Helping you keep sensitive data accessible and protected.
Port knocking: a stealthy system for network authentication across closed ports
Port Knocking has not been seen on TV
port knocking > primer > allocation

Firewall Primer

Perl prototype: v0.30

  • pcaplib support added; daemon no longer requires firewall log file

2004-Nov-14 18:59 | ...more

new Net::Pcap support added to sniff packets directly ...more

This section introduces the idea of communication ports and firewalls at a very introductory level. If you are familiar with TCP/IP and firewalls, you can skip past this section and go straight to the details of the port knocking implementation. This introduction is not a technical document and is targetted at a non-technical audience or novices computer users and administrators.

port allocation

Ports are divided up into three ranges, shown in Figure 2. Ports numbered 0-1023 are called registered look up registered on webopedia.com look up registered on FOLDOC or privileged ports and their use is regulated by IANA. Typically a process needs to be running with additional privileges (i.e., root/superuser) in order to listen on these ports. Although it is not illegal :) to run a mail server using a web port, it's not a good idea because it requires that you inform everyone that wants to send you mail about your unconventional port assignment.


Port Knocking (c) 2002-2017 Martin Krzywinski
Figure 2 | Ports fall into one of three contiguous groups: privileged ports, well-known ports and dynamic ports. Note that the ranges are not shown to scale - there are far more ports in the well-known category than in the privileged category.

Ports numbered 1024-49151 are considered well-known look up well-known on webopedia.com look up well-known on FOLDOC ports and are used by various applications. Users without additional system privileges can run applications that listen on these ports. For example, the database server MySQL mysql look up sql on webopedia.com look up sql on FOLDOC listens on port 3306. Although the use of these ports is not regulated by a body such as IANA, their assignment is a widely used convention.

Finally, ports in the range 49152-65535 are dynamic or private ports whose use is not regulated. Legitimate applications should not use these ports to receive communication.

When you use your computer to connect to a network server (such as now when you've made a connection to the web server that is showing this page) your operating system has selected one of the unused dynamic ports to use to connect to port 80 of a web server. This is illustrated in Figure 3, in which a client (bottom) connects to a server (top). During the duration of communication between a client and server, the combination of the server's and client's IP addresses, and the server's and client's ports uniquely identifies the communication channel through which data flows between the two computers.


Port Knocking (c) 2002-2017 Martin Krzywinski
Figure 3 | A client (bottom), running a client application such as a web browser, uses one of its dynamic ports to connect to a server's (top) network service, such as a web server.
last updated 2004-Apr-05 16:46
Port Knocking (c) 2002-2017 Martin Krzywinski