Network apps & prots
Some network-related tools/utilities you should know:
Basics
About networking
There are multiple ways to configure networking in Linux systems. Currently, the NetworkManager is probably the most popular network configuration daemon for Linux distributions. The main purpose of NetworkManager is to make net config and operation as painless and automatic as possible. It provides a D-Bus interface and a library (libnm) to make its APIs available to other apps.
NetworkManager allows the experienced users (admins) to provide their own configuration. On the other hand, it auto configures standard networking for those without "specific requirements".
Setting static IP in Ubuntu 19.xx
You can use GUI "Settings/Network", and it is simple assuming you know TCP/IP basics and all those numbers for your network (netmask, nameserver, gateway, etc).
Or, you can do everything in text-mode-cmdline style using the netplan, YAML network configuration program. In this case start with editing
/etc/netplan/01-network-manager-all.yaml
Note that this is not just a text file, it's YAML. You don't have to know it, just follow the indentation pattern. After a standard desktop installation it may look like this:
# Let NetworkManager manage all devices on this system network: version: 2 renderer: NetworkManager
You must put in this file something like this:
network: version: 2 renderer: networkd ethernets: enp7s0: dhcp4: no addresses: [192.168.1.92/24] gateway4: 192.168.1.1 nameservers: addresses: [8.8.8.8,8.8.4.4]
(with correct NIC name, IP, gateway, nameservers; though Google nameservers may stay)
To activate these changes, exec:
sudo netplan apply
and check the result with
ip a
Restarting network
No need to say that networking is auto started at system startup. But sometimes you want to restart it without rebooting the system:
sudo systemctl restart NetworkManager.service
or
sudo systemctl stop NetworkManager.service
sudo systemctl start NetworkManager.service
sudo systemctl status NetworkManager.service
The last cmd is not necessary and does not require superuser mode.
Also, you can use nmcli
(NetworkManager Client, cmdline utility):
sudo nmcli networking off
sudo nmcli networking on
Some network-related files and dirs
/etc/NetworkManager/* /etc/netplan/* /etc/network/* /etc/systemd/network/* /etc/systemd/networkd.conf /etc/systemd/resolved.conf /etc/host.conf /etc/hosts /etc/hosts.allow /etc/hosts.deny /etc/networks /etc/nsswitch.conf /etc/resolv.conf (-> /run/systemd/resolve/stub-resolv.conf) /run/systemd/resolve/stub-resolv.conf /run/systemd/resolve/resolv.conf
About network device naming (new approach)
Starting with systemd version 197 Linux systems use automatically assigned, predictable, stable network interface names for all local Ethernet, WLAN and WWAN interfaces. There is no more eth0, eth1, wlan0, etc.
Debian-based distributions use new naming approx since Debian 9, i.e. Ubuntu 18.xx, Ubuntu 19.xx, Ubuntu 20.xx (I'm not sure about earlier). So, just run
ip a
and probably you will see smth like enp7s0 (which may be former
eth0). The result will be the same with ifconfig
, except
ifconfig may be not installed by default
(see net-tools).
The important features ...
You still can force (not described here, see Internet) the old style/scheme, but it looks like sooner or later there'll be no choice.
Net-tools
is the collection of base networking utilities for Linux. It includes
arp
(8), hostname
(1), ifconfig
(8),
ipmaddr
, iptunnel
, mii-tool
(8),
nameif
(8), netstat
(8), plipconfig
(8),
rarp
(8), route
(8) slattach
(8).
These are good old cmds, but due to Linux kernel evolution they are considered by many experts deprecated. For example, Ubuntu Linux 19.xx does not install net-tools pkg by default. It means the time has come to learn new tools, like ip, mtr, nmcli, ss.
arp |
is used to manipulate the kernel's ARP cache, usually to add or delete an entry, or to dump the entire cache |
hostname |
displays or sets system's hostname |
ifconfig |
configures network interfaces |
ipmaddr |
adds, deletes and shows an interface's multicast addresses |
iptunnel |
adds, changes, deletes and shows an interface's tunnels |
mii-tool |
checks or sets the status of a network interface's Media Independent Interface (MII) unit |
nameif |
names network interfaces based on MAC addresses |
netstat |
is used to report network connections, routing tables, and interface statistics |
plipconfig |
is used to fine tune the PLIP device parameters, to improve its performance |
rarp |
is used to manipulate the kernel's RARP table |
route |
is used to manipulate the IP routing table |
slattach |
attaches a network interface to a serial line. This allows you to use normal terminal lines for point-to-point links to other computers |
Miscellaneous network-related cmds
Some of the following cmds/utilities are not included in the popular Linux distributions!
arpwatch
- Ethernet Activity Monitor.
bmon
- bandwidth monitor and rate estimator.
bwm-ng
- live network bandwidth monitor.
curl
- can be used to transfer resources
specified as URLs from/to a server using internet protocols like HTTP, HTTPS, etc.
darkstat
- captures network traffic, shows usage stats.
dhclient
- DHCP client (Dynamic Host Configuration Protocol client).
dig
- gets domain info from the DNS
servers.
dstat
- replacement for vmstat
, iostat
,
mpstat
, netstat
and ifstat
.
ethtool
- a cmdline utility for
querying and modifying ethernet card settings.
gated
- gateway routing daemon.
host
– a simple DNS lookup utility.
hping
- TCP/IP packet assembler/analyzer.
ibmonitor
- shows bandwidth and total data transferred.
ifstat
- reports network interfaces bandwidth.
iftop
- displays bandwidth usage.
ip
- shows and manipulate routing, network
devices, interfaces and tunnels.
iperf3
- network bandwidth measurement tool.
iptables
- configures Linux firewall.
IPTraf
- an IP Network Monitor.
iputils
- set of small useful utilities for Linux networking.
iw
- a new nl80211 based CLI configuration utility for wireless devices.
jwhois
- a client for the whois service.
lsof
- (not exactly network-related utility)
reveals info about network sockets.
mtr
- advanced network diagnostic tool
that combines the functionality of ping
and traceroute
.
ncat
- new implementation of the netcat
.
netcat
- a utility allowing to open
TCP connections, sending UDP pkts, listening on arbitrary TCP/UDP ports, scanning
ports, etc.
nethogs
- a small "net top" tool.
Netperf
- network bandwidth testing.
netsniff-ng
- network analyzer and networking toolkit using
zero-copy mechanisms for network packets.
netstat
- print network connections,
routing tables, statistics, etc.
netwatch
- monitors network connections.
ngrep
- grep
applied to the network layer.
nload
- displays network usage.
nmap
- network security scanner
(network port scanner).
nmcli
- a cmdline tool to report network status, manage network connections,
and control the NetworkManager.
nmtui
- provides a text interface to configure networking by controlling NetworkManager.
nslookup
- allows to query DNS servers interactively.
ping
- tests connectivity between
two systems on a network (sends icmp echo_request to a network host).
route
- displays and manipulates the IP
routing table; it's mainly used to configure static routes to specific hosts or networks
via an interface.
slurm
- network load monitor.
snort
- Network Intrusion Detection and Prevention System.
smokeping
- estimates your network latency.
socat
- establishes two bidirectional byte streams and transfers
data between them.
speedometer
- displays the speed of data transfer across a network.
speedtest-cli
- test internet bandwidth using speedtest.net
ss
- dumps socket statistics and displays
info similar to netstat
; it shows more TCP and state info than other
similar utils.
tcpdump
- a powerful cmdline network sniffer; it is used to capture and
analyze TCP/IP packets transmitted or received over a network on a specific interface.
tcptrack
- displays info about TCP connections on a network interface.
telnet
- user interface to the TELNET protocol (probably outdated
like TELNET).
tracepath
- very similar function to traceroute.
traceroute
- a cmdline utility for
tracing the full path from your local system to another network system.
vnStat
- network traffic monitor.
websocat
- connection forwarder from/to web sockets to/from
usual sockets, in style of socat
.
wget
- advanced non-interactive
network downloader (retrieves files using HTTP, HTTPS, FTP and FTPS).
Wireless Tools for Linux includes iwconfig
, iwlist
,
iwspy
, iwpriv
, ifrename
.
Wireshark - a powerful, versatile, easy to use tool for capturing and analyzing packets in a packet-switched network in real-time.
Media server (miniDLNA)
DLNA (Digital Living Network Alliance) was founded by a group of consumer electronics companies in June 2003 to develop and promote interoperability guidelines for sharing digital media among multimedia devices (smartphones, tablets, PCs, TV sets and storage servers). In a typical use case, a user sends videos, pictures or music from their smartphone or storage server through their home WLAN to a TV set or tablet for display.
DLNA uses UPnP (Universal Plug and Play) for the discovery of networked devices.
MiniDLNA is a simple DLNA/UPnP server. It is a reasonable solution for a home network if you want to use your Smart TV (or tablet) to watch the movies stored on your PC.
Software download (Ubuntu):
sudo apt-get install minidlna
Check you firewall, because MiniDLNA [unless modified] is going to use:
tcp/8200
udp/1900
Edit config file /etc/minidlna.conf. Here is a simple version with a single media dir (all movies in one place):
port=8200 # media_dir=/u04/dvd # media_dir=/u04/avi media_dir=/u02/video friendly_name=DLNA Server db_dir=/var/cache/minidlna log_dir=/var/log inotify=yes enable_tivo=no strict_dlna=no notify_interval=30 serial=12345678 model_number=1
To restart service:
service minidlna restart
To rebuild the database:
service minidlna force-reload
or
/etc/init.d/minidlna force-reload
You must rebuild database each time when you put a new file in media dir (or remove some file from media dir). Usually it takes seconds.
Notification interval is set to 30s, because with default setting (900s), after switching TV on, you may have to wait a long time before your TV discovers DLNA server.
It looks like there is nothing to set on Smart TV except physical connection to your network (Ethernet or Wi-Fi). On Samsung Smart TV you should look for DLNA server under "SmartHub -- AllShares". Usually, I just press a "Source" button on Remote Control, and there it is.
DLNA server regularly anounces its presence, and all DLNA-enabled devices can use it. Typical devices are: Smart TV, smartphone, tablet.
Note:
DLNA is a standard provided by Digital Living Network Alliance, a non-profit collaborative trade organization including many companies in the mobile, consumer electronics, PC, and service provider industries. Alliance has stated the common goal of using standards-based technology to make it easier for consumers to use and share their digital photos, music and videos.
UPnP, Universal Plug and Play is a set of networking protocols that permits networked devices (PCs, printers, gateways, mobile devices, etc) to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment. This is mostly for home networks.
Domain Name System (DNS)
DNS translates human-readable hostnames into numerical IP addresses required by network protocols. Usually DNS server aka name server accepts request on udp/53; client sends name, server returns corresponding IP address. There are:
- classical unicast DNS;
- multicast DNS (mostly for small/home networks);
By definition, the Domain Name System is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private net. It associates various info with domain names assigned to each of the participating entities and translates domain names to the numerical IP addresses which are required by underlying network protocol to locate and identify computer services and devices. DNS provides a worldwide distributed directory service, and it has been an essential component of the Internet since 1985.
DNS delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. This mechanism provides distributed and fault-tolerant service and was designed to avoid a single large central database.
Before DNS, the whole map of name/IP entries was kept in /etc/hosts file which had to be copied to all net hosts after each update. It was OK at the early stages of ARPANET development but not with the millions of network devices connected to modern Internet.
Technically, even now /etc/hosts is the part of the name resolving system. Another important file /etc/nsswitch.conf (name service switch) defines the order in which services are queried for name service lookups, and usually it contains:
passwd: compat group: compat shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
According to the above config the search order is:
- Look in /etc/hosts.
- Try mDNS (multicast DNS).
- Try standard (unicast) DNS.
Since /etc/hosts works with static addresses and does not understand DHCP, the only records it contains may be those related to localhost, and some IPv6 stuff.
127.0.1.1 ws10 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
DNS over HTTPS in Mozilla Firefox
DNS over HTTPS (IETF RFC8484).
Enabling DNS over HTTPS in Mozilla Firefox browser (Cloudflare 1.1.1.1):
- Open Firefox menu (top right corner button) and click Preferences.
- Scroll down to Network Settings and click Settings.
- In the Connection Settings popup check Enable DNS over HTTPS.
- In the dropdown, select Cloudflare (it's default and there is nothing else, at least in Mozilla Firefox 72.x.x). However, you can select Custom and enter the DNS server of your choice (assuming it supports DNS over HTTPS). Some known options are: CleanBrowsing, Google Public DNS, Quad9, Yandex.DNS.
- Click OK and close the preferences window (you don't have to restart your browser).
NFS (Ubuntu 19.04)
NFS Server setup
Maybe it is already installed?
dpkg -l | grep nfs-kernel-server
If not, then, as usually:
sudo apt update
sudo apt install nfs-kernel-server
Now comes a big decision: what to export and how? That is, what directories will be accessible to the clients? Remember that NFS is not a safe technology! The main config file is /etc/exports containing lines
<path> <ipaddr>(<options>)
Let's see an example of /etc/exports. Note that it allows access to some shares from all hosts of the specified network (192.168.1.0/24). This is not the best approach, unless you really want this shared resource to be available to everybody. Whenever it's possible, specify the exact IP addresses. Of course, DHCP makes it inconvenient, but maybe important hosts must have static IPs.
/u01 192.168.1.100(no_root_squash,rw,sync,no_subtree_check) /u02 192.168.1.0/24(rw,sync,no_subtree_check) /u03/mp3 192.168.1.0/24(ro,sync,no_subtree_check) /u04/tmp *(rw,sync,no_subtree_check)
The last line is really bad - read/write access to everybody!
Some options:
- ro - read-only access.
- rw - read/write access.
- sync forces NFS to write changes to disk before replying. This results in a more stable and consistent environment since the reply reflects the actual state of the remote volume. However, it also reduces the speed.
- no_subtree_check prevents subtree checking, a process where the host must check for every request whether the file is still available in the exported tree. This can cause problems when a file opened by the client is renamed, removed, etc. In most cases you need this option.
- no_root_squash allows client's root to access server's files as root. By default (i.e. without this option), NFS translates requests from a client's root into a non-privileged user on the server (nobody:nogroup).
When /etc/exports is ready, and each time when you modify it, run:
sudo exportfs -av
The -a
options means export or unexport all dirs, -v
means verbose. There are others options, e.g. -r
which
means reexport all directories synchronizing /var/lib/nfs/etab
with /etc/exports.
The std cmds to start/stop/restart service:
sudo systemctl start nfs-kernel-server
sudo systemctl stop nfs-kernel-server
sudo systemctl restart nfs-kernel-server
The list of processes related to NFSv4:
- rpc.nfsd - this process is the NFS server. It works with the Linux kernel to meet the dynamic demands of NFS clients, such as providing server threads each time an NFS client connects.
- rpc.rquotad: this process provides user quota info for remote users. It is started auto by the NFS service and does not require user configuration.
- rpc.idmapd — (required for use with NFSv4) this process provides NFSv4 client and server upcalls which map between on-the-wire NFSv4 names (strings in the form of user@domain) and local UIDs and GIDs. It requires /etc/idmapd.conf to be properly configured.
Firewall and ports used by NFS server
In the past, NFS server was using multiple ports, but now (starting with NFSv4?) it only listens to TCP/2049 and does not interact with portmapper, rpc.mountd, rpc.lockd, rpc.statd. Their functionality was moved in the kernel.
Old stuff : NFS Server, Ubuntu 11.xx... (click here to show/hide)
NFS client setup (Ubuntu 19.04)
To access NFS shares you need NFS client pkg:
sudo apt update
sudo apt install nfs-common
Also, you have to create a mount point, an empty directory to mount NFS share on. Let's assume that mount point is /mnt/u02. The following cmds can be used to mount NFS share on this dir:
sudo mount srv2:/u02 /mnt/u02
sudo mount -t nfs srv2:/u02 /mnt/u02
You can use either the server name, like in above example, or the IP address of NFS server. Filesystem type spec is probably superfluous. If you do not know the name of the share, try the following cmd:
showmount -e srv2
showmount -e 192.168.1.22
The -e option means show the NFS server's export list.
If you cannot mount NFS share, make sure your IP is in the list (etc/exports), and server's firewall is configured right, e.g.
nmap -p 2049 srv2
Old stuff : NFS Client, Ubuntu 11.xx... (click here to show/hide)
SMB (Ubuntu 13.xx)
Samba server setup
Standard set:
sudo apt-get install samba samba-common
Samba-related ports (?): UDP 137, 138; TCP 139, 445.
