Macafee interview questions

======================
What happens when you connect your lan cable to the laptop
TCP retransmit-y does it happen
DHCP message -how do they get transmitted if DHCP server is in a different subnet
In corporate networks .. some websites are blocked and when we use certain proxy servers we
get access- How does this work
Real life examples of IGMP
Who adds the vlan tag -host or switch
Vlan-trunk and router
Vlan access ports and trunk ports
Http web port
In vsphere any one can delete vms how can we stop that
Vswitch concept
MPLS and VPN security
How hosts select source ports
When host doesn’t have IP what ip does it use when sending DHCP messages
What are the ports beyond 1023 called. Below are well known so beyond?

Import os and from os import *. What is the difference?

Real life examples of tuple. Why tuple and list are needed? Why two different things?
How does python know to look for user defined modules
What are builtin functions and how can we know what they are
How to install missing packages
What is encapsulation
What is method overloading and operator overloading
Write a program using add operator overloading to add matrix
What is lamba and example with map function
What is init method in a class and what is self
What is inheritance
Where are log files stored in windows and linux

Linux questions
===========
How to find a process and kill it
How to change access permissions for a user
How to find a string in a file
Awk command usage
Grep and piping
How to forcefully kill a process
How to replace contents of a file without using vi editor
Where are log files or events stored in windows and linux
How to check the ram utilisation in linux
How to check utilisation in linux
How to install packages in linux
Vmware questions
==============
1)If there are 10vms in private network and only one has two nics and access to public
network,how will the other 9 vmx communicate to the public network
Ans:Share

You said:
If there are 10vms in private network and only one has two nics and access to public
network,how will the other 9 vms communicate to the public network

ChatGPT said:
ChatGPT

In this scenario, you have 10 VMs in a private network, and only one VM has two network
interfaces (NICs)—one connected to the private network and the other to the public network.
The other 9 VMs can communicate with the public network through network address
translation (NAT) or routing set up on the dual-NIC VM.

Solution Approaches:

1.​ NAT (Network Address Translation) on the Dual-NIC VM (Acting as a Gateway)

○​ The VM with two NICs can be configured as a NAT gateway.
○​ The private VMs will forward their traffic to the gateway.
○​ The gateway will modify the source IP to its own public-facing IP and send the
traffic to the public network.
○​ The public network responds to the gateway, which then forwards the response
back to the originating VM.
2.​ IP Forwarding & Routing
○​ Enable IP forwarding on the dual-NIC VM.
○​ Set up static routes on the private VMs to forward all external traffic to the
gateway VM.
○​ Configure firewall rules (like iptables on Linux or Windows Routing and Remote
Access) to allow forwarding of traffic between the private and public networks.
3.​ Proxy Server (e.g., Squid, HAProxy)
○​ The dual-NIC VM can run a proxy server.
○​ The 9 VMs would configure their applications to use this proxy for internet
access.
4.​ VPN or SOCKS Proxy
○​ A VPN or SOCKS proxy can be set up on the dual-NIC VM, allowing private VMs
 to tunnel their traffic through it to access the public network.

Which is Best?

●​ If the VMs need full internet access: NAT with IP forwarding.

●​ If only HTTP/HTTPS access is needed: A proxy server.
●​ If secure remote access is required: VPN or SOCKS proxy.

🚧
2)
Ans:1. Firewall Rules (Security Groups, IPTables, Firewalld)

●​ The firewall on the VM or in the network may be blocking SSH (port 22).

Check using:​
bash​
CopyEdit​
sudo iptables -L -n
sudo firewall-cmd --list-all # (For Firewalld)

●​
●​ Fix:

Allow SSH:​
bash​
CopyEdit​
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

○​

2. SSH Service Not Running 🛑

●​ The SSH daemon may not be running on the VM.

Check using:​
bash​
CopyEdit​
sudo systemctl status sshd # (Linux)

●​

Fix:​
bash​
CopyEdit​
sudo systemctl start sshd
sudo systemctl enable sshd

●​

3. Wrong SSH Configuration (sshd_config) 🛠

●​ The SSH daemon may be listening on a different port or restricted to specific IPs.

Check using:​
bash​
CopyEdit​
sudo cat /etc/ssh/sshd_config | grep -E "Port|ListenAddress"

●​
●​ Fix:

Ensure SSH is set to listen on Port 22:​

bash​
CopyEdit​
sudo sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config
sudo systemctl restart sshd

○​
○​ If "AllowUsers" is set, ensure your username is allowed.

4. Network Routing Issues 🌐

●​ If the VM is in a private network, it may not have the correct route to allow SSH traffic.

Check:​
bash​
CopyEdit​
ip route

●​

5. SELinux Restrictions 🔒
●​ SELinux may be enforcing rules that block SSH.

Check using:​
bash​
CopyEdit​
getenforce

●​

Fix:​
bash​
CopyEdit​
sudo setenforce 0 # Temporarily disable SELinux

●​

6. Incorrect SSH Key or Password Issues 🔑

●​ If using key-based authentication, the key may be missing or incorrect.

Check:​
bash​
CopyEdit​
ls -lah ~/.ssh/

●​
●​ Fix:
○​ Ensure the public key is added to ~/.ssh/authorized_keys on the remote
VM.

7. SSH Port Blocked by Network Security Policies 🔐

●​ Some cloud providers block SSH (port 22) by default in security groups or network
ACLs.
●​ Fix:
○​ Open the required ports in the cloud provider’s firewall.

