use of
    an internet connection.

    Calls made using the system are directed through 'Supernodes', which can be
    ordinary PC's with Skype installed. Machines on fast and well connected
    Internet feeds like the $Network are likely to automatically become
    'Supernodes' and forward a considerable amount of traffic.

    This allows Skype to route other peoples Voice over IP calls using your
    machine and the university internet connection. This is in breach of the
    Acceptable Use Policy and could potentially put the university's network
    and core business at risk.

    Finally, the Skype End User License Agreement (EULA) grants Skype permission
    to install and use 3rd party software on computers running Skype. This could
    include an array of spyware and adware that is likely to threaten the
    privacy of anyone installing this software.

    --
    Beep beep.
    1. Re:Skype Banned by JJahn · · Score: 4, Informative

      I checked out Skype's EULA as found on their website.

      The only thing relating to third party software that I found was this:

      2.4 Third Parties. You acknowledge and agree that the Skype Software may be incorporated into, and may incorporate itself, software and other technology owned and controlled by third parties. Skype emphasizes that it will only incorporate such third party software or technology for the purpose of (a) adding new or additional functionality or (b) improving the technical performance of the Skype Software. Any such third party software or technology that is incorporated in the Skype Software falls under the scope of this Agreement. Any and all other third party software or technology that may be distributed together with the Skype Software will be subject to you explicitly accepting a license agreement with that third party. You acknowledge and agree that you will not enter into a contractual relationship with Skype or its Affiliates regarding such third party software or technology and you will look solely to the applicable third party and not to Skype or its Affiliates to enforce any of your rights.

      Basically, you have to explicitly accept a license agreement with the third party. They say nothing in here about installing and using 3rd party software on your computer without your consent.

    2. Re:Skype Banned by WolfWithoutAClause · · Score: 3, Informative
      It makes no sense

      Um, actually RTFA.

      In most cases the voice packets go direct leaf node to leaf node.

      However if both are behind NAT firewalls then they can't directly talk to each other, and the Skype protocol seems to pick another Skype users machine (picked by some scheme that probably isn't publically described anywhere) and route the packets through them.

      There's no security problem with doing this (the packets are end-end encrypted), it just takes longer and is more likely to congest, and it takes up bandwidth at the extra users network.

      Really, IMNHO, NAT is a real menace. I'm really looking forward to IPv6 which doesn't have all this garbage; should be here by 2100 I reckon.

      --

      -WolfWithoutAClause

      "Gravity is only a theory, not a fact!"
  4. Windows registry? what's that? by froggero1 · · Score: 5, Funny
    Skype stores its buddy information in teh Windows Registry. Buddy list is digitally singed and encrypted.....

    Strange, I have it installed on my linux machine... and it doesn't have a windows registry... guess I dont have the capability of storing a buddy list.

    --
    ~/.sig: No such file or directory
  5. Re:Supernodes? by kuwan · · Score: 4, Informative

    What is the deal with supernodes, isn't there a peer to peer protocol that doesn't revolve around supernodes?

    Because this type of tiered network is what works and scales well to thousands and millions of clients. The original Gnutella protocol was designed not to use "supernodes" or a tiered network structure and it was a miserable failure. The bandwidth and large latency required for all of the clients to communicate with each other (especially ones using 56K modems) easily overcame the usefulness of the network. The current Gnutella protocol now uses a tiered (layered) network where clients can become supernodes and this version actually works with tens to hundreds of thousands of people connected.

    When creating a large, scalable network this type of protocol is what has been proven to work.

    --
    Join the Pyramid - Free Mini Mac

    --
    infested with jello like fishes no melotron wishes
  6. Re:Supernodes? by jd · · Score: 4, Informative
    The problen with loading the network up is that you increase the latency (spare packets have to be processed enough to know to drop them) and you increase the packet loss overall (because if everyone does this, packet collisions will increase exponentially).


    There are other solutions which'll do essentially what you want. One option is to have connections rotate round-robin style, rather than by bandwidth. That way, if you can go by 5 paths, each path gets 1/5th of the traffic, making it much harder for evesdroppers.


    A second option is to use kernel or userland IPSec, so that all connections are secure. IPSec is pretty solid and it is doubtful anyone would be able to break into such traffic.


    Supernodes are just a load-balancing mechanism. Not a very good one, because it's a two-state system, but it works. Networks have developed routing and QoS protocols to handle exactly the kind of information P2P is approximating with the supernode scheme. It would seem to make much more sense to use mechanisms people have worked on for much longer to get right.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  7. Worst thing about Skype. . . by aarku · · Score: 3, Interesting

    The program can automatically elevate itself to a Supernode and start chewing bandwidth. Not only that, but it alerts your friendly University system administrator that you may be "sharing copyrighted materials with Kazaa" and you have them frowning at them (and randomly shutting off your port because they believe you have been "hacked") Just use a different free Internet Telephony application.

    1. Re:Worst thing about Skype. . . by alirano · · Score: 4, Informative
      You can easily avoid becoming a Supernode by not permitting incoming connections to the port Skype has opened for itself. The downside to this is that your calls will now be routed to another supernode, but if you're paying for bandwidth, there may be no way around that. You can still place and receive calls, and the added latency is not worth mentioning in most cases.

      If you run Skype on Linux or Mac OS X, it is reduced to using high ports anyway, so it's easy to block. An example iptables command line would be

      iptables -A INPUT -p tcp --dport 1024: --syn -j DROP
      (Caveat: Check your local servers, use passive FTP, modify this if you actually want to use P2P, etc.)
  8. Non-Windows stuff by JohnQPublic · · Score: 4, Informative

    FYI, if you want to look at the "registry" info for Skype on Linux, it's in $HOME/.Skype/shared.xml.

  9. Don't knock it. by Facekhan · · Score: 3, Interesting

    Proprietary or not, it works and its easy to use. Skype does a lot of things differently than SIP. 256 bit AES encryption is strong enough to protect your data well into the near future.

    It uses very little bandwidth and those Universities who are banning the software are just kneejerking to a new technology, just showing how far from the academic mission of research and experimentation most colleges have gone. Even more telling is how most Colleges charge exorbitant fees for local and long distance phone calls from student dorm phones. Why would they want to allow a technology onto their network that will mean less money going into their pockets.

    As to the bandwidth issues, I think they greatly exaggerate the bandwidth use of a Skype supernode in order to justify their kneejerk reaction to any new technology on their network that does not come with a 3 year agreement with Dell and Microsoft.