Port knocking

Port knocking is a method of obscuring the services that you have running on your machine. It allows your firewall to protect your services until you ask for a port to be opened through a specific sequence of network traffic. A more secure and modern approach is to use SPA (Single Packet Authorization) but SPA is not covered in this post.

Port knocking is a way to hide certain ports, e.g. you access your server through SSH, but you do not want bruteforce attempts all day long, so in this case you have you have SSH port closed, but when you knock on certain ports in a specific order the ssh-port opens up, maybe only for a few minutes.

Below is three ways in how to knock on ports:


Then if you scan the IP you can verify port 22 e.g. is available.


nmap based script that knocks on 3 ports and initates a SSH connection.

Simply hit on ports with this command:

Using hping to knock on ports: