The Internet telephony application Skype is well-known for its capability to intelligently tunnel through firewalls by selecting customized ports and encrypting its traffic to evade content based filtering. Although this capability may give some convenience to Skype users, it increases the difficulty of managing firewalls to filter out unwanted traffic. In this paper, we propose two different schemes, namely payload-based and non-payload based, for identification of Skype traffic. As payload based identification is not always practical due to legal, privacy, performance, protocol change and software upgrade issues, we focus on the non-payload based scheme, and use the payload based scheme mainly to verify its non-payload based counterpart. Our research results reveal that, at least to a certain extent, encryption by Skype to evade content analysis can be overcome. © 2008 Springer Berlin Heidelberg.