9

The dropbox.py script for dropboxd on linux will give current status:

$ dropbox.py status 
Syncing (2,656 files remaining)
Uploading 2,656 files...

Or status of a specific file or current folder:

$ dropbox.py filestatus 
Camera Uploads:     up to date 
Customer Shares:    syncing

But is there a way to see what file(s) are actually being transferred right now?

The reason I ask is that dropbox has been stuck for days syncing but isn't progressing. I suspect it is stuck on some weirdly large or corrupt file, and if I could identify it, I could remove it / ignore it.

Note 

$ ls -l /proc/7857/fd

Where 7857 is the pid of dropbox, no files in the synced path are shown.

Note that requiring the stopping of dropboxd and re-executing with a debugger would not reveal what is being transferred now. Stopping and starting the daemon results in re-indexing and re-commencing synchronisation. This would likely cause a different set of files to be the ones being transferred.

Any suggestions?

Improve this question
9
  • did you try the suggested tip with the SSL wireshark?
    – tukan
    Commented Oct 17, 2017 at 14:00
  • @tukan No I didn't. In the best case this would require capturing the initiation of the SSL session to capture the preshared key. However, modern apps use Diffie Helman key generation, where the preshared key is never on the wire - this requires the app itself to log the keys used. I doubt very much that dropbox 1) doesn't use DH and 2) has a mode where it logs keys (see security.stackexchange.com/questions/35639/…)
    – Paul
    Commented Oct 17, 2017 at 22:10
  • We did not understand each other. I'm not suggesting you should actually crack/hack DH key exchange. What I have suggested, I don't know what kind of dropbox plan are you using, is to use RSA keys (dropbox.com/business/app-integrations/RSA). Then use wireshark to import that key (support.citrix.com/article/CTX116557) to decrypt the actual traffic with your own key.
    – tukan
    Commented Oct 18, 2017 at 8:13
  • @tukan Please read the first "Point to note" in the second link you provided. Also note that the RSA link is an authentication mechanism, nothing to do with RSA as used in encryption.
    – Paul
    Commented Oct 18, 2017 at 8:21
  • I have contacted dropbox.com support and they are currently investigating it and have to contact their application department to get greater details. Lets wait for the answer.
    – tukan
    Commented Oct 18, 2017 at 8:58

1 Answer 1

Reset to default
4

If you are on linux it is quite easy. During the sync process you can do:

find $HOME/dropbox_sync_dir -type f -exec dropbox.py file status -a '{}' \; | grep 'syncing'

Explaining details:

  • find <path> -type f -exec dropbox.py ... '{}' \;

Runs dropbox.py on every file or below the current directory.

Notice that the braces are enclosed in single quote marks to protect them from interpretation as shell script punctuation. The semicolon is similarly protected by the use of a backslash, though single quotes could have been used in that case also.

More on man find pages

  • dropbox.py file status -a from the dropbox linux client manual:

    dropbox file status  [-l] [-a] [FILE]…

Prints the current status of each FILE.

  Options:

   -l or --list prints out information in a format similar to the native Linux command ls.
   -a or --all do not ignore entries starting with "."

    Aliases include stat.

  • | grep 'syncing'

Searches for the 'syncing' string.

Note: that the .py end should not be mandatory there should be an alias so writing just dropbox should be enough.

First Edit - re-edit due to Paul's comment about dropboxd (daemon) vs. dropbox.py.

This remains the most probable way to find out what is being transferred.

I'll try to debug it myself when I finish my pending tasks.

The dropbox.py should be debugged via pdb (the python debugger) for more at python debugger.

Finally after the Paul's comments I understood where is the core of the issue. He wants to see the currently accessed file or even better the one being transferred by the dropbox sync client.

  • You could find all files used by the dropbox client currently used:

    ls -thal /proc/`pgrep dropbox`/fd | egrep -v 'socket:|pipe:|anon_inode|/dev/'

  • If you can not see anything that means that something is probably wrong with the client. I would recommend performing strace.

    To monitor your dropboxd script with output save into output.txt file:
`strace -o output.txt dropboxd`

To monitor only system calls you could enter:
`strace -e open dropboxd`

  • If you want to go even deeper you could attach an debugger e.g. gdb to your strace session.

    If you are unfamiliar with this process you can check,for example, this nice post about unix strace and gdb.

Just a quick help:

When you start your trace with: strace dropboxd (running pid would be 501) Then you attach to it the following way:

$ gdb --quiet
(gdb) attach 501
  • If everything else fails you can use other ways to sync your dropbox:

For example, use a different cli client like dbxcli.

Second Edit & Forth Edit - will not work till dropbox supports own private keys.

Answer from the dropbox support:

Dropbox does not support the creation of your own private keys.

It occurred to me that it should be possible to check what is transferred even via network monitoring tool like wireshark.

Since the dropbox client is using SSL/TSL (or AES) The dropbox security architecture and you should have the key to check.

For details how to use wireshare you could check https://wiki.wireshark.org/SSL or adjust this example to your case Analyze SSL/TLS Client Hello Traffic. In you have dropbox certificate you could import it into wireshark to see what is happening. (For dropbox security details you can check Dropbox security whitepaper.

Third Edit & Forth edit - details about the SSL/TSL decryption. (will not work till dropbox supports own private keys.)

Answer from the dropbox support:

Dropbox does not support the creation of your own private keys.

In the second edit section I suggested that you can view the SSL traffic via wireshark. Since Paul has thought that I'm suggesting that you should actually hack the DH key exchange, which is with current knowledge not possible, I would like to rectify it.

What I'm trying to suggest is that if you are using dropbox business RSA and RSA authentication, you could try to use the dropboxd with RSA key (the daemon dropboxd is closed source, I can not check the source code if the functionality is there and probably the best solution is to ask dropbox.com directly).

If that is possible, only then import the RSA key to wireshark to see what is currently being transferred.

Improve this answer
9
  • This approach lists all the files queued for printing, not the actual file currently being synced.
    – Paul
    Commented Oct 11, 2017 at 13:13
  • @Paul: if you do dropbox filestatus /path_to/file what does it return?
    – tukan
    Commented Oct 11, 2017 at 13:24
  • pick any file from your synced dir.
    – tukan
    Commented Oct 11, 2017 at 13:27
  • If you have 1000 files queued to sync, then the filestatus for each of them will be syncing.
    – Paul
    Commented Oct 11, 2017 at 20:47
  • @Paul ah, finally the core of your comment. Sorry, for being dense. I understood your question differently. I'll edit my post for better answer.
    – tukan
    Commented Oct 12, 2017 at 7:39

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .