Networking¶
138 cards — 🟢 43 easy | 🟡 56 medium | 🔴 24 hard
🟢 Easy (43)¶
1. Which port is used for ping command?
Show answer
`ping` uses **ICMP**, specifically **ICMP echo request** and **ICMP echo reply** packets. There is no 'port' associated with **ICMP**. Ports are associated with the two IP transport layer protocols, TCP and UDP. **ICMP**, TCP, and UDP are "siblings"; they are not based on each other, but are three separate protocols that run on top of IP.Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
2. What is a DNS zone and how does it organize domain records?
Show answer
A DNS zone is a logical container that holds all the DNS resource records for a specific domain name.Remember: A=IPv4, AAAA=IPv6, CNAME=alias, MX=mail, NS=nameserver, TXT=text.
3. What is the difference between 127.0.0.1 and localhost?
Show answer
Well, the most likely difference is that you still have to do an actual lookup of localhost somewhere.If you use `127.0.0.1`, then (intelligent) software will just turn that directly into an IP address and use it. Some implementations of `gethostbyname` will detect the dotted format (and presumably the equivalent IPv6 format) and not do a lookup at all.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
4. What is the smallest IPv4 subnet mask that can be applied to a network containing up to 30 devices?
Show answer
Whether you have a standard `/24` VLAN for end users, a `/30` for point-to-point links, or something in between and subnet that must contain up to 30 devices works out to be a `/27` - or a subnet mask of `255.255.255.224`.Remember: /24=256, /16=65536, /8=16M. Formula: 2^(32-prefix).
5. What is the difference between a router and a gateway? What is the default gateway?
Show answer
**Router** describes the general technical function (layer-3 forwarding) or a hardware device intended for that purpose, while gateway describes the function for the local segment (providing connectivity to elsewhere). You could also state that "_you set up a router as gateway_". Another term is hop which describes the forwarding in between subnets.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
6. What is a DNS NS record and what role does it play?
Show answer
A DNS NS (Name Server) record specifies which authoritative DNS servers can answer queries for a domain.Example: `example.com. NS ns1.example.com.` delegates resolution to that nameserver. Every domain must have at least two NS records for redundancy. Mnemonic: A=IPv4, AAAA=IPv6, CNAME=alias, MX=mail, NS=nameserver, TXT=metadata.
7. What are some common HTTP status codes?
Show answer
- **1xx** - Informational responses - communicates transfer protocol-level information- **2xx** - Success - indicates that the client’s request was accepted successfully
- **3xx** - Redirection - indicates that the client must take some additional action in order to complete their request
- **4xx** - Client side error - this category of error status codes points the finger at clients
- **5xx** - Server side error - the server takes responsibility for these error status codes
Remember: 2xx=success, 3xx=redirect, 4xx=client error, 5xx=server. 200/404/500 are key.
8. What is the difference between wget and curl?
Show answer
The main differences are: `wget's` major strong side compared to `curl` is its ability to download recursively. `wget` is command line only. `curl` supports FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, POP3, IMAP, SMTP, RTMP and RTSP.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
9. What is DNS resolution?
Show answer
DNS resolution is the process of translating a domain name (like example.com) to an IP address. The resolution chain: local cache -> /etc/hosts -> recursive resolver -> root nameserver -> TLD nameserver -> authoritative nameserver. This typically completes in milliseconds. Use `dig +trace example.com` to see each step.10. What is a DNS MX record and how does it route email?
Show answer
MX (Mail Exchange) Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain.Remember: A=IPv4, AAAA=IPv6, CNAME=alias, MX=mail, NS=nameserver, TXT=text.
11. What is DNS? What is it used for?
Show answer
DNS (Domain Name Systems) is a protocol used for converting domain names into IP addresses.computer networking (at layer 3 of the OSP model) is done with IP addresses but for as humans it's hard to remember IP addresses, it's much easier to remember names. This why we need something such as DNS to convert any domain name we type into an IP address. You can think on DNS as a huge phonebook or database where each corresponding name has an IP.
12. What is the difference between a VLAN and a subnet? Do you need a VLAN to setup a subnet?
Show answer
**VLANs** and **subnets** solve different problems. **VLANs** work at Layer 2, thereby altering broadcast domains (for instance). Whereas **subnets** are Layer 3 in the current context.**Subnet** - is a range of IP addresses determined by part of an address (often called the network address) and a subnet mask (netmask). For example, if the netmask is `255.255.255.
Remember: /24=256, /16=65536, /8=16M. Formula: 2^(32-prefix).
13. Given the following fqdn, www.blipblop.com, what is the second level domain?
Show answer
`blipblop.com.` is the second level domainRemember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
14. What is a name server?
Show answer
A server which is responsible for resolving DNS queries.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
15. What is a PTR record?
Show answer
While an A record points a domain name to an IP address, a PTR record does the opposite and resolves the IP address to a domain name.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
16. What POP and IMAP are, and how to choose which of them you should implement?
Show answer
POP and IMAP are both protocols for retrieving messages from a mail server to a mail client.**POP** (_Post Office Protocol_) uses a one way push from mail server to client. By default this will send messages to the POP mail client and remove them from the mail server, though it is possible to configure the mail server to retain all messages.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
17. Why should you avoid telnet to administer a system remotely?
Show answer
Modern operating systems have turned off all potentially insecure services by default. On the other hand, some vendors of network devices still allow to establish communication using the telnet protocol.**Telnet** uses most insecure method for communication. It sends data across the network in plain text format and anybody can easily find out the password using the network tool.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
18. Why couldn't MAC addresses be used instead of IPv4/6 for networking?
Show answer
The **OSI** model explains why it doesn't make sense to make routing, a **layer 3** concept, decisions based on a physical, **layer 2**, mechanism.Modern networking is broken into many different layers to accomplish your end to end communication.
Remember: MAC = 48-bit. First 3 bytes=vendor(OUI). Format: AA:BB:CC:DD:EE:FF.
19. What's your networking experience?
Show answer
I've managed DNS, DHCP, HAProxy/Nginx load balancers, routing on Mellanox/Cumulus/HP gear, and firewall/SELinux rules. My strength is troubleshooting: understanding what layer the problem lives in, running packet traces, validating routes, MTU issues, or misconfigured ACLs. I can work comfortably across L2–L7.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
20. What are the most important things to understand about the OSI (or any other) model?
Show answer
The most important things to understand about the **OSI** (or any other) model are:- we can divide up the protocols into layers
- layers provide encapsulation
- layers provide abstraction
- layers decouple functions from others
Remember: 7 layers: Physical, Data Link, Network, Transport, Session, Presentation, App. "Please Do Not Throw Sausage Pizza Away."
21. What is SSH and how does it work?
Show answer
**SSH** stands for **Secure Shell**. It is a protocol that lets you drop from a server "A" into a shell session to a server "B". It allows you interact with your server "B".An **SSH** connection to be established, the remote machine (server A) must be running a piece of software called an **SSH** daemon and the user's computer (server B) must have an **SSH** client.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
22. Given the following fqdn, www.blipblop.com, what is the root?
Show answer
`.` is the rootRemember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
23. How to resolve the domain name (using external dns) with CLI? Can IPs be resolved to domain names?
Show answer
Examples for resolve IP address to domain name:```bash\n# with host command:\nhost domain.com 8.8.8.8\n\n# with dig command:\ndig @9.9.9.9 google.com\n\n# with nslookup command:\nnslookup domain.com 8.8.8.8\n```
You can (sometimes) resolve an IP Address back to a hostname. IP Address can be stored against a **PTR** record.
Remember: DNS port 53. Resolution: cache→hosts→recursive→root→TLD→authoritative.
24. How to test port connectivity with telnet or nc?
Show answer
Test port connectivity with `telnet host port` or `nc -vz host port`.Example: `nc -vz db.example.com 5432` tests PostgreSQL reachability. The `-z` flag in nc does a scan without sending data. Common ports to remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PostgreSQL, 6379=Redis.
25. What is a DNS record?
Show answer
A DNS record is a database entry that maps a domain name to specific data, most commonly an IP address. Record types: A (domain to IPv4), AAAA (domain to IPv6), CNAME (alias to another domain), MX (mail server), NS (authoritative nameserver), TXT (arbitrary text, used for SPF/DKIM/verification). Query with: `dig example.com A`.26. What are the advantages of using a reverse proxy server?
Show answer
**Hide the topology and characteristics of your back-end servers**The **reverse proxy server** can hide the presence and characteristics of the origin server. It acts as an intermediate between internet cloud and web server. It is good for security reason especially when you are using web hosting services.
Remember: Forward=hide client. Reverse=hide server. "Forward=client, Reverse=server."
27. List 5 common network ports you should know.
Show answer
Five essential ports: SMTP (25) — email relay. FTP (20 data transfer, 21 control connection). DNS (53) — name resolution. DHCP (67/UDP server, 68/UDP client) — dynamic IP assignment. SSH (22) — encrypted remote shell access.Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
28. Given the following fqdn, www.blipblop.com, what is the domain?
Show answer
`www.blipblop.com.` is the domainRemember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
29. Most tutorials suggest using SSH key authentication rather than password authentication. Why it is considered more secure?
Show answer
An **SSH key** is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
30. Explain the function of each of the following DNS records: SOA, PTR, A, MX, and CNAME.
Show answer
**DNS records** are basically mapping files that tell the DNS server which IP address each domain is associated with, and how to handle requests sent to each domain. Some **DNS records** syntax that are commonly used in nearly all DNS record configurations are `A`, `AAAA`, `CNAME`, `MX`, `PTR`, `NS`, `SOA`, `SRV`, `TXT`, and `NAPTR`.Remember: A=IPv4, AAAA=IPv6, CNAME=alias, MX=mail, NS=nameserver, TXT=text.
31. What is a CNAME record?
Show answer
CNAME: maps a hostname to another hostname.The target should be a domain name which must have an A or AAAA record. Think of it as an alias record.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
32. What is a AAAA record?
Show answer
An AAAA Record performs the same function as an A Record, but for an IPv6 Address.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
33. What is a domain name registrar?
Show answer
[Cloudflare](https://www.cloudflare.com/en-gb/learning/dns/glossary/what-is-a-domain-name-registrar): "A domain name registrar provides domain name registrations to the general public. A common misconception is that registrars sell domain names; these domain names are actually owned by registries and can only be leased by users."Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
34. What is the resolution sequence of: www.site.com
Show answer
It's resolved in this order:1) .
2) .com
3) site.com
4) www.site.com
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
35. Given the following fqdn, www.blipblop.com, what is the top level domain?
Show answer
`.com.` is the top level domainRemember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
36. How to check default route and routing table?
Show answer
Using the commands `netstat -nr`, `route -n` or `ip route show` we can see the default route and routing tables.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
37. What is a DNS A record and what does it map?
Show answer
A (Address): Maps a host name to an IPv4 address.When a computer has multiple adapter cards and IP addresses, it should have multiple address records.
Remember: A=IPv4, AAAA=IPv6, CNAME=alias, MX=mail, NS=nameserver, TXT=text.
38. Server A can't talk to Server B. Describe possible reasons in a few steps.
Show answer
To troubleshoot communication problems between servers, it is better to ideally follow the TCP/IP stack:1. **Application Layer**: are the services up and running on both servers? Are they correctly configured (eg. bind the correct IP and correct port)? Do application and system logs show meaningful errors?
2.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
39. What is a packet filter and how does it work?
Show answer
**Packet filtering** is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
40. What are the four main header layers in a typical network packet?
Show answer
Ethernet frame (L2), IP header (L3), TCP or UDP header (L4), and application protocol data (L7, e.g., HTTP or DNS). Each layer wraps the payload of the layer above.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
41. What is the difference between an IP address and a port number?
Show answer
An IP address identifies which host on the network should receive the packet (L3 routing). A port number identifies which service or socket on that host should process it (L4 demultiplexing).Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
42. What is the purpose of the TTL field in an IP packet?
Show answer
TTL (Time To Live) is decremented at each router hop. When it reaches zero, the packet is dropped. This prevents packets from circulating forever in routing loops.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
43. Name two protocols that use UDP and explain why.
Show answer
DNS (fast, small queries where retransmit at application layer is simpler) and real-time media like VoIP/video (latency matters more than occasional packet loss; retransmitting stale audio is useless).Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
🟡 Medium (56)¶
1. What is the difference between CORS and CSPs?
Show answer
**CORS** allows the **Same Origin Policy** to be relaxed for a domain.e.g. normally if the user logs into both `example.com` and `example.org`, the Same Origin Policy prevents `example.com` from making an AJAX request to `example.org/current_user/full_user_details` and gaining access to the response.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
2. What does a tcpdump do? How to capture only incoming traffic to your interface?
Show answer
`tcpdump` is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
3. How do you debug network issues on Linux?
Show answer
ip a, ip r, ip link, ss, tcpdump, dig, curl, logs. Start with connectivity and routes, then DNS, then firewall rules, then services.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
4. How do you kill program using e.g. 80 port in Linux?
Show answer
To list any process listening to the port 80:```bash\n# with lsof\nlsof -i:80\n\n# with fuser\nfuser 80/tcp\n```
To kill any process listening to the port 80:
```bash\nkill $(lsof -t -i:80)\n```
or more violently:
```bash\nkill -9 $(lsof -t -i:80)\n```
or with `fuser` command:
```bash\nfuser -k 80/tcp\n```
Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
5. Why does DNS "sometimes" fail?
Show answer
Intermittent DNS failures have several common causes:1. **TTL mismatch**: Cached record expired but new one not fetched
2. **Resolver caching**: Local nscd/systemd-resolved caching stale records
3. **Broken search domains**: `/etc/resolv.conf` search directive causes unexpected lookups
4. **Split-horizon DNS**: Internal vs external DNS returning different results
5.
Remember: DNS port 53. Resolution: cache→hosts→recursive→root→TLD→authoritative.
6. You get curl: (56) TCP connection reset by peer. What steps will you take to solve this problem?
Show answer
- check if the URL is correct, maybe you should add `www` or set correctly `Host:` header? Check also scheme (http or https)- check the domain is resolving into a correct IP address
- enable debug tracing with `--trace-ascii curl.dump`.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
7. How to send an HTTP request using telnet?
Show answer
For example:```bash\ntelnet example.com 80\nTrying 192.168.252.10...\nConnected to example.com.\nEscape character is '^]'.\nGET /questions HTTP/1.0\nHost: example.com\n\nHTTP/1.1 200 OK\nContent-Type: text/html; charset=utf-8\n...\n```
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
8. Explain four types of responses from firewall when scanning with nmap.
Show answer
There might be four types of responses:- **Open port** - few ports in the case of the firewall
- **Closed port** - most ports are closed because of the firewall
- **Filtered** - `nmap` is not sure whether the port is open or not
- **Unfiltered** - `nmap` can access the port but is still confused about the open status of the port
Remember: Types: packet filter(L3/4), stateful(connections), WAF(L7). Defense in depth.
9. What is the purpose of Spanning Tree?
Show answer
This protocol operates at layer 2 of the OSI model with the purpose of preventing loops on the network. Without **STP**, a redundant switch deployment would create broadcast storms that cripple even the most robust networks. There are several iterations based on the original IEEE 802.1D standard; each operates slightly different than the others while largely accomplishing the same loop-free goal.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
10. Explain DNS Records TTL
Show answer
[varonis.com](https://www.varonis.com/blog/dns-ttl): "DNS TTL (time to live) is a setting that tells the DNS resolver how long to cache a query before requesting a new one. The information gathered is then stored in the cache of the recursive or local resolver for the TTL before it reaches back out to collect new, updated details."Remember: A=IPv4, AAAA=IPv6, CNAME=alias, MX=mail, NS=nameserver, TXT=text.
11. True or False? DNS can be used for load balancing
Show answer
True. DNS round-robin returns multiple IPs for a hostname in rotating order, distributing requests across servers. It's simple but lacks health checking — use a proper load balancer for production.Remember: DNS port 53. Resolution: cache→hosts→recursive→root→TLD→authoritative.
12. Developer uses private key on the server to deploy app through ssh. Why it is incorrect behavior and what is the better (but not ideal) solution in such situations?
Show answer
You have the private key for your personal account. The server needs your public key so that it can verify that your private key for the account you are trying to use is authorized.The whole point with private keys is that they are private, meaning only you have your private key. If someone takes over your private key, it will be able to impersonate you any time he wants.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
13. Is DNS using TCP or UDP?
Show answer
DNS uses UDP port 53 for resolving queries either regular or reverse. DNS uses TCP for zone transfer.Remember: TCP=reliable/ordered/connected. UDP=fast/unreliable. TCP for web, UDP for DNS/video.
14. According to an HTTP monitor, a website is down. You're able to telnet to the port, so how do you resolve it?
Show answer
If you can telnet to the port, this means that the service listening on the port is running and you can connect to it (it's not a networking problem). It is good to check this way for the IP address to which the domain is resolved and using the same domain to test connection.Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
15. Describe DNS resolution workflow in high-level
Show answer
In general the process is as follows:* The user types an address in the web browser (some_site.com)
* The operating system gets a request from the browser to translate the address the user entered
* A query created to check if a local entry of the address exists in the system.
Remember: DNS port 53. Resolution: cache→hosts→recursive→root→TLD→authoritative.
16. Dev team reports an error: POST http://ws.int/api/v1/Submit/ resulted in a 413 Request Entity Too Large. What's wrong?
Show answer
**Modify NGINX configuration file for domain**Set correct `client_max_body_size` variable value:
```bash\nclient_max_body_size 20M;\n```
Restart Nginx to apply the changes.
**Modify php.ini file for upload limits**
Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
17. How to allow traffic to/from specific IP with iptables?
Show answer
For example:```bash\n/sbin/iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX -j ACCEPT\n/sbin/iptables -A OUTPUT -p tcp -d XXX.XXX.XXX.XXX -j ACCEPT\n```
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
18. What types of DNS records are there?
Show answer
* A* CNAME
* PTR
* MX
* AAAA
...
A more detailed list, can be found [here](https://www.nslookup.io/learning/dns-record-types)
Remember: A=IPv4, AAAA=IPv6, CNAME=alias, MX=mail, NS=nameserver, TXT=text.
19. What is the difference between TCP retransmits and packet loss?
Show answer
They're related but not the same:**Packet loss**: Network-level event - packets dropped by router, switch, NIC, or firewall.
**TCP retransmits**: TCP's response to perceived loss (timeout or duplicate ACKs). TCP retransmits when it thinks packets were lost.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
20. Analyse web server log and show only 5xx http codes. What external tools do you use?
Show answer
```bash\ntail -n 100 -f /path/to/logfile | grep "HTTP/[1-2].[0-1]\" [5]"\n```Examples of http/https log management tools:
- **goaccess** - is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser
- **graylog** - is a free and open-source log management platform that supports in-depth log collection and analysis
Remember: 2xx=success, 3xx=redirect, 4xx=client error, 5xx=server. 200/404/500 are key.
21. Explain the TCP three-way handshake and why it's necessary.
Show answer
The three-way handshake establishes a TCP connection between client and server.It ensures both sides are ready to communicate and synchronizes sequence numbers.
The process:
1. SYN: Client sends SYN packet with initial sequence number (ISN)
2. SYN-ACK: Server responds with SYN-ACK, its own ISN, and ACKs client's ISN
3.
Remember: TCP 3-way: SYN→SYN-ACK→ACK. Teardown: FIN→ACK, FIN→ACK (4-way).
22. How does Linux routing actually work?
Show answer
Linux routing follows this order:1. **Longest prefix match**: Most specific route wins from the routing table
2. **Policy routing** (if configured): Rules in `ip rule` can override normal lookup
3. **ARP/neighbor resolution**: Once next-hop determined, resolve MAC address
```bash
# View routing table
ip route show
# View routing decision for specific destination
ip route get 8.8.8.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
23. What is NAT? What is it used for?
Show answer
It enables private IP networks that use unregistered IP addresses to connect to the Internet. **NAT** operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses, before packets are forwarded to another network.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
24. How to check which ports are listening on my Linux Server?
Show answer
Use the:- `lsof -i`
- `ss -l`
- `netstat -atn` - for tcp
- `netstat -aun` - for udp
- `netstat -tulapn`
Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
25. Explain the difference between HTTP 1.1 and HTTP 2.0
Show answer
HTTP/2 introduces major performance improvements over HTTP/1.1:HTTP/1.1:
- Text-based protocol
- One request per connection (or pipelining)
- Head-of-line blocking
- Headers sent every request (redundant)
- Multiple connections per domain (6 typical)
HTTP/2:
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
26. Why is UDP faster than TCP?
Show answer
**UDP** is faster than **TCP**, and the simple reason is because its nonexistent acknowledge packet (`ACK`) that permits a continuous packet stream, instead of TCP that acknowledges a set of packets, calculated by using the TCP window size and round-trip time (`RTT`).Remember: TCP=reliable/ordered/connected. UDP=fast/unreliable. TCP for web, UDP for DNS/video.
27. How to block abusive IP addresses with pf in OpenBSD?
Show answer
The best way to do this is to define a table and create a rule to block the hosts, in `pf.conf`:```bash\ntable
And then dynamically add/delete IP addresses from it:
```bash\npfctl -t badhosts -T add 1.2.3.4\npfctl -t badhosts -T delete 1.2.3.4\n```
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
28. What is handshake mechanism and why do we need 3 way handshake?
Show answer
**Handshaking** begins when one device sends a message to another device indicating that it wants to establish a communications channel. The two devices then send several messages back and forth that enable them to agree on a communications protocol.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
29. What mean Host key verification failed when you connect to the remote host? Do you accept it automatically?
Show answer
`Host key verification failed` means that the host key of the remote host was changed. This can easily happen when connecting to a computer who's host keys in `/etc/ssh` have changed if that computer was upgraded without copying its old host keys.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
30. What types of zones are there?
Show answer
There are several types, including:* Primary zone: A primary zone is a read/write zone that is stored in a master DNS server.
* Secondary zone: A secondary zone is a read-only copy of a primary zone that is stored in a slave DNS server.
* Stub zone: A stub zone is a type of zone that contains only the essential information about a domain name. It is used to reduce the amount of DNS traffic and improve the efficiency of the DNS resolution process.
31. Which techniques a DNS can use for load balancing?
Show answer
There are several techniques that a DNS can use for load balancing, including:* Round-robin DNS
* Weighted round-robin DNS
* Least connections
* GeoDNS
Remember: DNS port 53. Resolution: cache→hosts→recursive→root→TLD→authoritative.
32. Walk through what happens when you type a URL in your browser (DNS resolution).
Show answer
When you enter example.com, here's the DNS resolution process:1. Browser Cache: Check if IP is cached locally
2. OS Cache: Check system DNS cache (/etc/hosts, systemd-resolved)
3. Resolver Query: If not cached, query configured DNS resolver
Recursive resolution (by resolver):
4. Root Servers: Resolver asks root servers (.) for .com nameservers
5. TLD Servers: Ask .
Remember: DNS port 53. Resolution: cache→hosts→recursive→root→TLD→authoritative.
33. When does the web server like Apache or Nginx write info to log file? Before or after serving the request?
Show answer
Both servers provides very comprehensive and flexible logging capabilities - for logging everything that happens on your server, from the initial request, through the URL mapping process, to the final resolution of the connection, including any errors that may have occurred in the process.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
34. Name three features TCP provides that UDP does not.
Show answer
Connection state (established sessions), ordered delivery (sequence numbers ensure correct order), and automatic retransmission of lost packets. UDP trades these for lower overhead and latency.Remember: TCP=reliable/ordered/connected. UDP=fast/unreliable. TCP for web, UDP for DNS/video.
35. Describe the typical journey of an HTTP request from browser to server.
Show answer
1. DNS resolves hostname to IP.2. TCP three-way handshake (SYN, SYN-ACK, ACK).
3. TLS handshake if HTTPS.
4. HTTP request sent.
5. Server processes and sends HTTP response.
6. Packets traverse routers using IP forwarding at each hop.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
36. What do routers primarily use to make forwarding decisions?
Show answer
The destination IP address in the IP header. Routers consult their routing table to determine the next hop. They do not typically look at ports or application-layer data (unless doing deep packet inspection or NAT).Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
37. What is the systematic approach to debugging a network connectivity failure?
Show answer
Work through layers: 1. Does DNS resolve? (dig) 2. Is the IP reachable? (ping) 3. Is the port open? (nc, telnet) 4. Does TCP connect? (curl, ss) 5. Does TLS succeed? (openssl s_client) 6. Does HTTP respond correctly? (curl -v)Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
38. What role does a home router play in the packet journey?
Show answer
It acts as the default gateway and typically performs NAT (Network Address Translation), rewriting private source IPs to the public IP for outgoing traffic and reversing for return traffic. It connects the local LAN to the ISP.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
39. Have you been involved in the procurement process for data center equipment and services?
Show answer
• Needs Assessment: Collaborate with relevant stakeholders to assess the specific needs and requirements for data center equipment and services. • Vendor Evaluation: Participate in the evaluation of vendors, considering factors such as performance, reliability, cost, and support services. • Budget Planning: Contribute to budget planning by providing insights into the estimated costs of equipment and services. • Request for Proposals (RFPs): Assist in the creation of RFPs, ensuring they clearly articulate the specifications and expectations for potential vendors.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
40. How do you ensure that documentation for server configurations is accurate and up-to-date?
Show answer
• Version Control: Use version control systems for documentation to track changes and updates, ensuring a clear history of configurations. • Change Management: Require documentation updates as part of the change management process, ensuring any configuration changes are reflected promptly. • Automated Documentation Tools: Implement tools that automatically generate documentation based on real-time server configurations, reducing manual efforts and minimizing errors.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
41. What steps do you take to maintain an inventory of all servers and networking equipment?
Show answer
• Asset Discovery: Regularly conduct asset discovery scans to identify all servers and networking equipment connected to the data center network. • Asset Tracking: Implement an asset tracking system that records details such as make, model, serial number, location, and owner for each server and networking device. • Automated Tools: Utilize automated inventory management tools that can continuously monitor the network and update the inventory database in real-time.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
42. How do you handle conflicting priorities and requests from different teams?
Show answer
• Prioritization Framework: Establish a prioritization framework based on business impact, urgency, and strategic importance to guide decision-making. • Collaborative Discussions: Engage in open and transparent discussions with teams to understand the urgency and impact of their requests. • Communication: Clearly communicate the reasons behind prioritization decisions to ensure teams understand the rationale. • Stakeholder Alignment: Align with key stakeholders and leadership to ensure a unified approach to prioritization.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