The main Samba config file is /etc/samba/smb.conf. Here's an example Samba server config (stand-alone server / secure read-write file server):
[global] workgroup = WKG netbios name = WS2 server string = %h server (Samba, Ubuntu) log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes map to guest = bad user [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [ws2home] path = /home writeable = yes browseable = no read only = no guest ok = no [u01] path = /u01 browseable = no read only = yes guest ok = no
You should add user to a SMB password file:
smbpasswd -a alex
To activate changes in config:
sudo restart smbd
sudo restart nmbd
Samba client setup
Minimal (required):
sudo apt-get install cifs-utils samba-common
With GUI config and winbind:
sudo apt-get install cifs-utils samba-common system-config-samba samba winbind
Create mount points:
mkdir -p /mnt/ws2home
mkdir -p /mnt/ws2u02
To mount a shared resource:
sudo mount -t cifs //srv2/ws2home /mnt/ws2home -o username=alex
You'll be prompted for password. Also, you can keep password in a secret file, like .smb-auth.dat:
username=alex password=ndjf7rJT9e
Restrict access (actually, it does not help much):
chmod 600 .smb-auth.dat
Credentials (auth) file can be useful if you put mount info in /etc/fstab. The corresponding line should be:
//srv2/ws2home /mnt/ws2home cifs credentials=/home/alex/.smb-auth.dat,rw,noauto,user 0 0
Stopping and disabling Samba server (Ubuntu ??.??)
If you want to stop Samba temporarily:
service smbd stop
service nmbd stop
If you want to prevent Samba server from starting on boot:
mv /etc/init/nmbd.conf /etc/init/nmbd.conf.stop
mv /etc/init/smbd.conf /etc/init/smbd.conf.stop
See also Ubuntu update-rc.d
utility for Sys V services.
Zeroconf
is a collection of tools and protocols allowing networks to configure themselves without user's intervention (at least, it's supposed to work like this).
In other words, zeroconf (or Zero-configuration networking) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It's supposed to be used in small/home networks without dedicated servers (like name server). The three core technologies used for zeroconf are:
- Automatic assignment of numeric network addresses for networked devices. Usually IP addresses are assigned by a DHCP server. If DHCP is not available, then Link-local addressing is used.
- Automatic distribution and resolution of computer hostnames. This can be done by mDNS or LLMNR (Microsoft's Link-local Multicast Name Resolution; it's included in every Windows version starting with Windows Vista). Note that Microsoft's NetBIOS Name Service can also be used with IPv4, but it's not available in IPv6. The Bonjour implementation (mDNSResponder) is included in Android since version 4.1.
- Automatic location of network services, such as printing devices. As mDNS and LLMNR do not provide info about the type of device or its status, other protocols are required for service discovery. WS-Discovery (Web Services Dynamic Discovery) is a technical spec defining a multicast discovery proto to locate services on a local network. It operates over TCP and UDP port 3702 and uses IP multicast address 239.255.255.250. DNS-SD (DNS-based service discovery)a llows clients to discover a named list of service instances, given a service type, and to resolve those services to hostnames using DNS queries. The spec is compatible with unicast DNS server/client software, and it also works well with mDNS.
As you probably noticed, the names of all these technologies start with the word "automatic".
Bonjour
is Apple's implementation of zero-configuration networking. Bonjour locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records. The software comes with Apple's macOS and iOS operating systems. Bonjour can also be installed onto computers running Microsoft Windows.
Initially (2002) it was named Rendezvous (Mac OS X 10.2), and was renamed in 2005 to Bonjour due to some trademark conflict.
Link-local address
A link-local address is a network address that is valid only for communications within the network segment (link) or the broadcast domain that the host is connected to. Link-local addresses are most often assigned automatically through a process known as stateless address autoconfiguration or link-local address autoconfiguration.
Link-local addresses are not guaranteed to be unique beyond a single network segment. Routers therefore do not forward packets with link-local addresses.
For protocols that have only link-local addresses, such as Ethernet, hardware addresses assigned by manufacturers in networking elements are unique, consisting of a vendor identification and a serial identifier.
