Skype is a really interesting software. Its text chat UI is mature and audio and video chat facility are very nice. Skype has this interesting ability of working independent of the DNS configuration of your system. Even when the DNS server your system is configured for, gets poisoned, Skype does not get affected.
In fact, I leverage this ability of Skype to detect network issues due to DNS service being down. On such an occasion, when the browsers were not working but Skype was, I pointed my DNS configuration to Google's DNS servers (listed below) and the browsers worked fine.
To take a deeper look, I tracked the connections Skype was making. I used the following to do that.
Initially it was sending out packets from port 51395 of my localhost. After I logged in, I find the following connections:
H about is the hostname of my system and the IP 111.221.77.159 is owned by Microsoft, Microsoft Singapore to be specific. Interesting sequence of connections, when I lookup a contact and open the corresponding chat window.
The IP 193.95.154.39 maps to Skype Technologies. After sending a line of text on the chat window, the following connections were made.
The IPs 157.56.123.82, 91.190.216.9, 78.141.179.14 map to Microsoft Corp Redmond, Skype and Entreprise des Postes et Telecommunications respectively. After that, when I was not doing any more activity on Skype, the following network activity was seen.
db3msgr6011307.ga does not have any DNS entries. Suggestions for digging further are welcome.
In fact, I leverage this ability of Skype to detect network issues due to DNS service being down. On such an occasion, when the browsers were not working but Skype was, I pointed my DNS configuration to Google's DNS servers (listed below) and the browsers worked fine.
8.8.8.8
8.8.4.4
To take a deeper look, I tracked the connections Skype was making. I used the following to do that.
netstat -taucp | grep skypeInitially it was sending out packets from port 51395 of my localhost. After I logged in, I find the following connections:
tcp 0 0 *:42520 *:* LISTEN 19207/skype
tcp 0 1 H:47078 111.221.77.159:40016 SYN_SENT 19207/skype
udp 0 0 *:42520 *:* 19207/skype
udp 0 0 localhost:51395 *:* 19207/skype
H about is the hostname of my system and the IP 111.221.77.159 is owned by Microsoft, Microsoft Singapore to be specific. Interesting sequence of connections, when I lookup a contact and open the corresponding chat window.
tcp 0 0 *:42520 *:* LISTEN 19207/skype
tcp 0 516 H:46808 193.95.154.39:33033 ESTABLISHED 19207/skype
tcp 0 0 H:47078 111.221.77.159:40016 ESTABLISHED 19207/skype
udp 0 0 *:33626 *:* 19207/skype
udp 0 0 *:41980 *:* 19207/skype
udp 0 0 *:42520 *:* 19207/skype
udp 0 0 localhost:51395 *:* 19207/skype
udp 0 0 H:32897 *:* 19207/skype
The IP 193.95.154.39 maps to Skype Technologies. After sending a line of text on the chat window, the following connections were made.
tcp 0 0 *:42520 *:* LISTEN 19207/skype
tcp 0 0 H:46808 193.95.154.39:33033 ESTABLISHED 19207/skype
tcp 0 0 H:47078 111.221.77.159:40016 ESTABLISHED 19207/skype
tcp 0 236 H:44172 157.56.123.82:https ESTABLISHED 19207/skype
tcp 0 1 H:45020 91.190.216.9:www-http SYN_SENT 19207/skype
tcp 0 75 H:48246 78.141.179.14:12350 ESTABLISHED 19207/skype
udp 0 0 *:33626 *:* 19207/skype
udp 0 0 *:42520 *:* 19207/skype
udp 0 0 localhost:51395 *:* 19207/skype
udp 0 0 H:32897 *:* 19207/skype
The IPs 157.56.123.82, 91.190.216.9, 78.141.179.14 map to Microsoft Corp Redmond, Skype and Entreprise des Postes et Telecommunications respectively. After that, when I was not doing any more activity on Skype, the following network activity was seen.
tcp 0 0 *:42520 *:* LISTEN 19207/skype
tcp 0 0 H:47078 111.221.77.159:40016 ESTABLISHED 19207/skype
tcp 0 0 H:47362 db3msgr6011307.ga:https ESTABLISHED 19207/skype
tcp 0 0 H:48246 78.141.179.14:12350 ESTABLISHED 19207/skype
udp 0 0 *:42520 *:* 19207/skype
udp 0 0 localhost.localdo:51395 *:* 19207/skype
db3msgr6011307.ga does not have any DNS entries. Suggestions for digging further are welcome.
2 comments:
Hi, I know it's an old post, but if the problem is still bugging you, then I think I've got a solution for you.
db3msgr6011307.ga is short for db3msgr6011307.gateway.messenger.live.com associated with the following IP: 157.56.192.116
Who is the good old:
OrgName: Microsoft Corp
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2011-04-26
Hey
Thanks for that. I guess after the acquisition, it started using Microsoft DNS.
Post a Comment