Change background image
  1. What's up? I see you're viewing as a Guest. How about registering, it only takes like 2 minutes. This will enable you to do more on our forum and stay updated.

Find User Ip On Skype [wireshark]

Discussion in 'General Hacking & Security' started by Crazy52, Aug 20, 2012.

Thread Status:
This thread is more than 180 days old.
  1. Crazy52

    Crazy52 Gate Keeper Admin

    this is a quick tutorial on how to find someones IP on skype, this can be useful if the tard does not know how to find his own or if you just want to know who you are really talking to.

    first off you will need;
    Skype (obviously)
    WireShark (or your traffic monitor of choice, preferably one with a filter)
    Any OS supported by Skype (even android, over wifi only)

    first you need to understand, the more active things are on you Skype; people trying to call you, getting status from contacts, and conversations will all give you a large amount of traffic.
    (i personally recommend a temp Skype account, it makes everything so much more simple)

    and we will be monitoring packets, not IP lists like network connections will normally provide, this way you have a better chance of finding the correct IP.

    Getting started

    first open up Skype and go to Tools > Options
    now click the Advanced tab and go to Connection
    un-mark and disable the option "use port 80 and 443 as alternatives for incoming connections"
    now take note of the port set in "use port XXXX for incoming connections" for this example we will use port 21625.
    Save & Restart Skype.

    Second Step open WireShark, pick the Interface you use to connect to the internet and pick Start.

    you will probably see a lot of results filling up, we need to clean this up a bit using the Filter.

    first get your local IP, you can do this in windows by starting command prompt Run > CMD
    and in command prompt typing the following "ipconfig" (without quotes).

    now take Note of your Local IPv4 Address for the interface you are using,
    in this example it will be

    now back to WireShark to filter everything only the things going from your PC on port 21625 and only udp.
    in the filter box type;
    ip.src == and udp.srcport == 21625
    now hit Apply and you should only see Skype traffic from your PC

    most of the resaults are from the skyp servers but to make it even more accurate add
    "and data.len == 3"
    this narrows it down to packets of 3 bytes (most of the packets this small are p2p)
    so now it the filter says;
    ip.src == and udp.srcport == 21625 and data.len == 3
    (Optional: the packet size may change with every update so doing this may give no results)

    as you can see the IP of the person you are calling is in the "Destination" and you are the Source.

    now it should be very easy for you to spot someones IP when you call them or they send you are in a call or get sent a message.

    ~ tutorial by Crazy52 @
    xTwiiSTeD_ and dns like this.
  2. Seth@WiiPlaza

    Seth@WiiPlaza Junior Member Member

  3. dns

    dns Active Member Admin

    This is the type of things I enjoy see getting added to Newhax. Thanks for the nice tut crazy.
  4. xTwiiSTeD_

    xTwiiSTeD_ Twisted MoFo Member

  5. Crazy52

    Crazy52 Gate Keeper Admin

    its been a while since we had a tutorial like this
  6. That One Guy

    That One Guy Junior Member Member

    Now all we need to know is how to ddos. >.> But nice tutorial. Helpful I guess, if you want to grab someone's IP over skype.
  7. dns

    dns Active Member Admin

    Lol yes kyle, tutorials on getting a users ip on skype... are helpful when you want to get someone's ip on skype.
    aazcod1999 likes this.
  8. aazcod

    aazcod Dns is gey Member

    ddos :S you want a tutorial :S onoes :S lol google "loic" but becareful were you download it from, and if you just dos someone (your computer only) you wont make a big difference, maybe wana try a
    botnet <---- newhax doesnt condone bot-nets nor anything you do or get caught with!!!!!!!! or buy a booter :)
  9. dns

    dns Active Member Admin

    Or just avoid being a douchebag by not ddosing/flooding people at all.
    That One Guy and aazcod1999 like this.
  10. That One Guy

    That One Guy Junior Member Member

    Sadly, douchebag's are all over the internet. And they think they can get away with it. You can always track who ddos'ed you. There is ways.
  11. Crazy52

    Crazy52 Gate Keeper Admin

    just send incomplete UDP packets like a real man
  12. That One Guy

    That One Guy Junior Member Member

    And how would one go about doing this? Being curious as I am. And where would you get botnet's and a booter from?
  13. Crazy52

    Crazy52 Gate Keeper Admin

    i think slowloris is a python script that does this
  14. SkyIsHere

    SkyIsHere Common sense is hardly common. Member

    Or, here's a kicker... Go to and enter there Skype name in, and it outputs the IP. See Crazy, having a programming knowledge past Wii and simple VBS, gives you a great outcome. But you wouldn't know that, would you?
  15. That One Guy

    That One Guy Junior Member Member

    Looks like some virus site.
  16. Crazy52

    Crazy52 Gate Keeper Admin

    umm ive made codes for wii and made a few programs in VBS.... not hard to do.
    so yea i do know about that.

    also that site is down, looks like someone failed.
    aazcod likes this.
  17. dns

    dns Active Member Admin

    Lol crazy sky seems not to like you
  18. Crazy52

    Crazy52 Gate Keeper Admin

    hes just some angry fool who followed me here from youtube
  19. aazcod

    aazcod Dns is gey Member

    im not explaining botnet's because everyone should know what they are :P and you can buy a booter from forums on the internet or wherever you can find them im not posting any websites on here but pm me and i can lead you to the right spot
  20. veektur

    veektur New Member Member

    I'm totally new to this, but it doesn't work for me. I've checked my IP and port, but it doesn't work. I got it to work for a few seconds, but when I tried again I got 0 results. However when I'm not using any filters I do see some packets with the port my skype uses as destination. I've tried changing scr into dst (no idea if that should help), but again I got 0 results. Do you have any idea how to fix this?
  21. Crazy52

    Crazy52 Gate Keeper Admin

    try not using "and data.len == 3"
    since updating the packets for skype are larger on avrage, this may be your problem
  22. veektur

    veektur New Member Member

    I already tried that, same result. All the packets I see when I'm not using any filter have an IP other than the one I get when using ipconfig (O_O). I have now idea how, it might just be my retarded network though :)
  23. Crazy52

    Crazy52 Gate Keeper Admin

    well if you see a source ip that looks like a local ip and its going out to the internet, then you may want to try using that in the filter.

    and yea i just used the filters and the "and data.len == 3" changed, is something like 63 i think now.
    id just keep that removed anyway
  24. Mafia

    Mafia Coder Member

    You know whats easier then this? Just pm me if u need a account..[i got the databases]
  25. Crazy52

    Crazy52 Gate Keeper Admin

    not really, crap like that thinks my IP is the skype server cuz i blocked so much crap.
    the site is down anyway fool.

    the best way is wireshark cuz even if you fill out the proxy settings in skype, it will still leak packets from your ip to the client.
Thread Status:
This thread is more than 180 days old.

Share This Page