Link-local addresses for IPv4 are assigned to the address block 169.254.0.0/16, i.e. the range is 169.254.0.0 - 169.254.255.255, but the first/last 256 addresses are reserverd for future. Link-local addresses are assigned to interfaces by host-internal, i.e. stateless, address autoconfig when other means of address assignment (e.g., DHCP) are not available (or failed).
In IPv6 the address block fe80::/10 has been reserved for link-local unicast addressing. Unlike IPv4, IPv6 requires a link-local address on every network interface on which the IPv6 is enabled, even when routable addresses are also assigned. Consequently, IPv6 hosts usually have more than one IPv6 address assigned to each of their IPv6-enabled network interfaces. The link-local address is required for IPv6 sublayer ops of the Neighbor Discovery Protocol and for some other IPv6-based protocols, e.g., DHCPv6.
Multicast DNS (mDNS)
It's a theoretical intro, see practical stuff in Avahi (which is a Linux implementation of mDNS).
The Multicast DNS protocol (RFC 6762), aka mDNS, resolves host names to IP addresses within a small network without a local name server. It's Zeroconf service using essentially the same programming interfaces, packet formats and operating semantics as the standard (unicast) DNS. It was designed as a stand-alone protocol, but it can work in concert with standard DNS servers. mDNS can work in conjunction with DNS-SD (DNS Service Discovery, RFC 6763).
The mDNS uses IP multicast UDP packets (port udp/5353), multicast address 224.0.0.251 for IPv4 and ff02::fb for IPv6 link-local addressing.
When an mDNS client needs to resolve a hostname, it sends an IP multicast query message asking the host having the specified name to identify itself. The target host then multicasts a message including its IP address, and all hosts within that subnet use that info to update their mDNS caches. Any host can relinquish its claim to a domain name by sending a response pkt with TTL = 0.
By default, mDNS only and exclusively resolves host names within TLD (top level domain) local, i.e., host names like *.local. This can cause problems if that domain includes hosts which do not implement mDNS but can be found via standard (unicast) DNS server.
The mDNS is implemented by the Apple Bonjour and open source Avahi software pkgs.
It's also implemented in Android (since 4.1) and MS Windows 10.
However, Android implementation (at least, up to 6.0) does not work as you expect it to work, it's DNS-SD (service discovery), you cannot send a name and receive IP, you can only search for a properly configured service (if there is one). And worse of all, it's not the part of the system, it must be the part of your app: you have to attach the bunch of additional functions to your code; this allows your app to find some service on the target host (by name), and with the help of some tricks to fetch IP address (probably the only thing you need).
Windows 10 implementation is even more limited - it's a service discovery (DNS-SD) capable of discovering network printers only. To be fair, I have not tried it, may be it's not that bad.
Avahi
The Avahi mDNS/DNS-SD [daemon] ("SD" means "service discovery") is an open source implementation of Apple's Zeroconf architecture (see Bonjour).
In Ubuntu Linux avahi-daemon usually works out of the box,
but it's useless until you add .local to your hostname. You can
edit /etc/hostname directly or use some utlity, e.g.
hostname
(ws10 is used just for demo!):
ws10.local
Note that TLD (top-level domain) local has a special meaning, and it should not be used for anything except Zeroconf. Some experts call it pseudo-top-level domain because it's not a legal Internet domain, it's not routable and has no sense beyond LAN.
There is also one important file /etc/avahi/avahi-daemon.conf related to Avahi, which is usually good as it is (with default settings). But if, e.g., you have several network interfaces, you may want to edit that config file and change the lines like allow-interfaces or deny-interfaces. And whenever you change /etc/avahi/avahi-daemon.conf, you must restart Avahi daemon
sudo service avahi-daemon restart
There are some cmds allowing you to see how it works. First of all, try:
ping ws10.local
Also, you should try:
avahi-resolve -v -n ws10.local
avahi-resolve -v -4 -n ws10.local
avahi-resolve -v -6 -n ws10.local
avahi-resolve -v -a 192.168.0.2
If it doesn't work, then maybe Avahi daemon is not running:
ps ax | grep avahi
sudo service avahi-daemon start
Even if Avahi is OK, it still may not work properly because of firewall rules blocking mDNS-related port upd/5353 and/or addresses 224.0.0.251 (ff02::fb for IPv6), and/or link-local ranges 169.254.0.0/16 (fe80::/10 for IPv6).
