This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Basically i want to use wireshark to grab ips in skype but i can't figure out how to get it to do it since i have a proxy and all my skype packets are sent threw the proxy. Anyone know how to do this? Thanks

asked 16 Nov '14, 12:42

bdoug101's gravatar image

bdoug101
11112
accept rate: 0%

Hello, I am having the same problem ... has a special command to find the exact header? like udp.srcport...

(27 Dec '14, 10:38) Anon741

see my answer. It contains everything you need.

(27 Dec '14, 11:10) Kurt Knochner ♦

Skype seems to be using "skype" in the User-Agent: header (HTTP) when talking to a proxy, so you could (probably) identify Skype traffic by looking at that header in a capture file.

http.user_agent contains "kype"

This will match lower case and upper case sSkype.

If you've identified those frame, simply look at the Host: Header and or the URL to identify the servers Skype is try to communicate with.

Regards
Kurt

permanent link

answered 17 Nov '14, 16:15

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×248
×73
×22
×11

question asked: 16 Nov '14, 12:42

question was seen: 3,315 times

last updated: 27 Dec '14, 11:10

p​o​w​e​r​e​d by O​S​Q​A