Next Steps:

1.​ Run nc -zv <VM-IP> 22 from your local machine to check if the SSH port is open.
2.​ Check logs using:​
bash​
CopyEdit​
sudo journalctl -xe | grep ssh
3)How does hypervisor now which vm to send data when all vms are downloading the same
thing from internet.
Ans:When 10 VMs on an ESXi host request the same data, the ESXi host handles the network
traffic using its virtual networking stack. Here’s how it determines where to send the data:

1. Virtual Switch (vSwitch) Handling

●​ Each VM has a virtual network adapter (vNIC) connected to a virtual switch (vSwitch)
inside the ESXi host.
●​ The vSwitch behaves like a physical switch, forwarding packets based on MAC
addresses.

2. MAC Address Learning

●​ The vSwitch maintains a MAC address table that maps VM MAC addresses to their
corresponding virtual switch ports.
●​ When data arrives, the vSwitch looks up the destination MAC address and forwards the
packet to the correct VM.

3. Multicast and Broadcast Handling

●​ If multiple VMs request the same data from an external source (e.g., a web server), the
network stack ensures each request is sent out individually unless caching or multicast
optimization is used.
●​ If the data is multicast-enabled, the ESXi host can use IGMP snooping to optimize
delivery.

4. Storage and Network Optimization

●​ If multiple VMs request the same data from a shared storage system (e.g., NFS,
iSCSI, or vSAN), the storage backend might cache or optimize responses.
●​ If the data is fetched from an external network, network-layer caching (e.g., a proxy
server or CDN) might reduce duplicate requests.

5. Content-Based Optimization (vSphere Features)

●​ Content-Based Read Caching (CBRC): If the data is read from a virtual disk, VMware’s
CBRC can cache frequently accessed blocks in RAM.
●​ VMkernel Routing: If VMs use different subnets, the ESXi VMkernel routes packets
appropriately.

In short, the ESXi host knows where to send the data based on the destination MAC
addresses stored in the vSwitch and optimizes performance through caching and multicast
handling when applicable.

4)What protocol does a switch use to detect when a host is connected to it.

A switch detects when a host is connected using several key protocols and mechanisms,
including:

1. ARP (Address Resolution Protocol)

●​ When a new host connects and tries to communicate on the network, it sends an ARP
request to find the MAC address of another device.
●​ The switch learns the MAC address of the new host when it sees the ARP response
and updates its MAC address table.

2. STP (Spanning Tree Protocol)

●​ If STP is enabled, the switch may detect the new connection by sending BPDU (Bridge
Protocol Data Unit) packets.
●​ Helps prevent network loops and ensures a stable topology.

3. LLDP (Link Layer Discovery Protocol) / CDP (Cisco Discovery Protocol)

●​ LLDP (vendor-neutral) and CDP (Cisco-specific) are discovery protocols that allow the
switch to identify directly connected devices.
●​ Periodically sends LLDP or CDP packets to detect and gather information about
connected hosts.

4. DHCP Requests

●​ If the new host needs an IP address, it sends a DHCP Discover packet.

●​ The switch detects this traffic and updates its MAC address table.

5. MAC Address Learning (Layer 2 Forwarding)

●​ The switch learns about a host when it receives any Ethernet frame from the host.
●​ The switch records the source MAC address in its MAC address table and associates
it with the port.

6. Auto-Negotiation (Physical Layer)

●​ When a device is plugged in, the switch and the host exchange Auto-Negotiation
 signals to determine:
○​ Speed (e.g., 10/100/1000 Mbps)
○​ Duplex mode (Full/Half)

Summary

●​ Layer 1 (Physical): Auto-Negotiation detects cable connection.

●​ Layer 2 (Data Link): Switch learns MAC addresses from ARP, DHCP, or normal traffic.
●​ Discovery Protocols: LLDP/CDP help detect connected devices.
●​ Spanning Tree (STP): Detects network topology changes.

5)H1---->SW1--->R1-->sw2-->H2
|
SW3
|
H2
Initially H2 is connected to SW2 and ping works. Now is H2 is removed from SW2 and

🚀
connected to SW3, how does the path get updated.
Ans:Gratuitous ARP (GARP) Explained

A Gratuitous ARP (GARP) is a special unsolicited ARP request or reply that a device sends
to inform the network of its MAC-IP binding.

Why is Gratuitous ARP Important?

✅ Updates ARP tables quickly – Notifies switches and routers of a new MAC address
✅ Prevents duplicate IP conflicts – Helps detect if another device is using the same IP.​
location.​

✅ Ensures high availability (VRRP/HSRP) – Used in failover scenarios to update the active
✅ Optimizes network convergence – Useful when moving a host to a new switch.
gateway’s MAC.​

How Does Gratuitous ARP Work?

A device sends a broadcast ARP request where:

●​ The source IP = device's own IP

●​ The destination IP = device's own IP
 ●​ All hosts receive the GARP and update their ARP tables.

Example ARP Packet:

ruby
CopyEdit
Sender MAC: AA:BB:CC:DD:EE:FF
Sender IP: 192.168.1.10
Target MAC: FF:FF:FF:FF:FF:FF (Broadcast)
Target IP: 192.168.1.10 (Same as sender IP)

🔍 This tells all devices:​

💡 "Hey, I (192.168.1.10) am now at AA:BB:CC:DD:EE:FF!"
Where is Gratuitous ARP Used?

1️⃣ Host Moves (Switch Migration) – Updates the new switch’s MAC table.​
2️⃣ Failover (VRRP, HSRP, FHRP) – Virtual IP moves between redundant gateways.​
3️⃣ IP Conflict Detection – Alerts if two hosts claim the same IP.​
4️⃣ Load Balancers – Tells network devices that the VIP (Virtual IP) is on a new machine.

