Why is Control Center on Monterey listening to port 5000 and port 7000? I have used these ports for years for local development, but now find them in use by Control Center. Is this worth filling a Feedback about?
Why is Control Center on Monterey listening on ports?
This is apparently due to the new AirPlay functionality. Control Center stops listening to those ports when I turn off “AirPlay Receiver” in the “Sharing” System Preference:
The good news is that this appears to fix issues with the HomePod Mini's connectivity and voice delay issues when using the speaker for Mac Mini.
Is it possible to configure the port that the AirPlay Receiver listens on?
Definitely worth filling feedback about.. this is going to break a lot of Flask apps that listen on 5000 by default. Not sure why apple chose such a popular port.
Why port 5000? This is a very common web development port. Just another layer on top of the things that apple does to make web development as difficult as possible.
Agreed... It has broken a lot of my development configurations as well.
The Remote Audio Output Protocol, AKA AirTunes, AKA AirPlay, has been using port 5000 since the year 2004. This is nothing new. All AirPlay receivers including AirPort Express and Apple TV use port 5000. If you've ever used Airfoil on your Mac (Airfoil Speakers was released in 2008), that also uses 5000 for the same reason. AirPlay receiving is new to macOS Monterey, but AirPlay itself is very old, predating Flask and these other web development environments. No, Apple is not trying to make web development difficult.
It seems that port number 5000 was never officially registered with IANA, and has many more conflicts. Can we kindly ask Apple to register their service ports and use IANA assigned ports in the future? https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Just found out about this, while running the docker example-voting-app and failing because port 5000 is used, so I run: lsof -nP +c 15 | grep LISTEN
and there it was ControlCenter with ports 5000 and 7000 being used.
Who thought this would be a good idea? Now I have to chose between using Airplay or being able to work 🤦
so glad I found this, thanks
Unfortunately port 7000 was used to hack my iMac Apple Silicon 2 days ago, to control over my app, updated Xcode from unknown source and also changed Viber messenger. The hack thing was almost invisible, performed via previously hacked wifi router. So I decided to restore my system. I performed power button holding to enter my system options. I erased whole ssd and tried to load fresh new system. Well it does not go well, as the update server was unreachable - strange seemed to me. Than I realized that hackers have done something to my system options to force me not to revive or restore whole MacOS. I had to perform terminal destroy disk keys operation, ( terminal> xartutil --erase-all ) than I have found my iMac like diskless/bricked. I used Apple Configurator 2 to get my system back online and here I'm restored and healthy. Port 7000 is definitively dangerous to listen on while bad guys nearby... I almost forgot - my MacOS firewall was set to "blocking all incoming connections". So it seems there is still a way how to enter my MacOS.
This answered two of my questions on port usage, A, but and B, why my Control Center had been receiving incoming connections. However, I like Digitec have tried resetting my mac due to a previously hacked router issue, and just end up setting up another OS in a different partition somehow, and I am not new to this by any means. Files I can't access and the directory is a mess. So, Digitec, what can I do to avoid bricking and having to use the Apple Configurator 2 to revive? Any options there to make this a little easier and less time-consuming?
Back to the Port Issue, I don't understand why this Airplay Feature would use an insecure port AND have control center access on as a privacy setting by default. I've never seen this in my Preferences pane, which made me think that hackers could also access my accessibility settings which have never been set up in this version of OS on my Macbook, but I see now that there are enough options pre-set for a hacker to control my computer right there from the control center, and it's allowing incoming connections by default. Is this a design flaw we think?
To see what is or is not listening on port 5000, use this command at a Terminal window near you.
lsof -Pn | grep LISTEN
On the right you'll see TCP *:5000 (LISTEN) usually listed once for each IP version, and on the left is the name of the program that's sucking on the port, which is ControlCe if its AirPlay. If nothing is using that port, then it won't be listed.
Funny thing just happened: I turned off AirPlay Receiver, started my service on port 5000, turned AirPlay Receiver back on, it is now happily listening on port 54842 in addition to port 7000 on which it was also listening before.
This worked for me for docker registry 2.7 couldnt start as was its default port 5000. def control panel listening due to air play check mark
future reference "sudo lsof -i :5000" will give you port listening on 5000