knock

Knock on ports using different protocols

$ knock [hostname] [portnumber]:[protocol]

$ knock [[-u|--udp]] [hostname] [portnumber]

$ knock [-4|-6] [hostname] [portnumber]

$ knock [[-v|--verbose]] [hostname] [portnumber]

knock [-options] host port1 [port2 [...]]

host
    The target hostname or IP address to knock on.

port1 [port2 [...]]
    A list of ports to knock on in the specified sequence.

-d delay
    Optional: Sets the delay (in seconds) between each knock.
Default is 0.

-t tcp|udp
    Optional: Specifies the protocol (TCP or UDP) to use for the knocks.
Default is TCP.

-S
    Optional: Send a custom sequence as the knock sequence.

-v
    Optional: Enables verbose output.

-h
    Optional: Displays help information.

The `knock` command is a client-side utility used for port knocking, a security technique where a series of connection attempts (knocks) to specific ports on a server are made in a predefined sequence. If the sequence matches the configured pattern on the server (usually using `knockd`), the server dynamically opens a firewall rule (often using `iptables` or `nftables`) to allow connections on a designated port for a limited time. This provides a layer of security by obscurity, making it difficult for unauthorized users to access services without knowing the correct knock sequence. The `knock` client simply initiates the TCP or UDP connections to the ports. The actual opening of the port is handled by a daemon like `knockd` running on the server.

Port knocking relies on security by obscurity and should not be considered a replacement for strong authentication and encryption. It adds a layer of defense, but is vulnerable to eavesdropping and replay attacks. Proper firewall configuration and regular security audits are crucial. Also, if the knock sequence is compromised, the open port can be exploited.

The `knock` command is only useful when paired with a server-side daemon (like `knockd`) configured to listen for the specified knock sequence and take appropriate action (e.g., opening a port via `iptables`). Proper configuration of both the client and server is essential for port knocking to function correctly.
Remember to secure the server-side configuration file!

The concept of port knocking has been around for many years, with various implementations appearing over time. The `knock` command is a user-space client implementation designed to simplify the process of sending the required knock sequence to a server. It became popular as a lightweight and easy-to-use tool for enhancing network security by adding an extra hurdle for potential attackers.

knockd(8), iptables(8), nftables(8)