1. MAC Address Table Aging (Switch Updates)

●​ Switches maintain a MAC address table (CAM table) that maps MAC addresses to
specific ports.
●​ When the host was initially connected, Switch 1 learned its MAC address and
associated it with Port X.
●​ After moving the host to Switch 2, Switch 1 stops receiving frames from the host.
●​ Switch 1 does not immediately remove the MAC address but waits for the aging
timer to expire (default ~300 seconds).
●​ Meanwhile, Switch 2 learns the new port for the MAC address when the host sends
any traffic.

2. MAC Address Learning on the New Switch

●​ When the host connects to Switch 2 and sends any traffic (like an ARP request, DHCP
request, or even a simple ping):
○​ Switch 2 receives the frame and learns the host's MAC address.
○​ The MAC address is now associated with the new port on Switch 2.
○​ Switch 2 updates its MAC address table.
3. Traffic Forwarding (Flush and Update)

●​ If another device (or router) tries to send traffic to the host:

○​ The old switch (Switch 1) still has the outdated MAC entry and will initially try
to send traffic there.
○​ When no response is received, Switch 1 floods the frame (acting as if the host
is unknown).
○​ The first time the host responds (on Switch 2), the correct switch learns the
new location.
○​ Routers or Layer 3 switches update their ARP tables after detecting a new
MAC-to-port mapping.

4. ARP Table Update (If Needed)

●​ If the host’s IP address remains the same, devices that previously communicated with
it still have the old MAC entry in their ARP cache.
●​ The sender may send traffic to the wrong switch until:
○​ The ARP entry times out (~5 min on most systems).
○​ The host sends an unsolicited ARP or a new ARP request to refresh caches.

5. STP and Network Loops (If Multiple Switches Are Connected)

●​ If both switches are connected via a trunk link, Spanning Tree Protocol (STP)
ensures there are no loops.
●​ The new switch can forward traffic correctly without causing a broadcast storm.

Summary:

●​ Switch 1 stops receiving traffic → MAC entry expires.

●​ Switch 2 learns the new port when the host sends traffic.
●​ Other devices update their ARP cache after receiving the host's new MAC
location.

This process typically takes a few seconds, but optimizations like ARP gratuitous updates or
Rapid STP (RSTP) can speed it up.
6)H1-->sw1---------sw2--->h2
​ Sw1---------sw2
Does loop happen and if yes how to avoid it. And retain bandwidth
7) how does load sharing happen in lacp

Ruckus interview questions

=====================
1: in tcp what is the need for third ACK in the 3-way handshake?

Why is the Third ACK Needed in the TCP 3-Way Handshake?

The TCP 3-way handshake is used to establish a reliable connection between a client and a
server. It consists of:

1️⃣ SYN (Synchronize) → Client requests a connection.​

2️⃣ SYN-ACK (Synchronize-Acknowledge) → Server acknowledges and responds.​
3️⃣ ACK (Acknowledge) → Client confirms receipt and establishes the connection.

Purpose of the Third ACK

The third ACK in the handshake (sent by the client) serves two critical purposes:

1. Confirms That the Client Received the Server’s SYN-ACK

●​ The SYN-ACK is sent by the server to acknowledge the client’s initial SYN request and
also includes its own SYN to establish a bidirectional connection.
●​ The client sends an ACK to confirm that it received the SYN-ACK successfully.
●​ Without this, the server wouldn’t know whether the client actually received its response.

2. Completes the Full-Duplex Connection

●​ TCP is full-duplex, meaning both sides must establish their ability to send and receive
data.
●​ The first two messages (SYN → SYN-ACK) ensure that both parties agree on the
connection.
●​ The third message (ACK) guarantees that both parties are now ready to communicate.
What If the Third ACK Was Missing?

If the client doesn’t send the final ACK, the server will keep waiting, assuming the handshake

🔸
isn’t complete.​

🔸
Eventually, the server will timeout and retransmit the SYN-ACK.​
If too many retries fail, the connection attempt is dropped.

Analogy:

📞
Imagine a phone call:​

📞
Caller: “Hello, can we talk?” (SYN)​

📞 ✅
Receiver: “Yes, I can hear you. Can you hear me?” (SYN-ACK)​
Caller: “Yes, I can hear you too!” (ACK)

Without the third confirmation, the receiver isn’t sure if the caller can hear them.

Conclusion

The third ACK ensures a reliable, bidirectional connection where both parties can send and
receive data. It finalizes the handshake so that data transmission can begin.

Would you like to see a Wireshark capture of the 3-way handshake? 😊

4o

You said:
yes

ChatGPT said:
ChatGPT

Wireshark Capture of TCP 3-Way Handshake 📡

Let's analyze a Wireshark capture of the TCP 3-way handshake between a client and a
server.

🔹 Step 1: Start Wireshark

 1.​ Open Wireshark.
2.​ Select the network interface you want to monitor (e.g., Ethernet, Wi-Fi).

Apply the following capture filter to focus only on TCP handshakes:​

CopyEdit​
tcp.flags.syn==1 or tcp.flags.ack==1

3.​
4.​ Click Start Capture and initiate a connection (e.g., open a webpage or SSH session).

🔹 Step 2: Observe the 3-Way Handshake

After capturing packets, look for three consecutive TCP packets:

No Time Source Destination Protoc Info

. ol

1️⃣ 0.000 Client Server TCP SYN (Seq=0, Flags=[SYN])

s (192.168.1.10) (192.168.1.1)

2️⃣ 0.002 Server Client TCP SYN-ACK (Seq=0, Ack=1,

s (192.168.1.1) (192.168.1.10) Flags=[SYN, ACK])

3️⃣ 0.004 Client Server TCP ACK (Seq=1, Ack=1,

s (192.168.1.10) (192.168.1.1) Flags=[ACK])

🔹 Step 3: Breakdown of Each Packet

1️⃣ SYN (Client → Server)

●​ The client initiates the handshake by sending a SYN packet.

●​ This contains:
○​ Sequence number (Seq=0) → First byte in this session.
○​ Flags = SYN → Requesting a connection.
○​ MSS, Window size, TCP Options (like timestamps, selective ACKs).

2️⃣ SYN-ACK (Server → Client)

●​ The server responds with SYN-ACK:

○​ Acknowledges (Ack=1) → Confirms client’s SYN.
○​ Sends its own SYN (Seq=0) → Requests bidirectional connection.
 ○​ Flags = SYN, ACK.

3️⃣ ACK (Client → Server)

●​ The client completes the handshake:

○​ Ack=1 → Confirms receipt of server's SYN.
○​ Flags = ACK → Connection is established.

✅ At this point, data transfer can begin!

🔹 Step 4: Filter Handshake Packets

To refine the view in Wireshark, use this display filter:

CopyEdit
tcp.flags.syn==1 or tcp.flags.ack==1

OR for a full handshake:

go
CopyEdit
tcp.flags.syn==1 || tcp.flags.ack==1 && tcp.len==0

🔹 Step 5: Practical Test

📌
To manually trigger and analyze a TCP handshake, use:​
On Linux/macOS:

bash
CopyEdit
telnet 192.168.1.1 80 # Connect to a web server (port 80)

📌 On Windows (CMD):
powershell
CopyEdit
Test-NetConnection -ComputerName 192.168.1.1 -Port 80
📌 On both (force new TCP connection):
bash
CopyEdit
curl -v http://192.168.1.1

Conclusion

The third ACK ensures a reliable, bidirectional connection before data transfer begins.
Wireshark helps visualize the handshake, making it easier to debug network issues!

2) in STP what does packets are sent other than hello

3) If there is a topology change how does stp come to know abt it
4)what are the different states of ports in stp and their importance
5) difference between tcp and udp, their header size and header fields
6) Where does 802.1q tag come in the ethernet frame
7) what is layer 2
8)how does ping work when hosts are in two different networks
9) ARP packet structure
10)How does the dhcp server know which ip address needs to be assigned to the host when it
is serving different subnets

🏢🌍
How Does a DHCP Server Assign IP Addresses to Hosts in Different
Subnets?

A DHCP (Dynamic Host Configuration Protocol) server can serve multiple subnets by
determining which subnet a DHCP request originates from. Here’s how it works:

1️⃣ Directly Connected DHCP Server (Same Subnet)

If the DHCP server is in the same subnet as the client:

●​ The DHCP server listens on that subnet.

●​ It assigns an IP from the pool of that subnet based on availability.
●​ Example:
○​ Subnet: 192.168.1.0/24
○​ Available IPs: 192.168.1.100 – 192.168.1.200
 ○​ Client requests → Server assigns 192.168.1.101.

2️⃣ DHCP Relay (When Server Is in a Different Subnet)

If the DHCP server is not in the same subnet as the client, a DHCP relay agent (IP Helper
Address) helps forward requests.

🔹 How It Works:
1.​ The client broadcasts a DHCP Discover (255.255.255.255), but it doesn’t cross
routers.
2.​ The router (or switch with DHCP relay) intercepts the request.
3.​ The router forwards the request to the central DHCP server with the "GIADDR"
(Gateway IP Address) field set.
4.​ The DHCP server uses GIADDR to determine the correct subnet and assigns an IP
from the appropriate pool.
5.​ The server sends the DHCP Offer back to the relay agent.
6.​ The relay agent forwards it to the client.

📌 Example:
●​ Client Subnet: 192.168.2.0/24
●​ Router (Relay Agent IP): 192.168.2.1
●​ DHCP Server (Centralized): 192.168.1.100
●​ When the DHCP server sees GIADDR = 192.168.2.1, it knows to assign an IP from
192.168.2.0/24.

3️⃣ VLANs and DHCP (Per Subnet Pools)

In enterprise networks with VLANs, each VLAN is assigned a separate subnet and DHCP
pool.

🔹 Example Setup:
●​ VLAN 10 (Users) → 192.168.10.0/24 → Pool:
192.168.10.100-192.168.10.200
●​ VLAN 20 (Guests) → 192.168.20.0/24 → Pool:
192.168.20.100-192.168.20.200
●​ VLAN 30 (VoIP Phones) → 192.168.30.0/24 → Pool:
192.168.30.100-192.168.30.200
When a client in VLAN 20 requests an IP, the GIADDR (Gateway IP) in the request tells the
DHCP server to assign an IP from the VLAN 20 pool.

📌 On a Cisco Router/Switch (DHCP Relay Setup):

bash
CopyEdit
interface vlan 20
ip address 192.168.20.1 255.255.255.0
ip helper-address 192.168.1.100 # Forward DHCP requests

4️⃣ DHCP Server Configuration for Multiple Subnets

A DHCP server must be configured with separate pools for each subnet. Example for a
Linux-based ISC DHCP Server:

📌 DHCP Server Config (/etc/dhcp/dhcpd.conf)

bash
CopyEdit
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.200;
option routers 192.168.10.1;
}

subnet 192.168.20.0 netmask 255.255.255.0 {

range 192.168.20.100 192.168.20.200;
option routers 192.168.20.1;
}

➡ When a request comes in with GIADDR = 192.168.20.1, the server assigns an IP from the
192.168.20.0/24 pool.

