Networking Questions

Overview

Base on: Linux System Administrator/DevOps Interview Questions
This page contains ideas on how to answer questions. The answers are not absolutely accurate, please, consider to double-check yourself.

What is localhost and why would ping localhost fail?

localhost is a hostname that refers to the current computer used to access it. It is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses any local network interface hardware. ping localhost fail?:
not proper configuration lo interface, or firewall rules

What is the similarity between "ping" & "traceroute" ? How is traceroute able to find the hops.

• ping - check if the destination server is online and estimates how long it takes to send and receive data to the destination traceroute - the exact route you take to reach the server from your computer(ISP) and how long each hop takes.
• traceroute works by sending the packets of data with low survival time (TTL) which specifies how many steps (hops) can the packet survive before it is returned. When a packet can’t reach the final destination and expires at an intermediate step, that node returns the packet and identifies itself. So, by increasing the TTL gradually, Traceroute is able to identify the intermediate hosts

What is the command used to show all open ports and/or socket connections on a machine?

1netstat -lntu 
2netstat -tulpn | grep LISTEN
3ss -tulpn
4lsof -i -P -n | grep LISTEN
5# https://www.cyberciti.biz/faq/how-to-check-open-ports-in-linux-using-the-cli/

Is 300.168.0.123 a valid IPv4 address?

No, octet can't be more than 255

Which IP ranges/subnets are "private" or "non-routable" (RFC 1918)?

• 10.0.0.0/8 IP addresses: 10.0.0.0 – 10.255.255.255
• 172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
• 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255

What is a VLAN?

A logical subnetwork that groups a collection of devices from different physical LANs.
https://www.lifewire.com/virtual-local-area-network-817357

What is ARP and what is it used for?

ARP stands for Address Resolution Protocol. The primary function of this protocol is to resolve the IP address of a system to its mac address.
arp -a # print the current content of the ARP table

What is the difference between TCP and UDP?

• TCP is reliable as it guarantees delivery of data to the destination router.(slower)
• The delivery of data to the destination cannot be guaranteed in UDP.(faster)

What is the purpose of a default gateway?

A default gateway is the node in a computer network using the internet protocol suite that serves as the forwarding host (router) to other networks when no other route specification matches the destination IP address of a packet.

What is command used to show the routing table on a Linux box?

1ip route (ip r)
2netstat -r
3route -n

A TCP connection on a network can be uniquely defined by 4 things. What are those things?

• remote-ip-address
• remote-port
• source-ip-address
• source-port

When a client running a web browser connects to a web server, what is the source port and what is the destination port of the connection?

• source port - depends on browser
• destination port 80 or 443
  https://stackoverflow.com/a/2957847

How do you add an IPv6 address to a specific interface?

1Same commands as for ipv4:
2ip -6 addr add <ipv6address>/<prefixlength> dev <interface>
3ip -6 addr add 3ffe:ffff:0:f101::1/64 dev eth0
4ifconfig eth0 inet6 add 3ffe:ffff:0:f101::1/64

sendmsg: operation not permitted. what could be wrong?

You have added an IPv4 and IPv6 address to interface eth0. A ping to the v4 address is working but a ping to the v6 address gives you the response sendmsg: operation not permitted. What could be wrong?

firewall blocks traffic ipv6

What is SNAT and when should it be used?

SNAT changes the private IP address of the source host to public IP address. It may also change the source port in the TCP/UDP headers. SNAT is typically used by internal users to access the Internet.
https://unix.stackexchange.com/a/21968
https://ipwithease.com/snat-vs-dnat/
https://worldtechit.com/what-is-snat-in-f5-load-balancing-snat-vs-inline-what-is-nat/

Explain how could you ssh login into a Linux system that DROPs all new incoming packets using a SSH tunnel.

Reverse SSH* (not sure...)

How do you stop a DDoS attack?

In Linux context we can use fail2ban, firewall, check multiple connections & http headers and other. https://linoxide.com/firewall/how-to-ddos-in-linux/

How can you see content of an ip packet?

• tcpdump https://danielmiessler.com/study/tcpdump/
• wireshark

What is IPoAC (RFC 1149)?

It's a joke RFC
https://en.wikipedia.org/wiki/IP_over_Avian_Carriers

What will happen when you bind port 0?

Bind TCP on port 0 indicates a request to dynamically generate an unused port number
(zero - means select any available local port)
https://unix.stackexchange.com/a/180500