Is there a way to identify a person's IP address in Skype, when you're chatting with them? Does this depend on their Skype settings? And if you've recorded chat messages, can they lead to the actual person IP address, or their ISP's?
Asked
Active
Viewed 3.9k times
9
-
1Reopened by popular demand - as there are security implications of IP addresses (although not generally considered a reliable way to identify a user or machine...) – Rory Alsop Feb 12 '12 at 22:16
5 Answers
13
In general yes, there is ways of doing this, as a quick google search would've been able to tell you.
When ever you call, write or send a file to a person on skype you make direct contact with the persons IP/ISP IP, and that you are of course able to track. A simple way to do it in windows is using netstat -n while in a call, and look for the port you know you use skype on. A better way would be to use wireshark to monitor your traffic and look for skype protocols.
A quick youtube video on the simple way to do it:
http://www.youtube.com/watch?v=ro_zrbBsgBk
It is however very limited what kind of thread this might be to you. If you don't have any holes or open ports that shouldn't be open, or are hidden behind a basic router/firewall, it's quite a bit harder to get to you than just going through skype.
Kristoffer la Cour
- 311
- 1
- 2
- 7
-
3What the IP might tell you: your contact's approximate geolocation. – Gilles 'SO- stop being evil' Feb 10 '12 at 00:27
9
In the Skype protocol there are also "proxy nodes" that relay traffic for you. Every Skype client can in fact become such a proxy node if the network reachability is good, especially in regard to firewall conditions. So you can't be sure if the peer IP address you are seeing is the one of your call partner or of a random proxy node. In the latter case you have no way of finding out the call partners real IP address.
Thomas Wana
- 191
- 2
-
This answer makes more sense then the above answer. I thought it was strange that you would make a direct connection to somebody. – Ramhound Feb 23 '12 at 19:07
-
A family member's laptop was stolen and is very likely in Tunisia. I see the Skype id showing up as "away" once in a while, but when I try to trace the ip address, I never get beyond France or the Netherlands - presumably because that's where the proxies are? – Brezelbub Apr 13 '16 at 14:28
-
Yes that might very well be the reason. It could also be that ICMP packets (on which traceroute relies) could be blocked further down the route. – Thomas Wana Apr 28 '16 at 15:45
6
I'd like to answer how these "Skype resolvers" actually work.
When searching for info about these resolvers the only thing you'll find is stupid "tutorials" about kids making their own resolvers where in reality they're just calling a third-party API and displaying whatever they get back from that.
What happens on these "third-party APIs" is a bit more hard to find, what they do is they use a modified version of the Skype binary (it's quite old but still seems to work) that writes an unencrypted debug log about everything that happens on it, including network-related operations.
Once Skype is running they use the desktop API to look up a contact (without completing the procedure and sending a contact request) and that's enough to write the IP address of that person to the log assuming the person is online. Then they just parse the log and extract the IP from there.
I assume they install a small binary that listens on a socket, once a Skype name is received it does the above procedure and spits out whatever IP it got from the log. The system is then cloned and deployed over a large number of VMs and there's your high performance Skype resolver infrastructure, with a single web server frontend that provides a REST API and evenly distributes requests between all the nodes.
2
I think both posters are correct. Skype will or will not make a direct connection. For example, if you are sitting next to each other with a friend, go online in Skype and transmit a file between both of you. You should notice amazingly fast transmission speed, as Skype detects that you are located on the same network and therefore it makes a P2P connection.
If you are however located somewhere behond a restrictive firewall, then filetransfers may need to be relayed via a proxy node. You notice a very very slow transfer rate, and also the snail symbol should appear.
Bascially it i the same with chat messages. I never figured out how it really works, but as summary: I would not rely on the fact that there can be proxied transmissions. Rather consider that you expose your IP to the chat partner.
flohack
- 547
- 3
- 8
-
1And by the way, please mark any of these answers, to close the question ;) – flohack Jan 19 '15 at 11:43
1
Another way to determine the ip addresses of callers would be to look at the forensic artifacts. There are a few tools out there that will analyze the artifacts for you but you could determine all of what you need yourself. This article describes the process pretty well, but basically, all you are looking for is in the 'shared.xml' file.
This method is pretty cool because forensically, you can determine who connected and to whom after the fact and potentially even if a suspect has deleted the skype program altogether.
Alternatively, you can of course do what Kristoffer suggests but that really only captures active connections and unless you saved the logs, there is no way to do a post-mortem so to speak.
As an aside, just knowing an end user's IP address doesnt necessarily tell you where the user is. The easiest way to spoof this would be to use a VPN which will still give your examination an IP address but that would not be the IP of the user.
Matthew Peters
- 3,592
- 4
- 21
- 39