🚀 Summary
✅ Direct Subnet: DHCP server directly assigns an IP.​
✅ Relay Agent (GIADDR): Helps DHCP servers identify the correct subnet.​
✅ VLANs & IP Helper: Used in large networks to map requests to the right pool.​
✅ Configured Pools: DHCP server maintains multiple subnet IP pools.
Would you like a packet capture example with Wireshark? 😊

4o

You said:
yes

ChatGPT said:
ChatGPT

Wireshark Capture of DHCP in Multiple Subnets (Using DHCP Relay) 📡

Let's analyze a Wireshark capture of a DHCP request from a client in a different subnet,
handled by a DHCP relay agent.

🔹 Step 1: Start Wireshark and Apply a Filter

1.​ Open Wireshark.
2.​ Select the network interface (e.g., Ethernet, Wi-Fi, VLAN interface).

Apply the following display filter to focus on DHCP packets:​

CopyEdit​
bootp || dhcp
OR more specific to DHCP relay:​
vbnet​
CopyEdit​
bootp.option.dhcp == 1 && bootp.giaddr != 0.0.0.0

3.​

🔹 Step 2: Capture the DHCP Process

A client from a different subnet (e.g., VLAN 20: 192.168.20.0/24) requests an IP via DHCP
relay.

No Time Source Destination Protoc Info

. ol
1️⃣ 0.000 Client (0.0.0.0) 255.255.255.25 DHCP DHCP Discover (Who can
s 5 give me an IP?)

2️⃣ 0.001 Relay Agent DHCP Server DHCP DHCP Discover

s (192.168.20.1) (192.168.1.100) (Relayed) with
GIADDR=192.168.20.1

3️⃣ 0.002 DHCP Server Relay Agent DHCP DHCP Offer (Take
s (192.168.1.10 (192.168.20.1) 192.168.20.101!)
0)

4️⃣ 0.003 Relay Agent Client DHCP DHCP Offer (Relayed)

s (192.168.20.1) (255.255.255.25
5)

5️⃣ 0.004 Client (0.0.0.0) 255.255.255.25 DHCP DHCP Request (I want

s 5 192.168.20.101)

6️⃣ 0.005 Relay Agent DHCP Server DHCP DHCP Request (Relayed)
s (192.168.20.1) (192.168.1.100)

7️⃣ 0.006 DHCP Server Relay Agent DHCP DHCP ACK (Confirmed,
s (192.168.1.10 (192.168.20.1) use 192.168.20.101)
0)

8️⃣ 0.007 Relay Agent Client DHCP DHCP ACK (Relayed)

s (192.168.20.1) (255.255.255.25
5)

🔹 Step 3: Breakdown of Key Wireshark Fields

🟢 DHCP Discover (Client → Broadcast)
●​ Source IP: 0.0.0.0
●​ Destination IP: 255.255.255.255
●​ Bootp Flags: Broadcast
●​ Message Type: DHCP Discover
●​ GIADDR (Gateway IP Address): 0.0.0.0 (Direct request)

🟡 DHCP Discover (Relay Agent → DHCP Server)

●​ Source IP: 192.168.20.1 (Relay Agent)
●​ Destination IP: 192.168.1.100 (DHCP Server)
 ●​ GIADDR: 192.168.20.1 (Server uses this to identify the correct pool)

🟠 DHCP Offer (Server → Relay Agent)

●​ Your (client) IP: 192.168.20.101
●​ Subnet Mask: 255.255.255.0
●​ Router (Gateway): 192.168.20.1
●​ GIADDR: 192.168.20.1 (Ensures correct subnet pool is used)

🔵 DHCP ACK (Server → Relay Agent → Client)

●​ Assigned IP: 192.168.20.101
●​ Lease Time: 86400 seconds (24 hours)
●​ Router: 192.168.20.1
●​ DNS Server: 8.8.8.8

11) how does a dhcp server assign ip to a host which is in a different vlan than itself
12)what are access and trunk links
13) does the vlan tag come on both access and trunk links or only one.
14)if tcp if a portion of the data is missing, will it retransmit the entire thing again or only the
missing part
15) what is selective retransmission in tcp
16) dhcp port numbers..which is client and which is server
17) multicast there are three versions what is the difference and what is multicast
18) what is PIM
19) If there are any tweaks we can make to keep a non-responding legacy hosts in the group
membership
s

Basic n/w concepts

==============
1. OSI refrence model and use of layers
2. TCP/IP model and its use
3. Differece betn OSI and TCP/IP. Why two layers?
4. difference betn hub , bridge n switch.
5. Collison domanin and broadcast domain
6. why vlan is required?
7. why vlan when multicast is there?
8. what is the logic behind assigning MAC addresses?
9. When u give authentication in gtlak, it happens in which layer?
10. diffen hardware address and NIC card address
11. how many collision domains are there in a switch
12. presenstation encrytion ---is what encryption.?
13. layer 7 --wht protocols?
19. dhcp pakcet format
20. y dhcp request needs to be a broadcast msg?
21. dhcp braodcast msg is heard by all servers or everybody?
22. if u don't need the ip, wht msg is sent in dhcp?
23. ipv6 and v4 diff?
24. wht is subnet mask?
of pattern, aft arriving at the 1st pattern, how do u go to the next? Is there any other way other
than "n".
30. how a client will select the server in a dhcp process/
31. diff betn access port and trunk port?
32. what is an access point?
33. does vlan divide a broadcast domain?
34. diffrence betn bridge and switch is ....switch has more ports. BRidge is a software
implementation. switch working is based on hardware implementation , so it is more faster...asic
circuits are present in switch hardware.
35.​ What is the difference between IGMP snooping and IGMP proxy
36.​ ICMP protocol
37. how does a ping message go from one n/w to another.
38. ​ When priority is there, why is DSCP P-bit mapping required?
-> ​ DHCP process/ packet format/ options used in DHCP/debugging of DHCP
​ ARP
7.​ Collision domain and broadcast domain
8.​ How does a layer 2 switch work
9.​ Lag – to have ports in LAG, what are the properties the ports should have?
10.​ Vlan concepts/diff betn access port and trunk port
11.​ can communication happen betn two diff vlans
12.​ QOS—strict priority and weighted round robin
13.​ IGMP protocol, different versions and IGMP address mapping
14.​ ethernet frame and fields in Vlan tag.
15.​ is igmp snooping layer 2 or layer 3?
Layer 2
17.​ Why adhoc testing is also called random testing ?
Adhoc Testing is done without executing the test cases and sequential steps are not followed to
perform so the approach is random.that is why it is called adhoc testing which is also called
random testing.

18.​ What is equivalence partitioning and boundary value analysis? Y they are needed?
19.​ What is the testing methodology followed in ur project?
20.​ Why is vlan translation required? What does it do?
21.​ What is the maximum no. of users FTTU system can support?
22.​ What is the maximum bandwidth per user?
23.​ Where is the OLT located in the actual n/w.
24. INVITE client transaction state machine diagram? What are the timers involved in this?
25. Stateless proxy and stateful proxy.
26. what is the value of max-forwards
27. main headers in sip . Why via header is needed?
28. What is the use of DHCP relay agent? The DHCP msgs sent by relay agent or broadcast or
unicast?
29. 3 switches are interconnected. lacp and stp is enabled. how does it work?
30. what is natting? diff types of natting and how it works.
31. what is the diff betn rip v1 and v2?
32. host->s/w->router->IGMp server---> how does igmp work in this scenario?
33. if default gateway is not configured, is it possible to route a packet to different n/w?
34. what is proxy arp?
35. wht is edge router?
36. will router understand vlan?
37. in ppoe, after pADI, pADO, PADR, PADS....which pkt flows next?
38. wht does lcp pkt contain?
39. auntentication takes place in which phase of pppoe?
40. IGMP host-> router-> router-> igmp server? HOw does igmp work here>?
41. What is rarp?
42. why does ospf doesn't require loop avoidance?
43. practical implementation of urgent pointer in tcp?
44. practical implementation of reset pointer in tcp?
45. If host A can ping host b, but host b cannot ping host A, wht will be the issue? ( the back
path may not be updated in the routing table)
46. wht are the features of ipv6? why we need ipv6?
47. wht will happen if a link fails in a switch enabled with stp?
48. wht is virtual link?
49. wht do u mean by half-close in tcp connection?
50. suppose a pkt is getting fragmented, where will the re-assembly happen?
51. arp request is encapsulated in a ethernet frame, then what will be the destn mac then?
52. Are there any keep alive msgs in pppoe?
-> Difference betn DHCP and dns? How are they interrelated.

SIP
====

53. y ACK msg is needed in sip? wht if ACK msg is not sent?
54. why is the request line and to address field same in an invite request msg? Y the same thing
is given in two places?
55. Why ACK msg is treated as a separate tarnsaction in basic call flow?
56. strict routing and loose routing?
57. Use of ACK to INVITE

--> for 3 Way handshake

58. SIP Hold C=0.0.0.0 & attribute=send recv!!!

59. Call timesout after 200 OK, what would be the response? --> The transaction will be
cancelled

60. There are differences between B2BUA and Proxy Servers! Find it out

61. How is call handled when media supported by both parties are different?
415 Unsupported Media Type

24. INVITE client transaction state machine diagram? What are the timers involved in this?
17.1.1 INVITE Client Transaction

17.1.1.1 Overview of INVITE Transaction

The INVITE transaction consists of a three-way handshake. The client

transaction sends an INVITE, the server transaction sends responses,
and the client transaction sends an ACK. For unreliable transports
(such as UDP), the client transaction retransmits requests at an
interval that starts at T1 seconds and doubles after every
retransmission. T1 is an estimate of the round-trip time (RTT), and
it defaults to 500 ms. Nearly all of the transaction timers
described here scale with T1, and changing T1 adjusts their values.
The request is not retransmitted over reliable transports. After
receiving a 1xx response, any retransmissions cease altogether, and
the client waits for further responses. The server transaction can
send additional 1xx responses, which are not transmitted reliably by
the server transaction. Eventually, the server transaction decides
to send a final response. For unreliable transports, that response
is retransmitted periodically, and for reliable transports, it is
sent once. For each final response that is received at the client
transaction, the client transaction sends an ACK, the purpose of
which is to quench retransmissions of the response.

17.1.1.2 Formal Description

The state machine for the INVITE client transaction is shown in

Figure 5. The initial state, "calling", MUST be entered when the TU
 initiates a new client transaction with an INVITE request. The
client transaction MUST pass the request to the transport layer for
transmission (see Section 18). If an unreliable transport is being
used, the client transaction MUST start timer A with a value of T1.
If a reliable transport is being used, the client transaction SHOULD
NOT start timer A (Timer A controls request retransmissions). For
any transport, the client transaction MUST start timer B with a value
of 64*T1 seconds (Timer B controls transaction timeouts).

