Quick questions and answers: 20 killer questions for computer network interviews

[[414422]]

This article is reprinted from the WeChat public account "Architect Who Loves to Smile", written by Lei Xiaoshuai. To reprint this article, please contact the WeChat public account of Architect Who Loves to Smile.

Computer network is one of the topics that interviewers like to test the most in interviews. You must master the following 20 deadly questions!

Network Layering

1. What are the relationships and differences between OSI seven layers and TCP/IP four layers?

The seven layers of OSI are: physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer. A picture will give you a clear idea:

(Pictures from the Internet)

The four layers of TCP/IP are: network interface layer, network layer, transport layer, and application layer. The mapping relationship with the seven layers of OSI is as follows:

Features:

• The layers are independent and interdependent
• The upper layer depends on the lower layer, and the lower layer provides services for the upper layer

Pay attention: TCP/IP layer 4 is a simplified version of OSI layer 7 and has become a de facto international standard.

TCP/IP

2. What are the differences between TCP and UDP?

First, a comparison picture:

Summarize

• TCP provides connection-oriented reliable services to the upper layer, and UDP provides connectionless unreliable services to the upper layer.
• UDP is not as reliable as TCP transmission, but it can make a difference in places where real-time requirements are required.
• If you have high requirements for data accuracy and can use a relatively slow speed, you can choose TCP.

3. How does TCP achieve data reliability?

In a word: reliability is ensured through mechanisms such as checksum, sequence number, confirmation response, timeout retransmission, connection management, flow control, and congestion control.

(1) Checksum

During data transmission, the sent data segments are treated as 16-bit integers. These integers are added together, and the leading carry bit cannot be discarded. They are added to the end and then inverted to obtain the checksum.

Sender: Calculates the checksum before sending data and fills in the checksum. Receiver: After receiving the data, calculates the checksum in the same way and compares it with the sender.

(2) Serial number

TCP numbers each byte of data during transmission, which is called a sequence number. The role of a sequence number is not only for acknowledgment, but also for sorting the received data according to the sequence number and removing duplicate data.

(3) Confirmation response

During TCP transmission, each time the receiver receives data, it will confirm the transmission by sending an ACK message. This ACK message carries the corresponding confirmation sequence number, telling the sender which data has been received and where the next data will be transmitted from.

(4) Timeout retransmission

During TCP transmission, due to the existence of confirmation and sequence number mechanism, that is, after the sender sends a part of the data, it will wait for the ACK message sent by the receiver and parse the ACK message to determine whether the data is successfully transmitted. If the sender does not receive the ACK message from the receiver after sending the data, then the data just sent will be resent.

(5) Connection Management

It refers to the process of three handshakes and four waves.

(6) Flow Control

If the sender sends too fast, the receiver's receiving buffer will be filled. If data is transmitted at this time, a large number of packets will be lost, which will lead to a series of problems such as packet loss and retransmission. TCP supports determining the sending speed of the sender based on the processing capacity of the receiver. This is the flow control mechanism.

Specific implementation method: The receiving end puts its own receiving buffer size into the "window size" field of the TCP header and notifies the sending end through ACK.

(7) Congestion Control

TCP sends a large amount of data at the beginning of the transmission process. If the network is very congested at the time, it may cause the congestion to worsen. Therefore, TCP introduces a slow start mechanism, which sends a small amount of data to test the waters when it starts sending data.

4. How does the TCP protocol improve transmission efficiency?

In a word: The TCP protocol improves efficiency through sliding windows, fast retransmission, delayed acknowledgment, piggybacked acknowledgment, etc.

(1) Sliding Window

If each data segment sent needs to receive an ACK response before sending the next data segment, then our efficiency is very low and most of the time is spent waiting for the ACK response.

In order to improve efficiency, we can send multiple data at a time, which can greatly reduce the waiting time and improve performance. The window size refers to the maximum value of data that can be sent without waiting for confirmation.

(2) Fast retransmission

Fast retransmission is also called high-speed retransmission control.

If packet loss occurs, retransmission is required. Generally, there are two situations:

Case 1: The data packet has arrived, but the ACK is lost. In this case, the loss of some ACKs does not have any impact, because the subsequent ACKs can be used to confirm the data packet.

Case 2: The data packet is directly lost. The sender will receive multiple identical ACK confirmations in succession, and the sender will immediately retransmit the corresponding lost data.

(3) Delayed response

If the host receiving the data returns an ACK response immediately, the returned window size may be smaller.

• Assume that the receiving end has a 1M buffer and receives 512K of data at a time; if the response is immediate, the returned window is 512K;
• But in reality, the processing speed of the processing end may be very fast, and the 512K data is consumed from the cache within 10ms;
• In this case, the receiving end has not yet reached its processing limit, and can still handle it even if the window is enlarged;
• If the receiving end waits a little longer before responding, for example, 200ms before responding, then the window size returned at this time is 1M;

The larger the window, the greater the network throughput and the higher the transmission efficiency; our goal is to maximize transmission efficiency while ensuring that the network is not congested.

(4) Piggyback response

On the basis of delayed acknowledgment, in many cases, the client and server also send and receive at the application layer. At this time, piggyback acknowledgment is often used to improve efficiency, and ACK response is often transmitted together with data packets. For example: three-way handshake.

5. Do you know how TCP handles congestion?

Network congestion refers to the phenomenon that too many packets arrive at a certain part of the communication network, making it impossible for that part of the network to process them in time, resulting in a decrease in the performance of that part or even the entire network. In severe cases, it may even cause the network communication service to come to a standstill, i.e., a deadlock phenomenon. Congestion control is a mechanism for dealing with network congestion.

The four stages of congestion control are:

• Slow Start
• Congestion Avoidance
• Fast Retransmit
• Fast recovery

6. Talk about the whole process of three-way handshake and four-way wave

Here is a picture of the three-way handshake process for the interviewer:

After waving four times, give the interviewer a picture:

7. Why does a TCP connection require three handshakes? Two is not enough. Why?

• Two-way handshake can only ensure that one-way connection is smooth

In the first step, the client sends a message to the server: Hello, server. In the second step, the server receives the message and replies to the client: Received! Hello, client.

In this two-way handshake process, the client sends a hello to the server, and the server receives it, which means that the client can send data to the server normally. However, if the server sends a hello to the client and the server does not receive any feedback, it cannot ensure that the server can send messages to the client normally.

• Only after the third handshake can we ensure that both sides can receive the data sent by the other party. In the third step, the client receives the message sent by the server and replies: Received! This proves that the client can receive the message from the server normally.

8. Do you know how IP addresses are classified?

Let me first talk about the basic characteristics of IP:

• An IP address consists of four fields, each field is one byte, 8 bits, and the maximum value is 255.
• An IP address consists of two parts: the network address and the host address. The network address indicates which network it belongs to on the Internet, and the host address indicates which host it belongs to on the network.

IP addresses are mainly divided into three categories: A, B, C and five special addresses: D and E. Here is a picture:

Class A: (1.0.0.0-126.0.0.0) is generally used in large networks.

Class B: (128.0.0.0-191.255.0.0) is generally used for medium-sized networks.

Class C: (192.0.0.0-223.255.255.0) is generally used for small networks.

Class D: It is a multicast address. The network number of the address is between 224 and 239. It is generally used for multicast users.

Class E: Reserved addresses. The network number of the address is between 240 and 255.

HTTP

9. What is the difference between http1.1 and http2?

HTTP1.1

• Persistent Connections
• Request Pipelining
• Added cache handling (new fields such as cache-control)
• Add Host field, support breakpoint transmission, etc.

HTTP2.0

• Binary framing
• Multiplexing (or connection sharing)
• Header Compression
• Server Push

10. What are the differences between HTTP and HTTPS?

(1) The HTTPS protocol requires applying for a certificate from a CA. Generally, there are few free certificates, so a certain fee is required. (2) HTTP is a hypertext transfer protocol, and information is transmitted in plain text. HTTPS is a secure SSL encrypted transmission protocol. (3) HTTP and HTTPS use completely different connection methods and different ports. The former uses port 80 and the latter uses port 443. (4) The HTTP connection is very simple and stateless. The HTTPS protocol is a network protocol built by SSL+HTTP protocol that can perform encrypted transmission and identity authentication. It is more secure than the HTTP protocol.

11. Do you know the difference and principle between symmetric encryption and asymmetric encryption?

Symmetric key encryption refers to the method of using the same key for encryption and decryption. The biggest problem with this method is the key transmission problem, that is, how to securely send the key to the other party;

Asymmetric encryption refers to the use of a pair of asymmetric keys, namely a public key and a private key. The public key can be published at will, but the private key is only known to oneself. The party sending the ciphertext uses the other party's public key to encrypt the message. After receiving the encrypted message, the other party uses its own private key to decrypt it.

Since asymmetric encryption does not require sending a private key for decryption, it can ensure security; however, compared with symmetric encryption, it is slower, so we still have to use symmetric encryption to transmit messages, but we can send the key used for symmetric encryption through asymmetric encryption.

12. What are the common status codes?

1×× : Request in progress, the request has been accepted and is being processed

2×× : Request successful, request was successfully processed 200 OK

3××: Redirection, further processing is required to complete the request 301: Permanent transfer 302: Temporary transfer 304: Cached

4××: Client error, illegal request 400: Bad Request, request has syntax problem 403: Request rejected 404: The page accessed by the client does not exist

5××: Server error, the server cannot process a valid request 500: Internal server error 503: Service unavailable, please wait

13. What are the common header fields in http?

cookie, cookie information passed to the server when requesting set-cookie, cookie information to be passed to the client is set in the response message header allow, what HTTP methods are supported last-modified, the last modification time of the resource expires, sets the failure date of the resource cache content-language, the resource language of the entity content-encoding, the encoding format of the entity content-length, the size of the entity body in bytes content-range, which ranges of the returned entity content-type, which types accept-ranges, the processed range request age, tells the client how long ago the server created the response vary, the cache information of the proxy server location, used to specify the URI after redirection If-Match, the value is the unique identifier of the resource User-Agent, passes information such as the browser that created the request and the user agent name to the server Transfer-Encoding, the encoding method of the body of the transmission message connection, manages persistent connections, keep-alive, close Cache-Control, controls the browser's strong cache

14. The difference between GET and POST

(1) GET is generally used to obtain resources from the server, and POST is generally used to create resources;

(2) GET is idempotent, that is, reading the same resource always results in the same data, while POST is not idempotent. GET does not change the resources on the server, while POST does change the server resources;

(3) In terms of the request parameter format, the data of a GET request will be attached to the URL; while a POST request will place the submitted data in the request body of the HTTP request message.

(4) POST is more secure than GET because the data submitted by the GET request will appear in plain text on the URL, while the POST request parameters are packaged into the request body, which is relatively safer.

(5) The length of a GET request is limited by the browser or server's URL length limit, and the amount of data allowed to be sent is relatively small, while a POST request has no size limit.

15. Do you know the DNS addressing process?

(1) Enter the domain name www.baidu.com in the browser. The operating system will first check whether its local hosts file has this URL mapping relationship. If so, it will first call this IP address mapping to complete the domain name resolution.

(2) If there is no mapping for this domain name in hosts, the local DNS resolver cache is searched to see if there is a mapping relationship for this URL. If so, it is directly returned to complete the domain name resolution.

(3) If there is no corresponding URL mapping relationship between hosts and the local DNS resolver cache, the server will first look for the preferred DNS server set in the TCP/IP parameters. Here we call it the local DNS server. When this server receives a query, if the domain name to be queried is included in the local configuration area resources, it will return the resolution result to the client to complete the domain name resolution. This resolution is authoritative.

(4) If the domain name to be queried is not resolved by the local DNS server zone, but the server has cached this URL mapping relationship, then this IP address mapping is called to complete the domain name resolution. This resolution is not authoritative.

(5) If the local DNS server's local zone file and cache resolution are both invalid, the query will be performed according to the local DNS server's settings (whether a forwarder is set). If the forwarding mode is not used, the local DNS will send the request to 13 root DNS servers. After receiving the request, the root DNS server will determine who is authorized to manage the domain name (.com) and will return an IP address of the top-level domain name server responsible for the domain name. After receiving the IP information, the local DNS server will contact the server responsible for the .com domain. After receiving the request, if the server responsible for the .com domain cannot resolve it, it will find a next-level DNS server address (baidu.com) that manages the .com domain and give it to the local DNS server. When the local DNS server receives this address, it will find the baidu.com domain server and repeat the above steps to query until the www.baidu.com host is found.

(6) If the forwarding mode is used, the DNS server will forward the request to the upper-level DNS server, which will resolve it. If the upper-level server cannot resolve it, it will either look for the root DNS or forward the request to the upper-level server, and so on. Regardless of whether the local DNS server uses forwarding or root hinting, it will eventually return the result to the local DNS server, which will then return it to the client.

16. What is the entire process after entering www.baidu.com in the browser?

Overall process

Domain name resolution -> Establish TCP connection (three-way handshake) -> Initiate HTTP request -> Server responds to HTTP request, browser gets HTML code -> Browser parses HTML code and requests resources in HTML code (such as js, css, pictures, etc.) -> Browser renders the page and presents it to the user.

17. The difference between Session and Cookie

• Session is on the server side, cookie is on the client side (browser)
• By default, the session is stored in a file on the server (not in memory).
• The operation of session depends on session id, and session id is stored in cookie, that is, if the browser disables cookies, the session will also be invalid (but it can be achieved by other means, such as passing session_id in the URL)
• The session can be stored in a file, a database, or in memory.

User authentication usually uses session

18. What are some web performance optimization techniques?

• DNS query optimization
• Client-side caching
• Optimizing TCP connections
• Avoid redirects
• Caching at the edge of the network
• Conditional caching
• Compression and code minimization
• Image Optimization

Cybersecurity

19. What is an XSS attack?

XSS (Cross Site Scripting) is also known as Cross-site scripting in Chinese. The focus of XSS is not on cross-site attack, but on the execution of scripts.

The principle of XSS is:

Malicious attackers can insert some malicious script codes into web pages. When users browse the page, the script codes embedded in the web page will be executed, thus achieving the purpose of maliciously attacking users.

XSS attacks are mainly classified into the following categories: reflected, stored, and DOM-based. Reflective and DOM-based can be classified as non-persistent XSS attacks. Stored can be classified as persistent XSS attacks.

20. What is a cross-site request forgery (CSRF)?

CSRF (Cross Site Request Forgery) is a network attack method. It was listed as one of the top 20 security risks on the Internet in 2007. It is also called "One Click Attack" or "Session Riding", usually abbreviated as CSRF or XSRF. It is a malicious use of websites.

It sounds like Cross-site Scripting (XSS), but it is very different from XSS and the attack method is almost the same.

XSS exploits trusted users within a site, while CSRF exploits trusted websites by disguising requests from trusted users. Compared to XSS attacks, CSRF attacks tend to be less popular (and therefore less resource-intensive to prevent) and more difficult to prevent, so they are considered more dangerous than XSS.