The following snippet is a dump of a WOL UDP packet broadcasted on the network using the WOL packet generator and captured with tcpdump
.
The packet was generated on a networked machine using:
wakeonlan.pl -s minuet 9d:1a:1a:01:20:1c Sending magic packet to 255.255.255.255:9 with 9d:1a:1a:01:20:1c
The following is the capture on a listening machine:
wheel@busybox:~# tcpdump -X -i en0 udp port 9 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN1000MB (Ethernet), capture size 65535 bytes 12:18:31.20218 IP flora.internal.82122 > 255.255.255.255.discard: UDP, length 108 0x0000: 4500 0072 b0a3 0110 0001 0da1 1d20 220b E.......@..].... 0x0010: ffff ffff afff 0109 129f 23a9 <--------------------------- IP payload starts here -----------------------------> ffff ffff .........o...... 0x0020: ffff 16 times hex address ---> 9d1a 1a01 201c 9d1a 1a01 201c 9d1a ...,.....,....., 0x0030: 1a01 201c 9d1a 1a01 201c 9d1a 1a01 201c .....,.....,.... 0x0040: 9d1a 1a01 201c 9d1a 1a01 201c 9d1a 1a01 .,.....,.....,.. 0x0050: 201c 9d1a 1a01 201c 9d1a 1a01 201c 9d1a ...,.....,....., 0x0060: 1a01 201c 9d1a 1a01 201c 9d1a 1a01 201c .....,.....,.... 0x0070: 9d1a 1a01 201c 9d1a 1a01 201c 9d1a 1a01 .,.....,.....,.. 0x0080: 201c password starts here ---> 6d69 6e75 6574 ..minuet
As you can observe, the SecureOn™
password is sent over the network in plaintext and can easily be recovered.
WOL packets can be captured using the string matcher in iptables.