Drop #118 (2022-10-13): What Lies Beneath
hintfo; bandwhich; avahi/dns-sd
Hidden data and services are all around us in files and ethereal network packets. Today's drop is all about making these invisible bits quite visible, and potentially useful.
Thanks to TikTok/etc., it seems the kids know a bit about metadata, so much so that "influencers" have managed to kill one of the oldest online file metadata services.
That website just ran exiftool under the covers, and it was a service truly meant for a kinder, gentler, and far less "look at me" internet. You could just grab
exiftool and run it locally, but Dr. Neal Krawetz (@hackerfactor) decided to pick up the mantle of this historical service and made hintfo, which performs the same tasks as the previous service.
This one is fully aware of the times we live in and should be up to the task of handling all the submission from the gram-ers, tok-ers, etc. (as you can see, I have no idea how to refer to the denizens of those platforms).
You can read more about @hackerfactors' adventure into
hintfo over on their blog.
While I believe the good Dr. when they say that the files are tied to your browsing session and are punted away after a few minutes, perhaps use a local copy of
exiftool to examine the metadata of files with, er, sensitive content.
Even when you're not directly using your phone/laptop/desktop/tablet, watch/toaster/"smart" water bottle (o_O) chances are said devices are still talking to one or more things on your local network and also the broader internet. There have been ways to see how much bandwidth apps are using and what they're talking to. Since everything's better with a bit of Rust in it, you should check out bandwich if you're keen to keep an eye on what your system is doing on the network.
Grab a binary for your system or just:
cargo install bandwhich
(As a discerning Daily Drop reader, you do have Rust installed locally, right?)
and fire it up at a command line to see what's going on in the invisible universe of your network:
It has a few options worth checking out:
-a, --addresses Show remote addresses table only -c, --connections Show connections table only -h, --help Prints help information -n, --no-resolve Do not attempt to resolve IPs to their hostnames -p, --processes Show processes table only -r, --raw Machine friendlier output -s, --show-dns Show DNS queries -t, --total-utilization Show total (cumulative) usages -V, --version Prints version information
and it works super well (NOTE: on my bleeding edge macOS laptop I had to use the
-n option to disable name resolution to avoid some ugly errors which I keep forgetting to file an issue for).
Programming note: avahi/dns-sd/bonjour/mDNS is a broad enough topic that I'll be doing another "Knowledge Drop" to go into it in more depth. Think of this section as just a teaser trailer.
You may not realize it, but you are running an invisible name service in your home/apartment/trailer/hut/Hobbit hole. I'm not talking about the DNS server in your router (or one you've manually set up). We're talking mDNS/dns-sd (Multicast DNS/DNS Service Discovery). It's how your devices magically know about printers, and other devices, you've just installed on your network.
If you're only using tiny glowing rectangles (e.g. Android/iOS mobile devices), there are app store apps for this type of service discovery, but we're all aboot the command line here at the Daily Drop, so I turn your attention to:
The first link is to information about the Avahi ecosystem on *nix systems, and the second is one that Windows (ugh) folks may need to install to get the default Apple equivalent utilities loaded (if you're a Windows user have links to better mDNS/dns-sd tooling, please drop them in the comments so others can use those alternatives, too).
To see what invisible services are available, you can do either:
dns-sd -B _services._dns-sd._udp
and get output that will look a bit like this:
Timestamp A/R Flags if Domain Service Type Instance Name 19:20:17.926 Add 3 0 . _udp.local. _sleep-proxy 19:20:17.926 Add 3 0 . _udp.local. _meshcop 19:20:17.927 Add 3 0 . _tcp.local. _srpl-tls 19:20:17.927 Add 3 0 . _tcp.local. _airplay 19:20:17.927 Add 3 0 . _tcp.local. _raop 19:20:17.927 Add 3 0 . _tcp.local. _companion-link 19:20:17.927 Add 3 0 . _tcp.local. _homekit 19:20:17.927 Add 3 15 . _udp.local. _sleep-proxy 19:20:17.927 Add 3 15 . _udp.local. _meshcop 19:20:17.927 Add 3 15 . _tcp.local. _srpl-tls 19:20:17.927 Add 3 15 . _tcp.local. _homekit ...
My list goes on for a while, and both tools support automatic continuous discovery.
Poke around at the manual/help pages for each of those ecosystems while you wait for the Knowledge Drop on this topic. Do feel encouraged, though, to add a comment if you have a question about a particular service you see running.
#protip: It's even more fun to run the mDNS/dns-sd tools on other networks. You never know what you’re going to find. ☮