On Wed, Jan 13, 2010 at 9:17 PM, AJ Weber <aweber@comcast.net> wrote:
Am I correct in reading my fwknop.conf in that it's listening both TCP and
UDP on the defined port?  Is that needed if I am going to be using the
fwknop client/command-line from my client?  I thought that only UDP was
needed, and that should save on resources and not have to bind anything to
the port?
By default, in the /etc/fwknop/fwknop.conf file, the PCAP_FILTER variable is set
to "udp port 62201", and this is the port that the fwknop client sends out SPA packets
on (unless altered via command line args).

The fwknopd daemon never binds to any port by default - it passively sniffs SPA
packets off the wire.  You _can_ have fwknopd bind to either a TCP or UDP port to
have it use Berkeley sockets as the mechanism to acquire SPA packet data as
opposed to libpcap, but you would have to explicitly set the ENABLE_TCP_SERVER
or ENABLE_UDP_SERVER variable to "Y".  I know there are a lot of options in the
fwknop.conf file, so if you have any other questions on this please fire away...



Am I off base here?


Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
Fwknop-discuss mailing list

Michael Rash | Founder
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F