4

There are two fairly common options for (using) Wake On LAN. You either have it enabled and use the magic packet to wake up the PC or you don't. In Windows, this option is represented by the Allow this device to wake the computer and Only allow a magic packet to wake the computer checkboxes in Network Adapter Properties. Generally you would want to either check both or uncheck the "parent" one (which understandably disables the second option, too).

I am, however, interested in the last, not so common combination:

Network Adapter Power Properties dialogue with option to "Allow this device to wake the computer" checked but "Only allow a magic packet to wake the computer" unchecked.

I noticed that using this option makes my PC wake up randomly overnight. Not every time, just sometimes, usually around 3am... And it got me thinking what exactly are those packets that can wake the PC up. I'd like to know whether they are potentially malicious, and to find their source.

I'm asking here because I couldn't find any documentation on this (everything I could find focuses on just the magic WoL packet). And I'm certain that it's caused by the network card because Windows shows this in the event viewer.

Please note that while my example is using Windows I'd also love to know whether this works the same on Linux and if not what differences are there.

Improve this question
2
  • If it's only waking at around 3AM, are you sure it's not actually waking to run a Task (like Windows Update)?
    – Ƭᴇcʜιᴇ007
    Commented Feb 3, 2017 at 14:27
  • Yup, that's why I added the note - Event Viewer shows very clearly that the PC was woken up by by the network interface. I also have this "feature" of Windows disabled and I disallowed wake-up by system timers in the UEFI BIOS.
    – Amunak
    Commented Feb 3, 2017 at 14:39

1 Answer 1

Reset to default
1

When you don't enable "Only allow magic packet to wake the computer" then ANY network packets addressed to that network interface can/will wake the system.

Improve this answer
9
  • What does constitute a "packet addressed to that network interface"? Is that any packet/broadcast that arrives at the interface? Or only packet (or more like frame) that has the correct destination address for that interface?
    – Amunak
    Commented Feb 3, 2017 at 14:37
  • Any packet that hits it will wake it, broadcast or directly addressed (a broadcast is addressed to all devices, include the one in question).
    – Ƭᴇcʜιᴇ007
    Commented Feb 3, 2017 at 15:34
  • 1
    I tried to replicate it and didn't manage to make it work. I tried to send a general broadcast packet to the subnet with the device and it didn't wake up. I also tried using Mikrotik's "MAC ping" to ping the interface directly via its MAC address and that didn't work either. Any other suggestions I could try to trigger the wake-up?
    – Amunak
    Commented Feb 3, 2017 at 17:03
  • I'm not sure why this is an accepted answer. As @Amunak says, traffic to the broadcast address of the network doesn't wake the PC when it is in this state. I have also tried to get it to wake with something other than the magic packet. Cannot replicate it! I had wireshark running overnight capturing all traffic to .255. The PC woke up at 3am local time
    – G-.
    Commented Jul 26, 2020 at 9:14
  • I suppose I should look into capturing traffic to the IP as I suppose the router could know that this relates to the offline NIC
    – G-.
    Commented Jul 26, 2020 at 9:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .