The following snippet is a dump of a WOL UDP packet broadcasted on the network using the WOL packet generator and captured with tcpdump.
The packet was generated on a networked machine using:
wakeonlan.pl -s minuet 9d:1a:1a:01:20:1c Sending magic packet to 255.255.255.255:9 with 9d:1a:1a:01:20:1c
The following is the capture on a listening machine:
wheel@busybox:~# tcpdump -X -i en0 udp port 9
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN1000MB (Ethernet), capture size 65535 bytes
12:18:31.20218 IP flora.internal.82122 > 255.255.255.255.discard: UDP, length 108
0x0000: 4500 0072 b0a3 0110 0001 0da1 1d20 220b E.......@..]....
0x0010: ffff ffff afff 0109 129f 23a9 <--------------------------- IP
payload starts here -----------------------------> ffff ffff .........o......
0x0020: ffff
16 times hex address ---> 9d1a 1a01 201c 9d1a 1a01 201c 9d1a ...,.....,.....,
0x0030: 1a01 201c 9d1a 1a01 201c 9d1a 1a01 201c .....,.....,....
0x0040: 9d1a 1a01 201c 9d1a 1a01 201c 9d1a 1a01 .,.....,.....,..
0x0050: 201c 9d1a 1a01 201c 9d1a 1a01 201c 9d1a ...,.....,.....,
0x0060: 1a01 201c 9d1a 1a01 201c 9d1a 1a01 201c .....,.....,....
0x0070: 9d1a 1a01 201c 9d1a 1a01 201c 9d1a 1a01 .,.....,.....,..
0x0080: 201c
password starts here ---> 6d69 6e75 6574 ..minuet
As you can observe, the SecureOn™ password is sent over the network in plaintext and can easily be recovered.
WOL packets can be captured using the string matcher in iptables.