[plug] Skype

Alan Graham alan.graham at infonetsystems.com.au
Sat Nov 13 12:53:27 WST 2004


On Sat, 2004-11-13 at 01:38, Craig Ringer wrote:
> On Sat, 2004-11-13 at 01:18, Alan Graham wrote:
> > I use skype, and I didn't make any changes to my firewall setup.  It's a
> > very interesting question...
> > 
> > I'm running bastille on debian as a firewall, and have skype running on
> > my Mandrake desktop, a win2k machine for the kids, and on my wife's
> > powerbook (Mac os x).  Skype, as promised, "just works".  
> > 
> > The technical faq says that all skype needs for incoming calls is port
> > 80.  However, on my firewall, port 80 is dropped.  The faq also says you
> > can open a TCP or UDP port defined in the Skype options (chosen randomly
> > on installation, but modifiable), which port you choose to use is up to
> > you.  This just confuses things more, as how can an incoming port be
> > random?  Yet, I receive calls quite happily.
> 
> The random port can be explained if the program connects to some sort of
> central or distributed registration database to tell clients where to
> connect to.
> 
> In fact, the same thing can be used to punch through NAT without
> firewall changes. The trick is to maintain a connection from the skype
> client behind NAT to a directly accessible host. Potential callers
> contact that host, which sends a message to your client through the
> connection it is keeping open to say "please contact <blah> to receive a
> call". It's a bit like a reverse charges call with an operator putting
> the call through.
> 
I'd assumed that that's the way it works, but according to the FAQ,
there's no central register.  It's a de-centralised peer to peer system.

> Of course, I haven't read up on Skype, but that's generally how such
> mechanisms work. It's also one of the many reasons why relying on NAT
> for a firewall is rather stupid.
> 
> > The technical faq also says that Skype uses p2p technology (now there's
> > a nice bit of technobabble).  I assume that this means that there's a
> > presence packet sent to other skype users.  Presumably this means that
> > an incoming call is routed through Skype clients to find you, and is
> > piggybacked onto a reply to a presence packet that you initiated?
> 
> Sounds vaguely likely.
> 
> > The
> > presence packets would therefore be TCP, switching to UDP for the
> > coversation?  Maybe?  As it's a closed source, proprietary protocol,
> > we'll have to wait for someone to reverse engineer it...  :)
> 
> Why? SIP is a pretty good, open protocol that's already widely
> implemented. I'd just use that rather than reverse-engineer a protocol
> that's tied to one company's business plan that they can change at their
> whim.
> 
> --
> Craig Ringer
I agree.  But it's so easy that my folks (both sets) in England
installed it and got it working in no time.  That's just too good to
resist.





More information about the plug mailing list