5

Every now and then I revisit the issue of shaping skype traffic.

AFAIK Skype is notorious for ignoring most settings - incoming ports, proxies, etc so it is not possible to give special treatment to skype traffic - I guess the idea is to keep skype traffic unblockable by ISPs and telcos, but at the same time it makes it hard to prioritize the traffic and get good quality of the line, even on today's very wide connections.

Now, recently I saw a SOHO router that seemed to recognize Skype traffic and I think was able to prioritize it (didn't have much time to play with it)

So, is there any hope to do this? (Solution needs not be simple, I can do routing over linux box and play with traffic shaping on it)

EDIT: Might be duplicate of How to change routing for skype packets?, but I am checking for new developments and it has been a year since that question.

Seems it is possible to do it using l7 filtering

Community
  • 1
Unreason
  • 1,146
  • 1
  • 7
  • 22
  • 1
    Would be very interested to know the specific details of the SOHO router you mentioned. – dunxd Oct 19 '10 at 10:16
  • The problem is not that Skype ignores settings and controls, that's impossible. The problem is that it's difficult to identify Skype traffic and therefore put those settings and controls in place. Let's say, for instance that Skype used TCP and UDP ports 4000 and 4001, if I put an ACL on my router to block TCP and UDP traffic to or from those ports there's no way Skype (using those ports) could "ignore" my ACL. Skype may switch to another set of ports, but that's another matter altogether. – joeqwerty Oct 19 '10 at 12:17
  • 1
    @joeqwerty, wrong tree: the problem is that skype ignores its own settings; it has a setting for incoming port and proxy - for example if it was listening to me and if it went through proxy then I could easily shape on that (i can have a dedicated proxy for this purpose only), also if it was observing its own settings for incoming port then I could use that too; but it seems that it will only try these settings as a last resort (in cases where normal traffic would have been blocked). – Unreason Oct 19 '10 at 14:19

2 Answers2

1

I think the only way to boost skype is to do l7 filtering, as you said. However, the skype L7 pattern is overmatching, because skype is really hard to identify. On the BlackHat Europe, March 2006, there was a very nice presentation about Skype, its security and how it obfuscates its traffic.

The only thing i can think of that it tries to generally detect interactive connections and boost those. "Skype optimised" sounds better to the marketing guys than "QoS" ;)

brot
  • 111
  • 5
0

I wonder if it would be possible to not necessarily prioritize packets identified as containing Skype payload, but rather packets from a particular network.

I don't know quite how to go about it, but I imagine it would be possible to place Skype applications on their own network, or vlan for that matter and set QoS to fasttrack anything on that network.

NginUS
  • 468
  • 1
  • 5
  • 13
  • I don't think that would work, its a peer to peer connection. Most likely any inexpensive device is going to simply use a type of QoS with a firewall filter used to classify the traffic based on known source or destination ports. Something like a packet analyzer could detect the payload and do a little more with it. – SpacemanSpiff Nov 13 '10 at 21:31