Professional Documents
Culture Documents
Applications
(Skype)
Vladislav Marinov
International University Bremen
Outline
Introduction to Network Address
Translators (NAT)
Classification of NATs
Introduction to Skype
Skype login
Skype call establishment in the presence
of different types of NATs
Private
Address
Space
Public
Internet
NAT
Src IP: 10.0.0.1
Dst. IP: 216.239.57.99
Src. IP : 216.239.57.99
Src. IP : 216.239.57.99
10.0.0.1
216.239.57.99
Types of NATs
Fullcone NAT
Restricted cone NAT
Port-restricted cone NAT
Symmetric NAT
Fullcone NAT
Restricted-cone NAT
All requests from the same internal IP address and port are mapped
to the same external IP address and port. An external host (with IP
address X) can send a packet to the internal host only if the internal
host had previously sent a packet to IP address X.
Symmetric NAT
Symmetric NAT : all requests from the same internal IP address and
port, to a specific destination IP address and port,
port are mapped to
the same external IP address and port. If the same host sends a
packet with the same source address and port, but to a different
destination, a different mapping is used. Only the external host that
receives a packet can send a UDP packet back to the internal host
Introduction to Skype
Voice over IP, Peer-to-Peer application
developed by KaZaa
Supports voice calls, instant messaging,
conference calls etc.
Very popular for the strategies it employs
to traverse NATs and firewalls
Skype Network
Connection establishment
Connection with a SN:
Random port
Port https (443)
Port http (80)
Connection with a Skype login server:
Port 33033
Port https (443)
Port http (80)
Login Scenario
TCP connection with the Skype HTTP server:
getlatestversion request
UDP exchange with members from the HC update the
HC
TCP connection with a Super Node symbolizes that
the user is connected to the Skype network and remains
open until the user logs off
TCP connection with the Skype login server verification
of username and password
Externally initiated TCP connection with a SN test if the
user can be a SN
UDP traffic with members of the HC
Login
Login Failures
Firewall blocking TCP the connection
with a SN cannot be established
Firewall blocking the default SNs and
invalid HC (empty, containing wrong IPs)
Conclusion
Skype works through all types of NATs
Each user has a HC a list with the IPs and
ports of SNs
Login consists of a TCP connection with a SN as
well as a TCP connection with the login server.
When necessary HC is used to update the HC.
Call establishment is performed via a direct TCP
and UDP connections whenever possible. For a
port-restricted NAT tricky ways about creating
a mappings on the NATs are applied. However,
when a symmetric NAT is used the only way to
carry the traffic is via relay.
Conclusion
Skype fails during login when the firewall
blocks TCP or when the HC is invalid and
the firewall blocks the default SNs.