Chat protocol used for port 5222

There seems to be an initial 4-way handshake when the connection is established:

00000000  7f df 2d 5a 38 1f 5c f7  16 a4 bc 48 06 e4 42 21 ..-Z8.\. ...H..B!
00000010  7d de 08 49 88 05 5b 47  0e cc cc 3b 7b aa 52 56 }..I..[G ...;{.RV
00000020  c2 97 f6 81 fe f3 cf 80  b9 bf d8 00 aa 59 45 1e ........ .....YE.
    00000000  bf cf 85 01 1e 76 6d 9c  d1 8c c2 03 54 fd ad b6 .....vm. ....T...
    00000010  91 99 dd 9d c9 79 19 07  ac dc 46 59 ac 32 8f dc .....y.. ..FY.2..
    00000020  1e b9 2a a4 c6 78 36 0e  b6 76 a7 2f 4d b4 07 a7 ..*..x6. .v./M...
    00000030  24 27 a9 81 9d e7 60 92  d2 0d 75 83 e4 85 61 7f $'....`. ..u...a.
    00000040  e1 19 a8 5a 67 7a 95 37  3a bb 12 0c e8 a2 c1 ba ...Zgz.7 :.......
00000030  e9 df 4c b0 e1 11 e4 04  b1 23 01 86 28 b5 45 6c ..L..... .#..(.El
00000040  5d f4 04 6e e0 3e 74 b2  d7 03 8d 36 91 24 f9 45 ]..n.>t. ...6.$.E
00000050  4b 35 8d 70 ee 1c c2 a5  9d 7d f3 09 d7 2c 4d e0 K5.p.... .}...,M.
00000060  c9 26 fe 54 88 29 fa 59  aa 8f eb 24 c7 e4 c3 70 .&.T.).Y ...$...p
00000070  6b 98 16 d6 8d a9 74 8f  c7 dd 40 44 cc a5 5e 8d k.....t. ..@D..^.
00000080  37 5e 22 02 7b 31 22 e9  11 3f f1 fa 5f 42 9f f7 7^".{1". .?.._B..
00000090  5d 8d 9d d1 6c f1 ad e2  8a 95 b5 d3 f0 b9 15 12 ]...l... ........
000000A0  d4 09 b9 e5 74 65 83 b4  bf d0 17 1f 40 62 62 8e ....te.. ....@bb.
000000B0  73 dd 4e 54 cd 1a 89 e3  02 75 0f 3f ec 94 ad 79 s.NT.... .u.?...y
    00000050  f9 85 a5 96 26 4d ae 0d  c7 b8 d6 75 d0 5b d4 8e ....&M.. ...u.[..
    00000060  f0 25 7a 21 fb 66 6d f0  39 3d 6e 9f e4 8a 7b c2 .%z!.fm. 9=n...{.
    00000070  14 00 f3 46 45 ce bb 99  2a c4 b2 29 e5 f4 7b 62 ...FE... *..)..{b
    00000080  81 55 93 a9 24 c8                                .U..$.

All messages after those initial four are formatted in the following way:

The first two bytes of a message seems to be a little-endian length field

So the first message from the server after connecting is:
    00000000  b7 00 cb 3c ab 3a f5 56  6a d5 f4 9e 8c 42 47 77  ...<.:.V j....BGw
    00000010  90 9c 6f c9 3a 21 d7 ad  86 05 03 64 24 7e 63 c3  ..o.:!.. ...d$~c.
    00000020  f1 f3 f5 dc c0 cf 35 71  4b 2c e7 f9 8d f1 7f 8d  ......5q K,......
    00000030  8a 88 16 d9 b1 c0 fb 35  1b 44 2b 7b 8e f1 a2 66  .......5 .D+{...f
    00000040  21 d9 ec c3 06 f9 e6 95  e1 02 9b 44 91 91 62 6c  !....... ...D..bl
    00000050  be 7f 31 fe 0d 46 db 71  2d 6a 8b 94 b3 a7 aa 28  ..1..F.q -j.....(
    00000060  9f 90 fb 7e a7 8f ca 23  11 74 01 12 c8 c7 38 ad  ...~...# .t....8.
    00000070  45 28 98 cb 61 8e f1 c6  de 20 28 6a 23 f4 95 8f  E(..a... . (j#...
    00000080  d1 98 82 8a 52 99 e8 f0  3e bc 8f e4 ea 70 98 d9  ....R... >....p..
    00000090  ce bd 5b c9 0e c3 b7 a1  38 40 00 80 5b f4 4e 16  ..[..... 8@..[.N.
    000000a0  b3 18 00 a9 9f c8 0b 4b  34 65 e4 70 fe 08 57 69  .......K 4e.p..Wi
    000000b0  81 b7 09 e5 3c 29 7d 58  92                       ....<)}X .
the length of the message is 0x00b7 + 2 = 183 + 2 = 185 bytes

