I would like to ask for detailed mechanics on how the Nextcloud desktop app synchronises with the NextCloud servers it is linked to.
Is there a time lapse trigger or a flagging system working in the background that activates the synchronisation processes. What type of packets are sent and received? Can WOL be activated with such data?
I ask this as I would like to implement effective and efficient power management with wake-on-lan during off-peak hours on the servers as we are consuming more than 3.7kv/h and are mandated to reduce the carbon footprint.
In trying to find more details about the way file syncing works, I fired up wireshark to test a small set-up being:
Client 1 (192.168.1.16)
Client 2 (192.168.1.11)
Nextcloud Server (192.168.1.201)
Client 1 saved a 10kb txt file on the server, server synced the file on Client 2 in a span of 33 seconds.
I could see the entire TCP negotiation exchange between the NextCloud Server and Client 2, but for some strange reason, I could not capture TCP packets between Client 1 and the server apart from NBNS packets from Client 1 sent to the entire network (ARP).
Here is the image of the captured data exchanged between Client 2 and the Server.
Kept on studying this scenario with other similar test and it is apparently obvious that syncing happens with a flagging system thereby being totally in the Application Layer of the OSI.
As wol works at layer 1 of the OSI, I will be pulling a feature request, maybe the desktop clients could as an option (we preset in the settings the MAC Address of the Server) send a UPD magic packet prior to encapsulating the file for TCP transfer.
One thing for sure, from a security perspective, the data transfer is truly safe and defies any sniffing attacks, and that’s quite a statement coming from a CEH.