Discover more from hrbrmstr's Daily Drop

A digest of all the interesting data, packages, blogs and papers covering lots of programming languages, CLI utilities, cybersecurity, data visualization, data science, web-scraping and more!

Drop #118 (2022-10-13): What Lies Beneath

hintfo; bandwhich; avahi/dns-sd

boB Rudis

Oct 13, 2022

Hidden data and services are all around us in files and ethereal network packets. Today's drop is all about making these invisible bits quite visible, and potentially useful.

hintfo

person holding black tablet computer — Photo by National Cancer Institute on Unsplash

Thanks to TikTok/etc., it seems the kids know a bit about metadata, so much so that "influencers" have managed to kill one of the oldest online file metadata services.

That website just ran exiftool under the covers, and it was a service truly meant for a kinder, gentler, and far less "look at me" internet. You could just grab exiftool and run it locally, but Dr. Neal Krawetz (@hackerfactor) decided to pick up the mantle of this historical service and made hintfo, which performs the same tasks as the previous service.

This one is fully aware of the times we live in and should be up to the task of handling all the submission from the gram-ers, tok-ers, etc. (as you can see, I have no idea how to refer to the denizens of those platforms).

You can read more about @hackerfactors' adventure into hintfo over on their blog.

While I believe the good Dr. when they say that the files are tied to your browsing session and are punted away after a few minutes, perhaps use a local copy of exiftool to examine the metadata of files with, er, sensitive content.

gray and black audio mixer — Photo by Diane Picchiottino on Unsplash

Even when you're not directly using your phone/laptop/desktop/tablet, watch/toaster/"smart" water bottle (o_O) chances are said devices are still talking to one or more things on your local network and also the broader internet. There have been ways to see how much bandwidth apps are using and what they're talking to. Since everything's better with a bit of Rust in it, you should check out bandwich if you're keen to keep an eye on what your system is doing on the network.

Grab a binary for your system or just:

cargo install bandwhich

(As a discerning Daily Drop reader, you do have Rust installed locally, right?)

and fire it up at a command line to see what's going on in the invisible universe of your network:

It has a few options worth checking out:

-a, --addresses            Show remote addresses table only
-c, --connections          Show connections table only
-h, --help                 Prints help information
-n, --no-resolve           Do not attempt to resolve IPs to their hostnames
-p, --processes            Show processes table only
-r, --raw                  Machine friendlier output
-s, --show-dns             Show DNS queries
-t, --total-utilization    Show total (cumulative) usages
-V, --version              Prints version information

and it works super well (NOTE: on my bleeding edge macOS laptop I had to use the -n option to disable name resolution to avoid some ugly errors which I keep forgetting to file an issue for).

avahi/dns-sd

Programming note: avahi/dns-sd/bonjour/mDNS is a broad enough topic that I'll be doing another "Knowledge Drop" to go into it in more depth. Think of this section as just a teaser trailer.

You may not realize it, but you are running an invisible name service in your home/apartment/trailer/hut/Hobbit hole. I'm not talking about the DNS server in your router (or one you've manually set up). We're talking mDNS/dns-sd (Multicast DNS/DNS Service Discovery). It's how your devices magically know about printers, and other devices, you've just installed on your network.

If you're only using tiny glowing rectangles (e.g. Android/iOS mobile devices), there are app store apps for this type of service discovery, but we're all aboot the command line here at the Daily Drop, so I turn your attention to:

The first link is to information about the Avahi ecosystem on *nix systems, and the second is one that Windows (ugh) folks may need to install to get the default Apple equivalent utilities loaded (if you're a Windows user have links to better mDNS/dns-sd tooling, please drop them in the comments so others can use those alternatives, too).

To see what invisible services are available, you can do either:

avahi-browse _services._dns-sd._udp

dns-sd -B _services._dns-sd._udp

and get output that will look a bit like this:

Timestamp     A/R Flags if Domain Service Type Instance Name
 19:20:17.926 Add     3  0 .      _udp.local.  _sleep-proxy
 19:20:17.926 Add     3  0 .      _udp.local.  _meshcop
 19:20:17.927 Add     3  0 .      _tcp.local.  _srpl-tls
 19:20:17.927 Add     3  0 .      _tcp.local.  _airplay
 19:20:17.927 Add     3  0 .      _tcp.local.  _raop
 19:20:17.927 Add     3  0 .      _tcp.local.  _companion-link
 19:20:17.927 Add     3  0 .      _tcp.local.  _homekit
 19:20:17.927 Add     3 15 .      _udp.local.  _sleep-proxy
 19:20:17.927 Add     3 15 .      _udp.local.  _meshcop
 19:20:17.927 Add     3 15 .      _tcp.local.  _srpl-tls
 19:20:17.927 Add     3 15 .      _tcp.local.  _homekit
 ...

My list goes on for a while, and both tools support automatic continuous discovery.

Poke around at the manual/help pages for each of those ecosystems while you wait for the Knowledge Drop on this topic. Do feel encouraged, though, to add a comment if you have a question about a particular service you see running.

FIN

#protip: It's even more fun to run the mDNS/dns-sd tools on other networks. You never know what you’re going to find. ☮