Getting IP addresses from contacts on Skype as told by Noize.

Skype is an extremely popular, proprietary, cross-platform, peer-to-peer Voice-over-IP software client written by Skype Communications SARL, which is now owned by Microsoft Corporation. Due to its peer-to-peer always-on nature it is possible for a researcher to determine characteristics about a target computer, without the user’s knowledge. This can be leveraged to obtain information like the IP address of a target computer.

This is an Educational Guide only; use knowledge at your own risk! and always “the quieter you become, the more you are able to hear”.

Prerequisites

  • Your IP address

Skype Setup

  1. Head into Tools -> Options -> Advanced -> Connection
  2. Uncheck the checkbox labeled: “Use port 80 and 443 as alternative for incoming connections.”
  3. Use port 1210 for incoming connections.  Located right about the checkbox from step 2
    The reason for using this port is because it’s a unassigned tcp/udp port so we will not be DoSing a port, or cause other issues.

Wireshark Setup

  1. Open wireshark and start watching your incoming and outgoing traffic.
    Sniff the interface you will be using Skype on
  2. Create a filter like this
    ip.src == $your_ip_address and udp.srcport == 1210

Capture IP

  1. Start a call to a person, online or offline
  2. Watch wireshark and it will start to give you outgoing and incoming connections
  3. Once you have an outgoing IP that is consistent to the incoming IP, you have found it.

Happy Hacking!

Many thanks to Noize for writing this up and allowing us to share it.

3 thoughts on “Getting IP addresses from contacts on Skype as told by Noize.

  1. Cool… but if you must initiate a call with them (thereby establishing a direct connection anyway), couldn’t you just find the connection in netstat? A lot easier and already installed on most systems. I’d be interested to find a passive way to obtain it…

  2. Yes, I was going to add that; then totally forgot. You can netstat -np | find “1210”, yet you have to wait a bit longer; this still works with netstat alone.

  3. Does anyone know how in WireShark I could filter out only skype packets, instead of everything else happening in my computer?

Leave a Reply to Vladimir Cancel reply

Your email address will not be published. Required fields are marked *