43. How do you handle environmental considerations like temperature and humidity in a data center?
Show answer
Handling temperature and humidity in a data center is crucial for maintaining optimal conditions for hardware performance and longevity. Here's how a Data Center Engineer might handle these considerations: • **Temperature Control:* • Air Conditioning Systems: Implementing precision air conditioning systems to regulate and maintain the temperature within the recommended range. • **Hot Aisle/Cold Aisle Configuration:* • Designing server racks in a way that optimizes airflow and reduces hotspots.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
44. Walk us through your approach to troubleshooting a server that is experiencing intermittent connectivity issues.
Show answer
• Define the Problem: • Gather information about the specific connectivity issues reported. • Identify affected users, applications, or services. • Check Physical Connections: • Ensure physical connections, such as network cables and power cables, are secure. • Review Network Configurations: • Examine network configurations, including IP addresses, DNS settings, and subnet masks. • Ping and Traceroute: • Use tools like ping and traceroute to identify where connectivity issues may be occurring.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
45. Discuss your experience with high-availability configurations and clustering in a data center.
Show answer
• Load Balancing: Implemented load balancing configurations to distribute incoming traffic across multiple servers, ensuring optimal resource utilization and preventing single points of failure. • Redundant Networking: Configured redundant networking infrastructure, including multiple network paths and switches, to enhance network availability and resilience. • Server Clustering: Implemented server clustering using technologies such as Microsoft Failover Clustering or Linux-based clustering solutions to achieve high availability for critical applications.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
46. Explain the concept of edge computing and its relevance to data center operations.
Show answer
Edge computing involves processing data closer to the source of data generation, reducing latency by decentralizing computation and storage resources. • Relevance to Data Centers: Edge computing complements traditional centralized data centers by distributing processing capabilities to the network edge, addressing the limitations of latency-sensitive applications. **Key Components:* • • In edge computing, data processing occurs on devices or edge servers located near the data source, reducing the need for data to travel to a centralized data center.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
47. Discuss the concept of load balancing in a data center network.
Show answer
Load balancing is the distribution of network traffic across multiple servers or paths to ensure that no single server or network link is overwhelmed with too much traffic. The primary purpose of load balancing is to improve the availability, reliability, and performance of applications by distributing the workload across multiple resources. **How it Works:* • • Distribution Algorithms: Load balancers use various distribution algorithms (round-robin, least connections, weighted distribution, etc.) to determine how to distribute incoming traffic among the available servers.48. What tools and techniques do you use for diagnosing network latency issues?
Show answer
• Ping and Traceroute: Use ping to measure round-trip time and traceroute to identify network hops and potential latency points. • Network Monitoring Tools: Utilize network monitoring tools like Wireshark, Nagios, or SolarWinds to capture and analyze network traffic for latency issues. • PathPing: Use pathping to trace the route to a destination and measure packet loss and latency at each hop. • Packet Loss Analysis: Analyze packet loss rates, as high packet loss can contribute to latency.Remember: 7 layers: Physical, Data Link, Network, Transport, Session, Presentation, App. "Please Do Not Throw Sausage Pizza Away."
49. Discuss your experience in negotiating contracts with data center equipment vendors.
Show answer
• Requirement Identification: Thoroughly identify and document the organization's requirements and priorities before entering contract negotiations to ensure clarity and alignment with business objectives. • Benchmarking and Market Research: Conduct benchmarking and market research to understand industry standards, pricing models, and common terms, providing a basis for informed negotiations. • Multiple Vendor Engagement: Engage with multiple vendors to create competition, allowing for negotiation leverage and potentially securing more favorable terms and pricing.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
50. How do you mitigate DDoS (Distributed Denial of Service) attacks in a data center?
Show answer
Mitigating DDoS attacks involves implementing a combination of proactive and reactive measures: • **Traffic Scrubbing:* • Utilize DDoS mitigation services or appliances that can identify and filter out malicious traffic, allowing only legitimate traffic to reach the data center. • **Rate Limiting and Throttling:* • Implement rate limiting and throttling mechanisms to control the incoming traffic, preventing a sudden surge that could overwhelm the network.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
51. Discuss the benefits of Infrastructure as Code (IaC) in data center operations.
Show answer
Infrastructure as Code (IaC) transforms infrastructure management into code, providing numerous benefits: **Consistency:* • IaC ensures consistency in infrastructure deployment by representing configurations as code, reducing the risk of configuration drift. **Automation:* • IaC automates the provisioning and management of infrastructure, enabling rapid and repeatable deployments. **Version Control:* • Infrastructure configurations are stored in version control systems, allowing for versioning, rollback, and collaboration among team members.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
52. Have you worked on cross-functional projects involving data center upgrades or migrations?
Show answer
Yes, I have experience working on cross-functional projects involving data center upgrades and migrations. In one instance, our organization decided to migrate from an on-premises data center to a cloud-based solution. • Project Planning: Collaborated with system administrators, network engineers, and cloud architects during the project planning phase to outline goals, timelines, and resource requirements. • Risk Assessment: Conducted a comprehensive risk assessment to identify potential challenges and develop mitigation strategies.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
53. How do you prioritize systems and services during a disaster recovery scenario?
Show answer
Prioritizing systems and services during a disaster recovery scenario involves the following steps: • Criticality Assessment: Evaluate the criticality of each system and service to the business. Identify those essential for core business operations. • Recovery Time Objectives (RTO): Assign RTOs to each system based on business needs. Prioritize systems with shorter RTOs. • Dependencies: Consider dependencies between systems. Prioritize systems that are prerequisites for others or have significant interdependencies. • Customer Impact: Assess the impact on customers and end-users.54. How do you optimize storage performance in a data center?
Show answer
• **Storage Tiering:* • Implement storage tiering to place frequently accessed data on high-performance storage and less accessed data on lower-tier, cost-effective storage. • **Caching:* • Use caching mechanisms, such as SSD-based caching, to accelerate read and write operations by storing frequently accessed data in faster storage. • **RAID Configuration:* • Choose an appropriate RAID configuration based on performance and redundancy requirements. For example, RAID 10 provides both performance and redundancy.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
55. Explain the importance of effective communication in a data center team.
Show answer
• Coordination: Effective communication fosters coordination among team members, ensuring everyone is on the same page regarding tasks, timelines, and goals. • Issue Resolution: Clear communication facilitates quick identification and resolution of issues, preventing potential escalations. • Knowledge Sharing: Team members can share insights, best practices, and lessons learned, fostering a culture of continuous learning and improvement. • Project Alignment: Communication aligns team members with the objectives and priorities of ongoing projects, promoting a unified approach.Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
56. Explain the differences between traditional data center management and cloud-based data center management.
Show answer
• Infrastructure Ownership: Traditional data center management involves owning and maintaining physical infrastructure, while cloud-based data center management relies on infrastructure provided by a third-party cloud service provider. • Scalability and Elasticity: Cloud-based data center management offers greater scalability and elasticity, allowing rapid scaling up or down based on demand, which is more challenging in traditional environments.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
🔴 Hard (24)¶
1. What is the proper way to test NFS performance? Prepare a short checklist.
Show answer
The best benchmark is always "the application(s) that you normally use". The load on a NFS system when you have 20 people simultaneously compiling a Linux kernel is completely different from a bunch of people logging in at the same time or the accounts uses as "home directories for the local web-server".But we have some good tools for testing this.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
2. Create SPF records for your site to help control spam.
Show answer
* Start with the SPF version, this part defines the record as SPF. An SPF record should always start with the version number v=spf1 (version 1) this tag defines the record as SPF. There used to be a second version of SPF (called: SenderID), but this was discontinued.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
3. You should rewrite POST with payload to an external API but the POST requests loose the parameters passed on the URL. How to fix this problem (e.g. in Nginx) and what are the reasons for this behavior?
Show answer
The issue is that external redirects will never resend **POST** data. This is written into the HTTP spec (check the `3xx` section). Any client that does do this is violating the spec.**POST** data is passed in the body of the request, which gets dropped if you do a standard redirect.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
4. Developer says: htaccess is full of magic and it should be used. What is your opinion about using htaccess files? How has this effect on the web app
Show answer
`.htaccess` files were born out of an era when shared hosting was commonplace:- sysadmins needed a way to allow multiple clients to access their server under different accounts, with different configurations for their websites.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
5. What are the security risks of setting Access-Control-Allow-Origin?
Show answer
By responding with `Access-Control-Allow-Origin: *`, the requested resource allows sharing with every origin. This basically means that any site can send an XHR request to your site and access the server’s response which would not be the case if you hadn’t implemented this CORS response.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
6. Developer reports a problem with connectivity to the remote service. Use /dev for troubleshooting.
Show answer
```bash\n#Remember: 22=SSH, 53=DNS, 80=HTTP, 443=HTTPS, 3306=MySQL, 5432=PG.
7. You need to block several IPs from the same subnet. What is the most efficient way for the system to traverse the iptables rule set or the black-hole route?
Show answer
If you have a system with thousands of routes defined in the routing table and nothing in the iptables rules than it might actually be more efficient to input an iptables rule.In most systems however the routing table is fairly small, in cases like this it is actually more efficient to use null routes. This is especially true if you already have extensive iptables rules in place.
Remember: /24=256, /16=65536, /8=16M. Formula: 2^(32-prefix).
8. How are cookies passed in the HTTP protocol?
Show answer
The server sends the following in its response header to set a cookie field:`Set-Cookie:name=value`
If there is a cookie set, then the browser sends the following in its request header:
`Cookie:name=value`
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
9. Create a single-use TCP or UDP proxy with netcat.
Show answer
```bash\n### TCP -> TCP\nnc -l -p 2000 -c "nc [ip|hostname] 3000"\n\n### TCP -> UDP\nnc -l -p 2000 -c "nc -u [ip|hostname] 3000"\n\n### UDP -> UDP\nnc -l -u -p 2000 -c "nc -u [ip|hostname] 3000"\n\n### UDP -> TCP\nnc -l -u -p 2000 -c "nc [ip|hostname] 3000"\n```Remember: TCP=reliable/ordered/connected. UDP=fast/unreliable. TCP for web, UDP for DNS/video.
10. If you try resolve hostname you get NXDOMAIN from host command. Your resolv.conf stores two nameservers but only second of this store this domain name. Why did not the local resolver check the second nameserver?
Show answer
**NXDOMAIN** is nothing but non-existent Internet or Intranet domain name. If domain name is unable to resolved using the DNS, a condition called the **NXDOMAIN** occurred.The default behavior for `resolv.conf` and the `resolver` is to try the servers in the order listed. The resolver will only try the next nameserver if the first nameserver times out.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
11. What is the difference between an authoritative and a nonauthoritative answer to a DNS query?
Show answer
An authoritative DNS query answer comes from the server that contains the zone files for the domain queried. This is the name server that the domain administrator set up the DNS records on. A nonauthoriative answer comes from a name server that does not host the domain zone files (for example, a commonly used name server has the answer cached such as Google's 8.8.8.8 or OpenDNS 208.67.222.222).Remember: DNS port 53. Resolution: cache→hosts→recursive→root→TLD→authoritative.
12. How do you debug intermittent network drops?
Show answer
Systematic approach across layers:1. **Interface errors**:
```bash\nip -s link show eth0\nethtool -S eth0 | grep -i error\n```
2. **MTU mismatches**: Path MTU discovery issues cause intermittent failures
```bash\nping -M do -s 1472 destination\n```
3. **Bonding/LACP state**: Check both sides match
```bash\ncat /proc/net/bonding/bond0\n```
4.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
13. Explain 3 techniques for avoiding firewalls with nmap.
Show answer
**Use Decoy addresses**```bash\n# Generates a random number of decoys.\nnmap -D RND:10 [target]\n\n# Manually specify the IP addresses of the decoys.\nnmap -D decoy1,decoy2,decoy3\n```
In this type of scan you can instruct Nmap to spoof packets from other hosts.
Remember: Types: packet filter(L3/4), stateful(connections), WAF(L7). Defense in depth.
14. Does having Varnish in front of your website/app mean you don't need to care about load balancing or redundancy?
Show answer
It depends. Varnish is a cache server, so its purpose is to cache contents and to act as a reverse proxy, to speed up retrieval of data and to lessen the load on the webserver.Varnish can be also configured as a load-balancer for multiple web servers, but if we use just one Varnish server, this will become our single point of failure on our infrastructure.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
15. What types of dns cache working when you type api.example.com in your browser and press return?
Show answer
Browser checks if the domain is in its cache (to see the DNS Cache in Chrome, go to `chrome://net-internals/#dns`). When this cache fails, it simply asks the OS to resolve the domain.The OS resolver has it's own cache which it will check. If it fails this, it resorts to asking the OS configured DNS servers.
Remember: DNS port 53. Resolution: cache→hosts→recursive→root→TLD→authoritative.
16. How to run scp with a second remote host?
Show answer
With `ssh`:```bash\nssh user1@remote1 'ssh user2@remote2 "cat file"' > file\n```
With `tar` (with compression):
```bash\nssh user1@remote1 'ssh user2@remote2 "cd path2; tar cj file"' | tar xj\n```
With `ssh` and port forwarding tunnel:
```bash\n# First, open the tunnel\nssh -L 1234:remote2:22 -p 45678 user1@remote1\n\n# Then, use the tunnel to copy the file directly from remote2\nscp -P 1234 user2@localhost:file .\n```
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
17. Why can increasing MTU actually reduce throughput?
Show answer
Path MTU mismatches cause fragmentation or black-holed packets.The problem:
1. Path MTU mismatch
- Your server: MTU 9000 (jumbo frames)
- Intermediate router: MTU 1500
- Packets too big to forward
2. ICMP black holes
- Router should send "Fragmentation Needed"
- Firewalls often block ICMP
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
18. Is it safe to use SNI SSL in production? How to test connection with and without it? In which cases it is useful?
Show answer
With OpenSSL:```bash
# Testing connection to remote host (with SNI support)
echo | openssl s_client -showcerts -servername google.com -connect google.com:443
# Testing connection to remote host (without SNI support)
echo | openssl s_client -connect google.
Remember: TLS 1.3 current. ClientHello→ServerHello→Key Exchange→Encrypted. Port 443.
19. What is the difference between Cache-Control: max-age=0 and Cache-Control: no-cache?
Show answer
**When sent by the origin server**`max-age=0` simply tells caches (and user agents) the response is stale from the get-go and so they SHOULD revalidate the response (e.g. with the If-Not-Modified header) before using a cached copy, whereas, `no-cache` tells them they MUST revalidate before using a cached copy.
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
20. How can you reduce load time of a dynamic website?
Show answer
- webpage optimization- cached web pages
- quality web hosting
- compressed text files
- apache/nginx tuning
Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
21. What are hits, misses, and hit-for-pass in Varnish Cache?
Show answer
A **hit** is a request which is successfully served from the cache, a **miss** is a request that goes through the cache but finds an empty cache and therefore has to be fetched from the origin, the **hit-for-pass** comes in when Varnish Cache realizes that one of the objects it has requested is uncacheable and will result in a pass.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
22. How do I measure request and response times at once using curl?
Show answer
`curl` supports formatted output for the details of the request (see the `curl` manpage for details, under `-w| -write-out 'format'`). For our purposes we’ll focus just on the timing details that are provided.Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.
23. Is it possible to have SSL certificate for IP address, not domain name?
Show answer
It is possible (but rarely used) as long as it is a public IP address.An SSL certificate is typically issued to a Fully Qualified Domain Name (FQDN) such as `https://www.domain.com`. However, some organizations need an SSL certificate issued to a public IP address. This option allows you to specify a public IP address as the Common Name in your Certificate Signing Request (CSR).
Remember: TLS 1.3 current. ClientHello→ServerHello→Key Exchange→Encrypted. Port 443.
24. What five questions do packet headers collectively answer?
Show answer
Where did this come from? (source IP/MAC) Where is it going? (destination IP/MAC) Which protocol is next? (protocol field) Which service should receive it? (port) How long can it live? (TTL)Remember: OSI helps debug: check L1(physical)→L7(app). Most issues: DNS, firewall, routing.
Gotcha: Network troubleshooting: check DNS, firewall, routing first — covers 90% of issues.