Silent, multi-layer security for your organization.
Port knocking: a stealthy system for network authentication across closed ports
Port Knocking has not been seen on TV


Perl prototype: v0.30

  • pcaplib support added; daemon no longer requires firewall log file

2004-Nov-14 18:59 | ...more

new Net::Pcap support added to sniff packets directly ...more

I wrote a small Perl prototype of a port knocking system as companion code to the SysAdmin Magazine article. Over time, I kept adding features to experiment with ways to use port knocking to secure systems.


The current version of the canonical Perl prototype is 0.30.

v0.30 2004-Nov-14 18:59 68,337 bytes

canonical perl prototype

Currently, there is an implementation of port knocking in Perl. This is a prototype and includes the bare minimum to get started. Do not use this for production environments. Encryption via Crypt::CBC is supported. You can configure the client/server to process any log file (e.g. IPTABLES or IPCHAINS) using a list of regular expressions.

The current implementation portknocking-0.30.tgz contains a client (knockclient) and a service daemon (knockdaemon). The client is responsible for constructing and communicating the knock and the daemon monitors the firewall log file, parses the knocks and manipulates the firewall rules. For debugging purposes, the client is capable of appending entries to a local firewall log file, instead of sending knocks over the network.


See the README for requirements and installation information.


See manpage.


See manpage.

last updated 2005-Jan-02 15:14
Port Knocking (c) 2002-2019 Martin Krzywinski