Catch Skype with Flexible Packet Matching
Joe Harris published an excellent post detailing how you can use Flexible Packet Matching to recognize (and potentially block) Skype traffic. The solution depends on recognizing the first four bytes sent by the Skype application in a TCP session. While this is a great idea, you have to be aware that there's always a non-zero chance of false positives, more so as the described filter is testing the beginning of the payload in every TCP packet (not just the first data packet in the session).
CSCsg19895
Externally found enhancement (Sev6) bug: New (N)
NBAR Skype PDLM support for Skype versions (2.x, 3.x, etc.)
class-map match-any block-stuff
match protocol gnutella
match protocol skype
match protocol edonkey
!
!
policy-map drop-inbound-stuff
class block-stuff
drop
!
...
This is completely different technology from the configuration which I detail. Please note that I use Flexible Packet Matching which is a next-generation technology that is capable of filtering at a bit-level to catch later versions of Skype...You can also use the Skype.tcdf (XML scripting) file available on CCO @ http://www.cisco.com/cgi-bin/tablebuild.pl/fpm which will catch later versions of Skype as well...Please reference the following docs for additional details:
http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a00805138d3.html
http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008061d643.html
-Joe