@gabe-a said in How to get SSH working on my network:
I'll try to trace the route the traffic
There is not a "trace" of traffic - you would need to sniff and see how when you ssh hostname that name is being resolved to an IP, is it a netbios broadcast, was a dns query to your routers IP using a fqdn query or just hostname, or did it add a suffix like .local, etc. , was it mdns via multicast?
If I didn't on purpose completely disable mdns on any client that tries and do it - I would show you an example.. But I on purpose disable mdns on my windows machines - because it a horrible chatty protocol that I have zero use for - I resolve anything on my network via a simple dns query.. to my unbound running on pfsense or my pihole.
What I can show you for example when I ssh to say my nas.. what happens..
I flush the machines local dns cache so I know it has to find the IP for nas.local.lan, as you can see it does a dns query to my dns it points to, in my cache my pihole on 192.168.3.10 and gets an answer
[image: 1671555357898-dns.jpg]
showing where my client points for dns, and that I have mdns disabled - its horrible horrible chatty noise producing protocol..
[image: 1671555540908-mdns.jpg]
That it is enabled by default is horrible yet another horrible choice by MS if you ask me ;)
avahi is a tool that will pass mdns across network boundaries - it has zero use for you, because as you have stated all your devices on the same network. But I have gone over how to troubleshoot that and set it up a few times.. Even though I dislike using it, and don't on my network, I know how it works and I know how to set it up, etc. I just not a fan of breaking network boundaries like that.. If you want to discover something via a L2 method - then you need to be on that L2 ;)
None which has anything to do with you, since you have clearly stated all your devices are on the same network connected to a dumb switch..
Here for example is some mdns on my wireless network my phone and printer are on..
[image: 1671556293170-mdns-resized.jpg]
You can see my phone 192.168.2.198 sending out queries, and the stuff it already knows about, and you see a response from my printer on 192.168.2.50 to the multicast address. What I don't see is any directed unicast responses directly from the printer to the phone for example. I would have to setup span port of where my AP is to see that, since my printer is wired..
Iphone loves to use airprint to find printers - wish I could just give it the fqdn or IP of the printer so I didn't have to allow for that nonsense noise on my network.. My PC for example has no issue just printing to the fqdn of the printer across vlans.. But vs breaking the boundary - I just put the printer on the same vlan as my wireless that devices that insist on using mdns, so I don't have to break boundaries passing mdns across network segments.
edit: here I did a sniff directly on my AP via tcpdump for this sort of traffic.. This way I did not have to really change anything on my networks or clients or create a span port to see the traffic..
12:29:06.767697 IP 192.168.2.198.5353 > 224.0.0.251.5353: 0 A (QU)? BRN30055C116AD9.local. (39)
12:29:06.787748 IP 192.168.2.50.5353 > 192.168.2.198.5353: 0*- [0q] 1/0/0 A 192.168.2.50 (49)
You can see where my phone 2.198 did a query to the multicast address, and the printer at 2.50 did a directed unicast answer back to the phones specific IP..