When timer A fires, the client transaction MUST retransmit the

request by passing it to the transport layer, and MUST reset the
timer with a value of 2*T1. The formal definition of retransmit

Rosenberg, et. al. Standards Track [Page 125]

RFC 3261 SIP: Session Initiation Protocol June 2002

within the context of the transaction layer is to take the message

previously sent to the transport layer and pass it to the transport
layer once more.

When timer A fires 2*T1 seconds later, the request MUST be

retransmitted again (assuming the client transaction is still in this
state). This process MUST continue so that the request is
retransmitted with intervals that double after each transmission.
These retransmissions SHOULD only be done while the client
transaction is in the "calling" state.

The default value for T1 is 500 ms. T1 is an estimate of the RTT

between the client and server transactions. Elements MAY (though it
is NOT RECOMMENDED) use smaller values of T1 within closed, private
networks that do not permit general Internet connection. T1 MAY be
chosen larger, and this is RECOMMENDED if it is known in advance
(such as on high latency access links) that the RTT is larger.
Whatever the value of T1, the exponential backoffs on retransmissions
described in this section MUST be used.

If the client transaction is still in the "Calling" state when timer

B fires, the client transaction SHOULD inform the TU that a timeout
 has occurred. The client transaction MUST NOT generate an ACK. The
value of 64*T1 is equal to the amount of time required to send seven
requests in the case of an unreliable transport.

If the client transaction receives a provisional response while in

the "Calling" state, it transitions to the "Proceeding" state. In the
"Proceeding" state, the client transaction SHOULD NOT retransmit the
request any longer. Furthermore, the provisional response MUST be
passed to the TU. Any further provisional responses MUST be passed
up to the TU while in the "Proceeding" state.

When in either the "Calling" or "Proceeding" states, reception of a

response with status code from 300-699 MUST cause the client
transaction to transition to "Completed". The client transaction
MUST pass the received response up to the TU, and the client
transaction MUST generate an ACK request, even if the transport is
reliable (guidelines for constructing the ACK from the response are
given in Section 17.1.1.3) and then pass the ACK to the transport
layer for transmission. The ACK MUST be sent to the same address,
port, and transport to which the original request was sent. The
client transaction SHOULD start timer D when it enters the
"Completed" state, with a value of at least 32 seconds for unreliable
transports, and a value of zero seconds for reliable transports.
Timer D reflects the amount of time that the server transaction can
remain in the "Completed" state when unreliable transports are used.
This is equal to Timer H in the INVITE server transaction, whose

Rosenberg, et. al. Standards Track [Page 126]

RFC 3261 SIP: Session Initiation Protocol June 2002

default is 64*T1. However, the client transaction does not know the
value of T1 in use by the server transaction, so an absolute minimum
of 32s is used instead of basing Timer D on T1.

Any retransmissions of the final response that are received while in

the "Completed" state MUST cause the ACK to be re-passed to the
transport layer for retransmission, but the newly received response
MUST NOT be passed up to the TU. A retransmission of the response is
defined as any response which would match the same client transaction
 based on the rules of Section 17.1.3.

Rosenberg, et. al. Standards Track [Page 127]

RFC 3261 SIP: Session Initiation Protocol June 2002

|INVITE from TU
Timer A fires |INVITE sent
Reset A, V Timer B fires
INVITE sent +-----------+ or Transport Err.
+---------| |---------------+inform TU
| | Calling | |
+-------->| |-------------->|
+-----------+ 2xx |
| | 2xx to TU |
| |1xx |
300-699 +---------------+ |1xx to TU |
ACK sent | | |
resp. to TU | 1xx V |
| 1xx to TU -----------+ |
| +---------| | |
| | |Proceeding |-------------->|
| +-------->| | 2xx |
| +-----------+ 2xx to TU |
| 300-699 | |
| ACK sent, | |
| resp. to TU| |
| | | NOTE:
| 300-699 V |
| ACK sent +-----------+Transport Err. | transitions
| +---------| |Inform TU | labeled with
| | | Completed |-------------->| the event
| +-------->| | | over the action
| +-----------+ | to take
| ^ | |
| | | Timer D fires |
+--------------+ | - |
| |
V |
+-----------+ |
| | |
| Terminated|<--------------+
| |
+-----------+
 Figure 5: INVITE client transaction

If timer D fires while the client transaction is in the "Completed"

state, the client transaction MUST move to the terminated state.

When in either the "Calling" or "Proceeding" states, reception of a

2xx response MUST cause the client transaction to enter the
"Terminated" state, and the response MUST be passed up to the TU.
The handling of this response depends on whether the TU is a proxy

Rosenberg, et. al. Standards Track [Page 128]

RFC 3261 SIP: Session Initiation Protocol June 2002

core or a UAC core. A UAC core will handle generation of the ACK for
this response, while a proxy core will always forward the 200 (OK)
upstream. The differing treatment of 200 (OK) between proxy and UAC
is the reason that handling of it does not take place in the
transaction layer.

The client transaction MUST be destroyed the instant it enters the

"Terminated" state. This is actually necessary to guarantee correct
operation. The reason is that 2xx responses to an INVITE are treated
differently; each one is forwarded by proxies, and the ACK handling
in a UAC is different. Thus, each 2xx needs to be passed to a proxy
core (so that it can be forwarded) and to a UAC core (so it can be
acknowledged). No transaction layer processing takes place.
Whenever a response is received by the transport, if the transport
layer finds no matching client transaction (using the rules of
Section 17.1.3), the response is passed directly to the core. Since
the matching client transaction is destroyed by the first 2xx,
subsequent 2xx will find no match and therefore be passed to the
core.

