Wake on LAN (WoL) support is implemented on the motherboard of a computer. Most modern motherboards with an embedded Ethernet controller support WoL without the need for an external cable. Older motherboards must have a WAKEUP-LINK header onboard and connected to the network card via a special 3-pin cable; however, systems supporting the PCI 2.2 standard coupled with a PCI 2.2 compliant network adapter typically do not require a WoL cable as the required standby power is relayed through the PCI bus.
Laptops powered by the Intel 3945 chipset or newer (with explicit BIOS support) allow waking up the machine using wireless (802.11 protocol). This is called Wake on Wireless LAN (WoWLAN).
Wake on LAN must be enabled in the Power Management section of the motherboard's BIOS. It may also be necessary to configure the computer to reserve power for the network card when the system is shutdown.
In addition, in order to get WoL to work it is sometimes required to enable this feature on the card. This can be done in Microsoft Windows from the properties of the network card in the device manager, on the "Power Management" tab. Check "Allow this device to bring the computer out of standby" and then "Only allow management stations to bring the computer out of standby" to make sure it does not wake up on every single network activity that occurs.
The general process of waking a computer up remotely over a network connection can be explained thus:
The target computer is shut down (Sleeping, Hibernating or Soft Off, i.e. ACPI state G1 or G2), with power reserved for the network card. The network card listens for a specific packet, called the "Magic Packet." The Magic Packet is broadcast on the broadcast address for that particular subnet (or an entire LAN, though this requires special hardware and/or configuration). When the listening computer receives this packet, the network card checks the packet for the correct information. If the Magic Packet is valid, the network card turns on the computer to full power and boots the operating system.
The magic packet is sent on the data link or OSI-2 layer and broadcast to all NICs (within the network of the broadcast address). Therefore, it does not matter whether the remote host has a fixed or dynamic IP-address (OSI-3 layer).
In order for Wake on LAN to work, parts of the network interface need to stay on. This increases the standby power used by the computer. If Wake on LAN is not needed, turning it off may reduce power consumption while the computer is off but still plugged in.
Since the Magic Packet is only scanned for the string above, and not actually parsed by a full protocol stack, it may be sent as a broadcast packet of any network- and transport-layer protocol. It is typically sent as a UDP datagram to port 0, 7 or 9, or, in former times, as an IPX packet.
Firewalls may prevent clients within the public WAN from accessing the broadcast address of the private LAN.
Certain NICs support a security feature called "SecureOn". It allows users to store within the NIC a hexadecimal password of 6 bytes. Clients have to append/ postfix this password to the magic packet. The NIC wakes the system only if the MAC address and password are correct. This security measure significantly decreases the risk of successful brute force attacks: 2 values per bit ^ ((6 bytes for remote host's mac_address + 6 bytes for password) * 8 bit per byte). Still, only a few NIC and router manufacturers seem to support such security features.
AMT uses TLS encryption to secure an out-of-band communication tunnel to an AMT-based PC for remote management commands such as WOL. AMT secures the communication tunnel Advanced Encryption Standard (AES) 128-bit encryption and RSA keys with modulus lengths of 2048 bits. Because the encrypted communication is out-of-band, the PC’s hardware and firmware receive the magic packet before network traffic reaches the software stack for the operating system (OS). Since the encrypted communication occurs “below” the OS level, it is less vulnerable to attacks by viruses, worms, and other threats that typically target the OS level.
IT shops using WOL through the Intel AMT implementation can wake an AMT PC over network environments that require TLS-based security, such as IEEE 802.1x, Cisco Self Defending Network (SDN), and Microsoft Network Access Protection (NAP) environments. The Intel implementation also works for wireless networks.
There are a number of programs available that make use of Wake-on-LAN. Below is a partial list.