An efficient technique for detecting Skype flows in UDP media streams

Abstract

As the use and popularity of VoIP applications grows, more and more Internet traffic are being generated by them. Many VoIP applications uses RTP to carry media traffic. Notable examples includes Gtalk, Google+ Hangouts, Asterisk based VoIP and Apple's FaceTime. On the other hand, Skype uses a proprietary protocol based on P2P architecture. It uses encryption for end to end communications and adopts obfuscation and anti reverse engineering techniques to prevent reverse engineering of the Skype protocol. This makes the detection of Skype flows a challenging task. Although Skype encrypts all communications, still a portion of Skype payload header known as Start of Message (SoM) is left unencrypted. In this paper, we develop an efficient technique for detection of Skype flows in UDP media streams. Our detection techniques relies on heuristics based on the information contained in Skype SoM and RTP headers.