25. Stateless proxy and stateful proxy.

26. what is the value of max-forwards
27. main headers in sip . Why via header is needed?
14. why u need sip?
15. pstn and sip ?
16. delay in pstn and sip? which is higher?
17. megaco n mgcp? y u need to use sip? how sip better than other mgcp protocols.
18.180 ringing kind of messages, can the mesaage name be changed?

-> Difference betn transaction. session and dialog.

-> What is forking? what header is used in a invite msg tht has been forked?
-> When sip authentication happens? what are the headers?
-> One thing that only stateful proxy can do and stateless proxy cannot do. which will be a value
add to the customer
A proxy can operate in either a stateful or stateless mode for each
new request. When stateless, a proxy acts as a simple forwarding
element. It forwards each request downstream to a single element
determined by making a targeting and routing decision based on the
request. It simply forwards every response it receives upstream. A
stateless proxy discards information about a message once the message
has been forwarded. A stateful proxy remembers information
(specifically, transaction state) about each incoming request and any
requests it sends as a result of processing the incoming request. It
uses this information to affect the processing of future messages
associated with that request. A stateful proxy MAY choose to "fork"
a request, routing it to multiple destinations. Any request that is
forwarded to more than one location MUST be handled statefully.
stateless will not retransmit...stateful can re-transmit...
-> wht will happen if proxy doesn't forward the ACK to B and A has already started the media
pkts? How is this error scenario handled?
1.B retransmits 200ok...if it doesn't get ack, it will send bye
2.proxy can send bye
-> why is 100 trying needed?
-> A script is run to send INVITEs and then it is killed. A UAC gets a 100 trying msg and the
invite sent earlier is no longer valid as the script is killed? How is this error scenario handled?--it
can discard, any request msgs...481 call leg /transaction doesnot exist
-> 415 media unsoupported is sent by proxy y? wht is the advantage if proxy sends it?---we can
save bandwidth and resources...inivite-100trying--415unsupportedmedia
-> What is the error msg sent if the media codecs do not match---uac--488 not acceptab;e
here...in this case inivite-100trying--488 ...but this inivite has to be forwarded till B...waste of
bw...
-> when a call is inprogress and the registrations expire..wht happens to the call?
-> if a invite msg doesn't get any response, how long does it try?--inivite state m/c daigram
-> y does sip use udp though there is no reliability
consumes less bw---overhead is less...sip will take care of reliability....inivite state mc
diagram....if 200ok response ,sg doesn't get ack, then it will b retransmitted...
-> is the call-id same through out the call flow..when a proxy is involved ( Stateful and stateless
proxy)-----stateful...2 call-ids will be der...(A-Proxy) and proxy-B
-> how many times does the cseq change in a call flow---sequences the requets sent from a
uac..doesn't depend on the type of the request ...
CSeq or Command Sequence contains an integer and a method name. The
CSeq number is incremented for each new request within a dialog and
is a traditional sequence number....The CSeq header field serves as a way to identify and
order
transactions. Requests within a dialog MUST contain strictly monotonically
increasing and contiguous CSeq sequence numbers (increasing-by-one)
in each direction (excepting ACK and CANCEL of course, whose numbers
equal the requests being acknowledged or cancelled).... in a basic call flow, it changes
twice..once for invite, n then for BYE...ACk carries same cseq as INVITE
-> which msgs carry the sdp information---
-> can a user agent send a 100 trying msg? if yes then in wht sceanrios does it send?
-> how many transactions are there in a basic call flow?
-> if there are two dialogs ie dialog betn A and proxy and dialog betn proxy and A, then if B
sends a BYE and proxy doesnot forward tht BYE to A, how will A cum to know that the session
is tear.... Since A doesn't get the rtp pkts...it will send BYE...
-> Difference between PSTN and VoIP?
-> What are the codecs supported in ur system
-> Are sip and megaco jus signalling protocols? then y are they called voip protocols
-> Why the ACK msg needs to be routed through proxy? wht is the advantage if can it be sent
directly?
if it is a b2bua then it has to go through proxy...
-> If the contact header information is not used, still can the ACK msg be sent bypassing the
proxy?---call-id, from-tag n to-tag
-> what all are needed to contact a sip enabled entitiy directly without involvin the proxy
-> what is dialog? does register msg establish a dialog?
-> why registration msg is needed?

Unix
====
-> does ls- lrt list all the files?
-> if v need to access the last 10 files in a directory which has over 1 lakh files...wht is the
command
-> what is command to assign ip address to a linux m/c
-> if ifconfig command gets command not found as a response, wht is the reason or wht other
command can v use to assign ip address?
ded down.
->25. diff betn grep and find.
26. wht is the command to know the OS in unix? uname
27. how do u change file permissions in unix?
28. without using the number, is there any other way and what is tht way to change
permissions?
29. if u have 10 instances
-> Difference betn df and du
-> top gives utilization of wht? hard disk memory or ram?
-> how to see how much hard disk space has been used?

Testing concepts
===============
-> Why performance testing is needed? What can be found out by just doing performance
testing alone but cannot be found out by doing funtional testing? ---ans: capacity of the system
--> is load, robustness etc are subset of performance testing?
-> wht is tracebility matrix? can a requirement have no test cases mapped in a tracebility
matrix?
-> can a single test case be mapped to two different requirements?
-> wht are the contents in a test case?
-> If some out of box testing is done, how is it tracked? Can this be included in the tracebility
matrix? if its included , wht will u include this under
->
-> wht are the different documents needed for test design
-> wht is the diff betn test plan and test strategy
-> wht process do u follow in ur project
->