"Legitimate" p2p protocols depends completely on your risk appetite and how you define your security. For us, our risk appetite is quite low, and there is no such thing as a legitimate p2p protocol.

"Legitimate" depends a lot on the environment. Should Spotify be pushing bits out to the world from your doctors PC? Should it be accepting inbound connections from other random people around the world?

Now answer the same two questions after an exploit in the P2P library within Spotify is announced on HN.

Sure, you just write the tool that can audit encrypted traffic from Skype or Spotify in real time and check that it's legitimate as opposed to a malicious program impersonating their protocols.