Another example of a incoming message,
the length of the following message is 0x014b + 2 = 331 + 2 = 333 bytes
    00000000  4b 01 04 07 5f 87 fb 08  02 19 9e a7 98 e4 2b 30 K..._... ......+0
    00000010  a1 4a 7d 08 7e 71 c9 a2  d6 aa 5e 14 19 96 8b 0d .J}.~q.. ..^.....
    00000020  ce 6d 46 8d 12 ad f7 0d  47 97 cd 3c d2 fa c9 19 .mF..... G..<....
    00000030  01 69 1b 7b fb 7d 2f 0f  bd 71 6f 39 de 6d 81 0e .i.{.}/. .qo9.m..
    00000040  98 11 ed 34 be ed 4f 4c  cc 16 82 6e e9 26 e0 e4 ...4..OL ...n.&..
    00000050  5f 20 dc b7 41 63 33 ed  52 5e 5e d9 ee 99 aa 10 _ ..Ac3. R^^.....
    00000060  fa 4d 97 f6 f8 45 11 4f  59 80 bb 53 36 10 59 97 .M...E.O Y..S6.Y.
    00000070  5f a3 b3 bd 1f aa 8d c9  a5 d8 09 41 9f 53 df 53 _....... ...A.S.S
    00000080  51 f7 11 98 e1 7f e9 e6  e4 d1 86 6e a0 8b 09 da Q....... ...n....
    00000090  c3 61 a9 ee cf 80 2f ea  a3 9e fd 7c 4d b8 00 da .a..../. ...|M...
    000000a0  91 90 52 96 52 82 e6 34  00 03 13 11 44 0a b3 f4 ..R.R..4 ....D...
    000000b0  6c e1 d2 a1 15 3e 2e 26  94 12 85 28 53 9c 3b ff l....>.& ...(S.;.
    000000c0  0b 2d f1 ef 4f ad ed 55  0e f2 25 3b ce 66 88 44 .-..O..U ..%;.f.D
    000000d0  78 fa 22 c0 dd 8c c8 a0  d0 f7 b4 7b 0f 9d 65 09 x."..... ...{..e.
    000000e0  19 d9 f2 e6 d4 e9 60 b8  c6 ca c8 b8 0c 2a ba 06 ......`. .....*..
    000000f0  fd 41 a0 06 29 c9 e3 02  bb 94 0b 2a 63 59 68 ba .A..)... ...*cYh.
    00000100  27 18 2c 18 d2 b4 ac 84  bf 04 22 39 a5 1e 8c 84 '.,..... .."9....
    00000110  1d a6 c8 97 a0 f3 4d c3  ef d4 a0 f1 bf 14 c4 02 ......M. ........
    00000120  d7 22 25 57 75 b7 be 5f  67 b0 44 8e 8a 1e 70 aa ."%Wu.._ g.D...p.
    00000130  c7 40 ae 6e 45 4c 18 f6  d3 62 fd d1 2d c9 a7 47 .@.nEL.. .b..-..G
    00000140  de bd 7a 00 5c ce 37 11  fa 2c 7b c6 ff          ..z.\.7. .,{..

Probably the initial 4-way handshake is a key exchange between the app and the
server which is used to encrypt the payloads of the messages.