Internet-Security raven logo internet-security.com

TCP 5222

ProtocolTCP
Port5222
LabelsExtensible Messaging and Presence Protocol (XMPP) client connection

Synopsis

  • TCP port 5222 is the default port for XMPP (Jabber) client-to-server connections (RFC 6120).
  • XMPP server software that listens on 5222 includes ejabberd, Prosody, and Openfire.
  • Cisco Jabber clients connect to the Cisco IM and Presence Service (CUCM IM&P) using XMPP on 5222.
  • Popular XMPP clients like Pidgin, Gajim, Psi, and Spark use 5222 to reach their servers.
  • Google Talk (historical) exposed XMPP on talk.google.com over 5222.
  • WhatsApp’s early infrastructure used a customized XMPP stack (based on ejabberd) communicating over 5222.
  • Facebook Chat formerly provided an XMPP gateway reachable on 5222.
  • Apple iChat (pre–Messages) used XMPP and connected to Jabber servers via 5222.
  • Security note: attackers scan 5222 for exposed XMPP services; malware such as JabberZeus has used XMPP (often on 5222) for command-and-control, and compromised Openfire servers have been abused via their 5222 service.

Observed activity

Last 30 days Detailed chart

More information