Discussion:
Skype traffic priorization
Pedro Paulo de Magalhaes Oliveira Junior
2006-03-20 15:47:58 UTC
Permalink
Does anybody know how to priorize Skype traffic in pfsense QOS?
Holger Bauer
2006-03-20 16:09:19 UTC
Permalink
Skype is a bitch if it comes to shaping as it uses any available port IF available and each endpoint can have random incoming connection ports (the incoming port is configurable): http://www.skype.com/help/guides/firewall.html
So there is nor real way to set priority for that kind of traffic based on ports (and it's hard to block that kind of traffic too because of that without using a proxy). I'm not sure if it places special TOS fields in the header but that would be your only way then. Try to ethereal the connection and check which flags are set and if they are different from other traffic like browsing, ftp and so on. Then use the flag options for the rules.

You also might try to just run the traffic shaper and assign "prioritize voip" "default low delay" "32 kbit/s" (skype usually uses that amount of traffic). Then view your queues at status>queues and do a call. If you see traffic in the voipqueue you are done as this means that skype sets "low delay" flags.

Holger

-----Original Message-----
From: Pedro Paulo de Magalhaes Oliveira Junior [mailto:ppj-Cap9r6Oaw4I1RhZgQKG/***@public.gmane.org]
Sent: Monday, March 20, 2006 4:48 PM
To: support-***@public.gmane.org
Subject: [pfSense Support] Skype traffic priorization


Does anybody know how to priorize Skype traffic in pfsense QOS?

____________
Virus checked by G DATA AntiVirusKit
Holger Bauer
2006-03-21 10:44:57 UTC
Permalink
http://www.secdev.org/conf/skype_BHEU06.handout.pdf holds some nice information about the "evil" skype. Detailed information on the packets start at page 9.

Holger
Post by Holger Bauer
-----Original Message-----
From: Holger Bauer
Sent: Monday, March 20, 2006 5:09 PM
Subject: RE: [pfSense Support] Skype traffic priorization
Skype is a bitch if it comes to shaping as it uses any
available port IF available and each endpoint can have random
incoming connection ports (the incoming port is
configurable): http://www.skype.com/help/guides/firewall.html
So there is nor real way to set priority for that kind of
traffic based on ports (and it's hard to block that kind of
traffic too because of that without using a proxy). I'm not
sure if it places special TOS fields in the header but that
would be your only way then. Try to ethereal the connection
and check which flags are set and if they are different from
other traffic like browsing, ftp and so on. Then use the flag
options for the rules.
You also might try to just run the traffic shaper and assign
"prioritize voip" "default low delay" "32 kbit/s" (skype
usually uses that amount of traffic). Then view your queues
at status>queues and do a call. If you see traffic in the
voipqueue you are done as this means that skype sets "low
delay" flags.
Holger
-----Original Message-----
From: Pedro Paulo de Magalhaes Oliveira Junior
Sent: Monday, March 20, 2006 4:48 PM
Subject: [pfSense Support] Skype traffic priorization
Does anybody know how to priorize Skype traffic in pfsense QOS?
____________
Virus checked by G DATA AntiVirusKit
---------------------------------------------------------------------
____________
Virus checked by G DATA AntiVirusKit
Holger Bauer
2006-03-22 11:06:09 UTC
Permalink
More infos about the "biggest botnet ever" and why it is hard to block or shape:
http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf

Holger
Post by Holger Bauer
-----Original Message-----
From: Holger Bauer
Sent: Tuesday, March 21, 2006 11:45 AM
Subject: RE: [pfSense Support] Skype traffic priorization
http://www.secdev.org/conf/skype_BHEU06.handout.pdf holds
some nice information about the "evil" skype. Detailed
information on the packets start at page 9.
Holger
Post by Holger Bauer
-----Original Message-----
From: Holger Bauer
Sent: Monday, March 20, 2006 5:09 PM
Subject: RE: [pfSense Support] Skype traffic priorization
Skype is a bitch if it comes to shaping as it uses any
available port IF available and each endpoint can have random
incoming connection ports (the incoming port is
configurable): http://www.skype.com/help/guides/firewall.html
So there is nor real way to set priority for that kind of
traffic based on ports (and it's hard to block that kind of
traffic too because of that without using a proxy). I'm not
sure if it places special TOS fields in the header but that
would be your only way then. Try to ethereal the connection
and check which flags are set and if they are different from
other traffic like browsing, ftp and so on. Then use the flag
options for the rules.
You also might try to just run the traffic shaper and assign
"prioritize voip" "default low delay" "32 kbit/s" (skype
usually uses that amount of traffic). Then view your queues
at status>queues and do a call. If you see traffic in the
voipqueue you are done as this means that skype sets "low
delay" flags.
Holger
-----Original Message-----
From: Pedro Paulo de Magalhaes Oliveira Junior
Sent: Monday, March 20, 2006 4:48 PM
Subject: [pfSense Support] Skype traffic priorization
Does anybody know how to priorize Skype traffic in pfsense QOS?
____________
Virus checked by G DATA AntiVirusKit
---------------------------------------------------------------------
____________
Virus checked by G DATA AntiVirusKit
---------------------------------------------------------------------
____________
Virus checked by G DATA AntiVirusKit

Loading...