I would like to ask for detailed mechanics on how the Nextcloud desktop app synchronises with the NextCloud servers it is linked to.
Is there a time lapse trigger or a flagging system working in the background that activates the synchronisation processes. What type of packets are sent and received? Can WOL be activated with such data?
I ask this as I would like to implement effective and efficient power management with wake-on-lan during off-peak hours on the servers as we are consuming more than 3.7kv/h and are mandated to reduce the carbon footprint.
In trying to find more details about the way file syncing works, I fired up wireshark to test a small set-up being:
- Client 1 (192.168.1.16)
- Client 2 (192.168.1.11)
- Nextcloud Server (192.168.1.201)
Client 1 saved a 10kb txt file on the server, server synced the file on Client 2 in a span of 33 seconds.
I could see the entire TCP negotiation exchange between the NextCloud Server and Client 2, but for some strange reason, I could not capture TCP packets between Client 1 and the server apart from NBNS packets from Client 1 sent to the entire network (ARP).
Here is the image of the captured data exchanged between Client 2 and the Server.
p.s. the connection to the server is secured via 443.
I am of the opinion that the syncing happens over background flagging systems…
Any help on this please
Kept on studying this scenario with other similar test and it is apparently obvious that syncing happens with a flagging system thereby being totally in the Application Layer of the OSI.
As wol works at layer 1 of the OSI, I will be pulling a feature request, maybe the desktop clients could as an option (we preset in the settings the MAC Address of the Server) send a UPD magic packet prior to encapsulating the file for TCP transfer.
One thing for sure, from a security perspective, the data transfer is truly safe and defies any sniffing attacks, and that’s quite a statement coming from a CEH.