Zone Controller IP Traffic

Been looking into the traffic going in and out of the Zone Controllers.

Base Listeners:

  • Admin webinterface
    • TCP Port 5480
  • Admin shell
    • TCP Port 22
  • Meeting traffic (MMR)
    • TCP/UDP Port 8801
  • Zone Controller (ZCTRL)
    • TCP port 8802
  • Cloud access (ZCTRL)
    • TCP port 443 (Both regular and encryption address)
  • STUN (ZCTRL)
    • UDP port 3478,3479
  • Unknown
    • TCP port 5488, 5489

Outgoing traffic includes contacting Zoom Cloud on port 443 (Amazon EC2) most likely for statistics collection.


Netstat:
tcp        0      0 185.174.116.88:443          0.0.0.0:*                   LISTEN      1404/zctrl          
tcp        0      0 185.174.116.172:443         0.0.0.0:*                   LISTEN      1371/mmr            
tcp        0      0 185.174.116.172:8801        0.0.0.0:*                   LISTEN      1371/mmr            
tcp        0      0 0.0.0.0:8802                0.0.0.0:*                   LISTEN      1404/zctrl          
tcp        0      0 185.174.116.88:8802         185.174.116.88:38396        ESTABLISHED 1404/zctrl          
tcp        0      0 185.174.116.88:49024        185.174.116.18:8802         ESTABLISHED 1371/mmr            
tcp        0      0 185.174.116.88:58636        54.83.5.86:443              ESTABLISHED 1404/zctrl          
tcp        0      0 185.174.116.88:38396        185.174.116.88:8802         ESTABLISHED 1371/mmr            
tcp        0      0 185.174.116.88:42266        54.243.3.229:443            ESTABLISHED 1404/zctrl          
tcp        0    204 185.174.116.88:47780        54.215.18.227:443           ESTABLISHED 1404/zctrl          
udp        0      0 185.174.116.172:8801        0.0.0.0:*                               1371/mmr            
udp        0      0 0.0.0.0:3478                0.0.0.0:*                               1404/zctrl          
udp        0      0 0.0.0.0:3479                0.0.0.0:*                               1404/zctrl