/qnap-finder

A program to list any active QNAP NAS boxes in a network

Primary LanguageC

* qnap-finder
=============

This is a simple program to find out the presence (and the IP) of a QNAP NAS box on
a network. I have tested with a TS-410.



* Disclaimer
============
This program is a work in progress and isn't guaranteed to work with all QNAP devices.
Although this is meant to be a replacement for the Windows/Mac versions of QNAP finder,
it is not guaranteed to work that way.


* Data from the windows version of QFinder
==========================================
The QNAP Finder when run(on MS Windows), sends a UDP broadcast packet on the network
to the multicast address(255.255.255.255) upon which, any QNAP NAS box active on the
network responds with it's version information, hostname and other details.

I noticed (when sniffing with Wireshark), that the QNAP Finder app, sends the broadcast
message several times (15 to be precise) from the time it is launched until it stops
querying further, with the following data:

00000000  00 00 00 00 00 00 43 6c  00 00 01 00 00 00 25 04 ......Cl ......%.
00000010  00 00 00 00 00 00 43 6c  00 00 01 00 00 00 25 04 ......Cl ......%.
00000020  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
00000030  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
00000040  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
00000050  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
00000060  00 00 00 00 00 00 43 6c  00 00 01 00 00 00 25 04 ......Cl ......%.
00000070  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
00000080  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
00000090  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
000000A0  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
000000B0  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
000000C0  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
000000D0  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.
000000E0  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.

There are two kinds of messages that are sent:

* MSG 1:

00000000  00 00 00 00 00 00 43 6c  00 00 01 00 00 00 25 04 ......Cl ......%.

This is a query of sorts. When sent, the NAS box responds with a brief message:

���jSe��%����
10.0.0.10�cher	�NAS(TS-410)TS-419ITS-410�	1���	2����	3����	)������@�2-	20130726�	'�� ��
                                                                                                              �admin5��������H���	��P�	������	�����  ���
                                                                                                                                                                  �	����	�����	�����	�����	������+��smtp.gmail.com:465F��
                                      ���j����k��	



* MSG 2:

00000020  00 08 9b c3 ec 6a 43 6c  02 00 05 00 00 00 25 04 .....jCl ......%.

This requests for more detailed information from the NAS box:
���jSe�%��cher(TS-410)TS-419ITS-410	�NAS�	'�� ��@�2-	20130726�	1���	2����	3���L�--!@(GMT+10:00) Canberra, Melbourne, Sydney�
���
������
      ���j�	����+�,��	���
��	���F��G�
                �	�����	�����5��0bond���j
                                                 ���
����
���������������k#�437%�1&�Seagate ST31000528AS    CC38'
931.51 GB.�Seagate ST31000528AS    CC38/
931.51 GB:�Seagate ST31000528AS    CC38;
931.51 GB<�Seagate ST31000528AS    CC38=
931.51 GB��	


Both the messages are 16 bytes long.

I used tcpdump to capture data from my linux box:

# tcpdump -vvv -i wlan0 -w cap_from_linux.pcap -n "broadcast or multicast"

Please find the file `cap_from_linux.pcap` in the repository.


* Header and Footer of the response
===================================

* Response Header: The header is a 128 bit message.
  The 'query' response header is:
      00 08 9b c3 ec 6a 53 65  01 00 01 00 00 00 25 04
  The 'detail' response header is:
      00 08 9b c3 ec 6a 53 65  01 00 05 00 00 00 25 04

* Response Footer: The footer(96 bits) is the same for both kinds of messages:
      ff 04 00 00 00 00


* Comments, bugs and patches
============================
Please feel free to submit any bugs or patches in the Issue Tracker for this
repository available here(https://github.com/ajaysusarla/qnap-finder/issues).