Identifying Skype Nodes in the Network Exploiting Mutual Contacts

  • Jan Jusko
  • Martin Rehak
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7189)


In this paper we present an algorithm that is able to progressively discover nodes of a Skype overlay P2P network. Most notably, super nodes in the network core. Starting from a single, known Skype node, we can easily identify other Skype nodes in the network, through the analysis of widely available and standardized IPFIX (NetFlow) data. Instead of relying on the analysis of content characteristics or packet properties of the flow itself, we monitor connections of known Skype nodes in the network and then progressively discover the other nodes through the analysis of their mutual contacts.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Skype Traces, (acc. May 11, 2011)
  2. 2.
    Baset, S.A., Schulzrinne, H.G.: An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol. In: Proceedings of 25th IEEE International Conference on Computer Communications, IEEE INFOCOM 2006, pp. 1–11. IEEE (2006)Google Scholar
  3. 3.
    Bonfiglio, D., Mellia, M., Meo, M., Rossi, D., Tofanelli, P.: Revealing skype traffic: when randomness plays with you. ACM SIGCOMM Computer Communication Review 37(4), 37–48 (2007)CrossRefGoogle Scholar
  4. 4.
    Coskun, B., Dietrich, S., Memon, N.: Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, pp. 131–140. ACM, New York (2010)Google Scholar
  5. 5.
    Ehlert, S., Petgang, S., Magedanz, T.: Analysis and signature of Skype VoIP session traffic. In: 4th IASTED International (2006)Google Scholar
  6. 6.
    Guha, S., Daswani, N., Jain, R.: An experimental study of the skype peer-to-peer voip system. In: Proceedings of IPTPS, vol. 6, pp. 5–10. Citeseer (2006)Google Scholar
  7. 7.
    Haq, I.U., Ali, S., Khan, H., Khayam, S.A.: What Is the Impact of P2P Traffic on Anomaly Detection? In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 1–17. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Parkes, P.: 30 million people online on Skype (2011), (acc. August 24, 2011)
  9. 9.
    Rossi, D., Mellia, M., Meo, M.: Following skype signaling footsteps. In: 2008 4th International Telecommunication Networking Workshop on QoS in Multiservice IP Networks, pp. 248–253. IEEE (February 2008)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Jan Jusko
    • 1
    • 2
  • Martin Rehak
    • 1
    • 2
  1. 1.Faculty of Electrical EngineeringCzech Technical UniversityPragueCzech Republic
  2. 2.Cognitive-Security s.r.o.PragueCzech Republic

Personalised recommendations