Intrvw: Difference between revisions
→Citrix
(→Citrix) |
(→Citrix) |
||
Line 534:
Types of NAT supported in SRX
Logs which plane generates - data/routing plane
= Convergys (SRX TAC) =
3-way handshake
Why 2nd syn
Parameters exchanged in 3 way handshake
TCP flags
Push vs URG flag
MSS vs Window size
Receive window size is the maximum amount of received data, in bytes, that can be buffered at one time on the receiving side of a connection.
The sending host can send only that amount of data before waiting for an acknowledgment and window update from the receiving host
PC connected in LAN. What will happen - GARP, DHCP, etc
GARP - src & dst MAC
GARP - Ethernet header MAC
DHCP - DORA process
User unable to access Internet - Troubleshooting Approach
User traffic blocked in FW - Troubleshooting Approach
Latency in FW troubleshooting - Troubleshooting Approach
Main vs Aggressive Mode difference? Which one is faster? Which one is secure?
= Juniper =
OSPF + VPN + FTP; FTP is slow
Dailup VPN
RTT
Hub & Spoke VPN
FTP across Network is slow
What is Acknowledgement
What is MSS
Aggressive Mode vs Main Mode
FTP Slow across Switch, Router, FW; How to Troubleshoot.
= Wipro =
TFTP ALG? Yes TFTP requires ALG
DPI = Deep Packet Inspection
Bastion Host
Will the firewall work without a default gateway? What if the device is in a LAN only?
What should be the position of the IDP and IPS?
What is HIPS?
Architecture of checkpoint firewall?
= Cisco =
On TCP/IP:
• Window scale, SACK , mss, mtu , TCP off-loading complete details about each topic and troubleshooting scenarios on the same.
• How does TCP headers looks with SACK in action ?? like does it still uses ACK feild or not? if it uses then what info does ACK and SACK feild contains?
• Fragmentation scenarios: where in we will be asked about packet headers, after fragmentation at various hops.
• How does ICMP path discovery works.How does it work with presence of vpn/tunnel?
• How do you truobleshoot using wireshark packet capture?? I was shown a wireshark capture of HTTP access to various site/urls!I was asked to short-list all the urls accessed during the capture time; use filter "http.host". likewise they might ask different filters!!
• Troubleshooting approach on some traffic not working...
VPN:
• CISCO thinks ourteam is strong at this topic:-)!! so they ask in and out of VPNs, different troubleshooting scenarios, with NAT, how VPN works with NAT device in between n all.
• Other than VPNs and TCP/IP they will ask questions on topic that we mention in our resume!! Unfortunately i mentioned about SNMP ;-) so they asked some basic questions: Like why is it used for? whats the diff bw v1 & V3 of SNMP?
SIP:
• complete working:messages:
• Whats SIP re-invite ?
• how does DHCP server recongnises different SIP phone vendors?
Multicast:
• I explained basic working and diff modes i knew.I told them i dont have in depth knowledge.
• Is it necessary to have (S,G) entry ??something like that..dont remember properly
• Tom(ESC engineer) will ask one of best case experience!!! be prepared to answer with troubleshooting steps u followed,upto packet level details.
ALG:
1. What is alg. And also they asked about specific examples about how ALG functions. (Typically expecting FTP)
2. Difference between active and passive FTP (In detail including the PASSV command)
3. When there is a control channel established in FTP, and we open a data channel, do we see a three way handshake happening again on wireshark captures? Ans is yes.
4. What is the use of ALG in case of passive FTP.
SIP:
1. Explain the procedure of SIP message exchange starting from a new phone booting up and registration? – Read from CnE given nicely along with headers. They expect headers.
2. How does ALG help in SIP << Here they expect the function of ALG looking into the SDP headers and open pin holes based on Connection and media identifiers in SDP.
3. Difference between DHCP discover sent by IP Phone and Computer? Ans: Options field vary in both (No reqd in detail)
Then they asked me about the most difficult case I handled.
1. Then they discussed about how the SACK and WSF help in flow control and congestion control
2. How can we achieve the same functionality of trace-route using IP packets assuming that trace route is blocked in the network? Ans: IP header there is option of source route which helps us in doing the same.
