The server part (package knockd) listens to all traffic on an ethernet
(or PPP) interface, looking for special "knock" sequences of port hits.
This client makes these port hits by sending a TCP (or UDP) packet to a
port on the server. This port does not need to be open. Since knockd
listens at the link-layer level, it sees all traffic even if it is
destined for a closed port. When the server detects a specific sequence
of port hits, it runs a command defined in its configuration file. This
can be used to open up holes in a firewall for quick access.