In this post we want to consider various ways in which we can detect SkypeOut phone calls from normal E2E calls. As mentioned before, SkypeOut calls use a gateway to connect the Skype client to the public switched telephone network (PSTN). There are multiple ways in which SkypeOut calls differ from E2E calls.

1. One of the main features which we can use is the gateway port number (12340) for UDP SkypeOut calls since all of the gateways have been using the same port number in our experiments. Well, what if some poor user is makign E2E calls using the same port value. In that case, we will be making a wrong assumption.
2. The second way to do this is to gather all the gateways for SkypeOut and mark all the calls to those servers as SkypeOut. This is neither easy nor it is cheap and requires an application constantly updating the list of gateways. The other amazing thing is that by blocking the gateways, it seems that Skype cannot relay SkypeOut calls through the super node but it can still make E2E calls when the other side is not blocked. To confirm this, I ran an experiment in which I blocked all the connections except the connection to the super node and another Skype user using Ubuntu’s firewall and then tried to make E2E and SkypeOut calls. In this case, the E2E calls went through but the SkypeOut calls failed.
3. The third way suggested by [1] is to check if the SoM is deterministic or not. I did not verify this technique but from the results in the paper, this seems to be the easiest and the most promising solution.

References:
[1] D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, and P. Tofanelli, “Revealing skype traffic: when randomness plays with you,” ACM SIGCOMM Computer Communication Review, vol. 37, 2007, p. 48.