Skype is an extremely popular, proprietary, cross-platform, peer-to-peer Voice-over-IP software client written by Skype Communications SARL, which is now owned by Microsoft Corporation. Due to its peer-to-peer always-on nature it is possible for a researcher to determine characteristics about a target computer, without the user’s knowledge. This can be leveraged to obtain information like the IP address of a target computer.
This is an Educational Guide only; use knowledge at your own risk! and always “the quieter you become, the more you are able to hear”.
Prerequisites
- Your IP address
Skype Setup
- Head into Tools -> Options -> Advanced -> Connection
- Uncheck the checkbox labeled: “Use port 80 and 443 as alternative for incoming connections.”
- Use port 1210 for incoming connections. Located right about the checkbox from step 2
The reason for using this port is because it’s a unassigned tcp/udp port so we will not be DoSing a port, or cause other issues.
Wireshark Setup
- Open wireshark and start watching your incoming and outgoing traffic.
Sniff the interface you will be using Skype on - Create a filter like this
ip.src == $your_ip_address and udp.srcport == 1210
Capture IP
- Start a call to a person, online or offline
- Watch wireshark and it will start to give you outgoing and incoming connections
- Once you have an outgoing IP that is consistent to the incoming IP, you have found it.
Happy Hacking!
Many thanks to Noize for writing this up and allowing us to share it.
Cool… but if you must initiate a call with them (thereby establishing a direct connection anyway), couldn’t you just find the connection in netstat? A lot easier and already installed on most systems. I’d be interested to find a passive way to obtain it…
Yes, I was going to add that; then totally forgot. You can netstat -np | find “1210”, yet you have to wait a bit longer; this still works with netstat alone.
Does anyone know how in WireShark I could filter out only skype packets, instead of everything else happening in my computer?