Network information

• There is one central server for login and authentication.
• For information exchange TCP is used, for resource exchange TCP and UDP.
• Messages and resources exchanges use different ports.
• Messages are encrypted with AES (Rijndel) and 256-bit encryption. TOo set the simmetric keys AES, 1536 or 2048-bit RSA is used. Public keys are encrypted by login server
• Connection order: UDP (5 seconds time limit), TCP, TCP on port 80, TCP on port 443. There are five tries that repeat the cycle every 6 seconds.
• If both clients have public IP then resources are sent via UDP (packet size 67 bytes)
• If one client is behind port-restricted NAT then resources are sent via UDP through middleman (packet size 67 bytes). Bandwitch is limited.
• If both clients are behind port-restricted NAT and firewall that blocks UDP and resources are sent via TCP (packet size 69 bytes).
• Keep-alive msg is sent every 60 seconds

NAT Traversal

• Skype uses protocol similiar to KaZaA, based on supernodes. Supernodes keep connection between themselves and normal nodes connect to one or two supernodes.
• Supernode is a node with public IP, good bandwitch and high uptime.
• Each connection between normal nodes goes through supernodes. Only after accepting connection the normal connection between nodes is created.
• If one node is behind NAT and other is not then "connection reversal" is used. Node behind NAT always starts the connection.
• If both nodes are behind NAT than "STUN-like NAT traversal" is used.
• If STUN method fails than TURN-like connection is used with supernode as a middleman.
• There are 250k supernodes and ~4m normal nodes.

Additional papers

An Experimental Study of the Skype Peer-to-Peer VoIP System

An analysis of the Skype Peer-to-Peer Internet Telephony Protocol

NAT Traversal of VoIP Applications (Skype)

How Skype get round Firewall

NAT, TURN and Skype