Take a look at “fwknop.conf”, as it has the server side variable you can use to change the listening default port:

PCAP_FILTER udp port 62201;

You can change this to something that’s typically not blocked by any firewall your client may find itself behind, e.g. udp port 53, typically used for DNS.

Also, if you read the header notes describing this variable, you can have it listen on any or all ports.

Something cool to remember is that the fwknop service does not actually “open” this port on the server, so you don’t have to worry about conflicts. Even if that port is already in use on the server, the fwknop service uses PCAP to sniff the wire for SPA packets to work with. Just remember, the process of capturing the data can increase the load on the server if you choose a port that has a lot of traffic already. So, just be cautious.

Also, you don’t need to use “sudo” to run the client. You are simply using fwknop to perform a function that requires no special privileges. Woot!

Again, thanks for visiting.

Quick question however — say the UDP port 62201 is blocked on the client machine. The fwknop documentation stated this port could be changed, however I couldn’t find how to do this. Also do you need to be root or issue any sudo commands to use fwknop as a regular user.