3. Also asked about fast transmit, slow start and congestion avoidance along with TCP chimney and TCP offloading engine
4. Screening all the options in detail.
5. How does SMTP work
6. What is the use of reverse DNS lookup
7. How do u ensure that the clear text traffic is getting encrypted or not, if you have captures at internal and external interface of the firewall? << By looking at size and time field in the captures>>
8. What is protocol anomaly.
9. DHCP relay and dhcp message exchanges.
10. Scenario: PC-1 is in vlan10 and dhcp server is in vlan20. Now PC-1 boots up how will it get the IP address and flow associated with the same. << Explain the concept of dhcp relay>>
RFC round was TCP—rfc1323. And cross Qn as per the presentation.
• How do you Troubleshoot High CPU.
• About NSRP. (concept)
• Types of NAT and its uses.
• Few general questions on URL filtering.
• How will you filter a HTTPS URL.
• Why do we use GRE over IPSec?
• If IPSec has encryption then why we need GRE?
• Basic of SNMP regarding community an all
Q: + 3 web servers behind the firewall. All are accessed from the internet through MIPs.1 out of 3 web servers is not reachable. Troubleshoot
Ans:
check traffic from the client to firewall through internet. OK
Communication between server and firewall. NO
Sniffers on firewall and server. OK
Firewall traffic sent but nothing on the server.
Check any devices between them?
only a switch.
narrow down the problem on the switch.
Possibly an ARP issue.
when check the switch the MAC of the server was mapped to wrong port.
Q: Remote connect VPN. When connected internet does not work.
Ans:
Internet VIA local network or through VPN? Through VPN
When VPN connected only Internet is down or not able access internal resources also? Only internet.
Flow issue
check flow
correct route? Yes
then policy
correct policy? No need policy as it is between same security zone.
Is intra zone block on? It is OFF
At last it was like there is some option in CISCO when the traffic come from same interface and goes out through the same we need to set some command to allow.
Q: Site to site VPN. Site A has a Web server and we are trying to access from site B but it does not happen.
Ans:
VPN UP? Yes.
Only this server or other local resources? Only this server
Check flow?
Both sides packet sent to tunnel.
Sniffer on ingress site A? Yes we see packet.
Sniffer on egress site B? NO we don’t see anything.
What do we see?
3 way handshake, http get() but data sent from source but not receive by site B.
Ans. DF bit set. How to handle this. Adjust MSS.
Q: SSL VPN?
NO IDEA NEVER WORKED
+ ANY PRODUCT KNOWLEDGE IN CISCO?
NOPE ONLY JUNIPER
• ISAKMP headers,payloads
• If u r using other than IPSEC does ISAKMP is supported nd how?
• ARP
• Headers and how does it change with the propogation
• TCP/ip and ethernet " " " " " " " "
• PC-->SWITCH--->ROUTER--->SWITCH--->PC(Changes in ethernet,arp,tcp,ip header)
• Checksum calculation of TCP header
• mss,mtu
• incase of latency what do u see in wireshark.What all fields, u chk for ?
• GRE over ipsec headers
• GRATITIOUS ARP and ARP header diff?
• Scenario of assymetric routing..Ping was working but TCP connection was not working
• How does trace route works
• Sliding window ,Window size,scaling window factor
• RTO,RTT?
• ICMP, DIFF between MSL and TTL?
• path mtu discovery
• Wireshark in detail
• Scenario of FTP ALG.Control session is being formed but data not flowing
IDP:
• Attacks
• Screening options
• Vulnerability Tools
• How do u write a signature
• Linux
Study from:
• Basics of TCP/IP from TCP/IP guide
• C&E:Screening options ,attack and defence mecahnism
• C&E:VPN
• TCP/IP complete
• What is slow start,why we use it ?Is it compulsory to use slow start?
• What is congestion control?
• How will you troubleshoot if you have congestion in the network?
• Components of mss?
• Complete DNS header
• OSPF
• BGP troubleshooting
• ISAKMP header
• Difference between AH/ESP ?OR tunnel mode/tranport mode?
• Multicast
• Sparse mode flow
• PIM pruning
• Source specific multicast
• VOIP (SIP ALG---flow etc)
• TCP chimney
• TCP tickle
| |||