Avahi : advertising services
Multicast DNS-SD (service discovery) allows programs to publish and discover services available on a local network. To see what is actually available, try one of the following cmds:
avahi-browse -a
avahi-browse -a -r
avahi-browse --all -v
avahi-browse _http._tcp
Service description files are XML files with .service ext and residing in /etc/avahi/services/ dir. For example, to advertise a web-service, you can create web_rest.service with following content:
<?xml version="1.0" standalone='no'?> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="yes">TechService on %h</name> <service> <type>_tech_svc._ws._tcp</type> <port>8443</port> <txt-record>TechService, a RESTful web service for system management</txt-record> </service> </service-group>
Service description rules:
- <service-group> - should contain one <name> and one or more <service> elements.
- <name replace-wildcards="yes">%h
your_service_name</name> - the service
name. If replace-wild‐cards is "yes" (default is "no"), any
occurence of %h will be replaced by the local hostname. When you
detect the service with
dns-sd
or a similar Bonjour discovery tool, it will be displayed like "TechService on ws10.local". -
<service> - contains the service info for exactly one
service type. It can be <service protocol="ipv4"> (or
ipv6, or just any, which is default). It must
contain one <type> and one <port>
element. Optionally it may contain one <domain-name>, one
<host-name>, any number of <subtype>,
any number of <txt-record> elements.
- <type> contains the DNS-SD service type for this service, e.g. _http._tcp. See Avahi Service Types and DNS-SD Service Types.
- <subtype> contains an additional DNS-SD service subtype for this service. e.g. _anon._sub._ftp._tcp.
- <domain-name> - the domain name this service should be registered. By default it's the domain of avahi daemon (usually .local).
- <host-name> - the hostname of the host that provides this service. This must be FQDN (fully-qualified domain name), like ws2.local, resolvable by multicast or unicast DNS. However, it doesn't have to be the part of the domain specified in <domain-name>.
- <port> - the IP port number the service listens on.
- <txt-record> - DNS-SD TXT record data.
If you already have an NFS share, you can make it automountable in Zeroconf-enabled browsers and file managers like macOS Finder, Gnome/Files, etc. Here is a *.service file:
<?xml version="1.0" standalone='no'?> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="yes">NFS Music Share on %h</name> <service> <type>_nfs._tcp</type> <port>2049</port> <txt-record>path=/data/shared/Music</txt-record> </service> </service-group>
ICANN, RIPE NCC, RIR, LIR, etc
The Internet Corporation for Assigned Names and Numbers (ICANN) assigns blocks of Internet resources (IP Resources and AS Numbers / Autonomous System ~) to the RIPE NCC and the other RIRs (Regional Internet Registry).
The Réseaux IP Européens Network Coordination Centre (RIPE NCC) is the Regional Internet Registry for Europe, the Middle East and parts of Central Asia. It is headquartered in Amsterdam, Netherlands. An RIR oversees the allocation and registration of Internet number resources (IPv4 addresses, IPv6 addresses and Autonomous System /AS/ Numbers) in a specific region.
A Local Internet Registry (LIR) is an organization that has been allocated a block of IP addresses by a Regional Internet Registry (RIR), and that assigns most parts of this block to its own customers. Most LIRs are Internet service providers, enterprises, or academic institutions. Membership in an RIR is required to become a LIR.
Provider-aggregatable address space is a block of IP addresses assigned by a Regional Internet Registry to an Internet Service Provider which can be aggregated into a single route advertisement for improved Internet routing efficiency. Unlike provider-independent address space, the end-user of address blocks within a provider-supplied space cannot reuse the addresses if they change up-stream connectivity providers.
Provider-independent address space is a block of IP addresses assigned by a regional Internet registry (RIR) directly to an end-user organization. The user must contract with an Internet service provider to obtain routing of the address block within the Internet. Provider-independent addresses offer end-users the opportunity to change service providers without renumbering of their networks and to use multiple access providers in a multi-homed configuration. However, provider-independent blocks may increase the burden on global routers, as the opportunity for efficient route aggregation through Classless Inter-Domain Routing (CIDR) may not exist.