Regarding "how does the computer recognize this packet as a Skype packet and not as a Web packet?": The packet goes to whatever program is listening on the port. If Skype decides to use TCP/80 and accidentally starts to talk to a web server, the web server will be confused, throw an error (or refuse to reply) and Skype will give up. If a web client decides to connect to Skype, Skype will see the request and recognize it is not Skype.
That means that you cannot block Skype using the IP/Port info alone. Blocking based on the content with static rules assumes there is always a fixed signature. Since Skype is proprietary, the protocol may change at any time, making old rules useless. Skype is notoriously good at evading filters. I would not be surprised if they do somehting like adding a random key at the beginning and encrypting the rest of the traffic with Skype's proprietary version of RC4, either now or in the future. This would make it impossible to distinguish the traffic from random noise.
With port 443 traffic, they could also simply run a real SSL connection. This would make it very hard to distinguish (if done right) if you don't want to do traffic analysis (as in "amount and timing of traffic"). I don't know if they are doing it, but again, the proprietary protocol can change.
The most reliable way to keep users from using Skype may be scanning for the executables on the machines and/or LARTing users who violate policy by using it.
Also check for traffic on other ports. 80 and (more likely "or") 443 are probably just the minimum that Skype needs. It may be happy with some ports you missed, even if 80/443 are completely blocked. Check for UDP traffic!