First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Port 5228 shows hpvroom when it is chrome

  • retag add tags

Wireshark shows TCP port 5228 as HP Virtual Room (hpvroom). This is the well-known port for 5228. By running netstat -b at the same time Wireshark logs the capture as hpvroom netstat shows that chrome.exe trying to connect to the destination port 5228. Is there another dissector that would long this as chrome? Is there other data on this in the Wireshark forum? I have some information that this could be XMPP or GCM connection attempts also. I have management freaking out over port 5228 attempts without knowing what application initiated the conversation. They don't believe it is an HP Virtual Room conversation or an Android conversation since our workstations are Windows 7 Pro systems exclusively. Any information or pointing me to a resource would be appreciated.

hbackus's avatar
1
hbackus
asked 2019-10-30 02:56:32 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

3 Answers

0

The answer was one simple search away: https://www.speedguide.net/port.php?port=5228, and here. It states:

Google Chrome user settings sync (facorites, history, passwords) uses port 5228

PS: If management is 'freaking out' over a port access it should educate itself on modern day networking, IMHO.

Jaap's avatar
13.7k
Jaap
answered 2019-10-30 05:20:33 +0000, updated 2019-10-30 05:21:05 +0000
edit flag offensive 0 remove flag delete link
more

Comments

VP-level an above make decisions on magazine articles and Sales Engineers (spin doctors). :-) Presentation is everything (even if it isn't accurate).;-)

hbackus's avatar hbackus (2019-11-01 12:44:14 +0000) edit
more
  • delete
add a comment see more comments
0

https://developers.google.com/web/ilt...
Chrome currently uses Firebase Cloud Messaging (FCM) as its push service. FCM recently adopted the Web Push protocol. FCM is the successor to Google Cloud Messaging (GCM) and supports the same functionality and more.
https://firebase.google.com/docs/clou...
If your organization has a firewall to restrict traffic to or from the Internet, you need to configure it to allow mobile devices to connect with FCM in order for devices on your network to receive messages. FCM typically uses port 5228, but it sometimes uses 5229 and 5230.

The traffic is probably encrypted so not what you will get if setting decode to TLS for port 5228
You can map the port number to "google" by setting up a personal "services" files: https://www.wireshark.org/docs/man-pa...

Name Resolution (services)
The services file is used to translate port numbers into names. Both the global services file and personal services files are used if they exist.

The file has the standard services file syntax; each line contains one (service) name and one transport identifier separated by white space. The transport identifier includes one port number and one transport protocol name (typically tcp, udp, or sctp) separated by a /.

An example is:

mydns 5045/udp # My own Domain Name Server mydns 5045/tcp # My own Domain Name Server

Put your custom "services" file in the folder pointed to by Help->About->Folders: Personal Configuration My services file for testing:

google      5228/tcp    # Google Cloud/Firebase messaging
Chuckc's avatar
3k
Chuckc
answered 2019-10-30 05:28:00 +0000, updated 2019-10-30 05:34:45 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Excellent, thanks so much for the details.

hbackus's avatar hbackus (2019-11-01 12:39:20 +0000) edit
more
  • delete
add a comment see more comments
0

MG-SOFT Net Inspector 6.5.0.828 - Multiple Vulnerabilities EDB-ID: 5269 CVE: 2008-1402 2008-1401 2008-1400

Noguru's avatar
1
Noguru
answered 2022-06-22 06:32:36 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer