Silent, multi-layer security for your organization.
Port knocking: a stealthy system for network authentication across closed ports
Port Knocking has not been seen on TV
port knocking > about > port_triggering

Port Knocking

Perl prototype: v0.30

  • pcaplib support added; daemon no longer requires firewall log file

2004-Nov-14 18:59 | ...more

new Net::Pcap support added to sniff packets directly ...more

Learn about firewalls and discover port knocking. Find out how to use port knocking to secure your servers with a Perl prototype or other implementations. Play with knocks in the knock lab. Contribute to the port knocking project. See what others are saying. Is port knocking a form of security through obscurity? Port knocking is definitely not any kind of ultimate solution and some think that it should be avoided altogther. The author doesn't think so and also has some other opinions.

Logos and Banners

Port Knocking (c) 2002,2003 Martin Krzywinski Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

More images are available.

port triggering

Port triggering is a feature included in some routers look up router on look up router on FOLDOC (e.g. LinkSys BEFSR81, see review at and screenshot of port triggering on the LinkSys BEFSR81) which mitigates the fact that the internal IP address is fixed during port forwarding.

Suppose you have two hosts in an internal network and you would like to host some service from one or the other machine (e.g. Quake or Roger Wilco server). Depending on which internal machine you use to host the service, you will need to either reprogram the port forwarding rules or change the internal IPs to match the rules. That's annoying and this is exactly where port triggering comes in.

Triggering forwards incoming connections to a particular internal host when this internal host initiates a connection. The act of the internal host initiating a connection is the trigger. For example, if an internal host connects to port snmp/25 on a remote server, triggering could be configured to then allow incoming connections from the remote server to port auth/113 of the internal host. The nice thing about triggering is that the internal host's IP/MAC address does not need to be configured anywhere - the router will perform the forwarding smartly. See details on Networking FAQ at Thus, port triggering is similar to port fowarding, except that instead of configuring the forwarding rules yourself, they are automatically configured based on outgoing connections.

last updated 2004-Apr-05 16:07
Port Knocking (c) 2002-2019 Martin Krzywinski