Interview-sagar1
Q. not getting any output of “dh -h”?
we can check with “strace” command. it will show where command is stuck. mostly it happens due to NFS if you have nfs
Q1.tcpdump?
it captures live tcp/ip packets. we can analyze the packets in wireshark
examples:
tcpdump -D (shows current ethernet adapter status)
tcpdump -i eth0 (shows tcp/ip live packets on the eth0)
tcpdump -c 100 -i eth0 (it will show 100 live packets on eth0)
tcpdump -c 100 -w /tmp/sar.tcpdump -i eth0 src 172.17.221.92 dest 172.17.221.93 22
Q2. How to collect SAR?
CPU Usage = sar -u 1 3
Memory Usage = sar -r 1 3
Swap Usage = sar -S 1 3
I/O activity = sar -b 1 3
load average = sar -q 1 3
Q3.SUID, SGID, and sticky bit?
Syntax: #chmod WhoWhatWhich file/directory
who-u,g,o
what- +, -
which - r,w,x
Already special permission is set on passwd file and /tmp directory
ls -ld /usr/bin/passwd
-rwsr-xr-x. 1 root root 33544 Dec 13 2019 /usr/bin/passwd
ls -ld /tmp
drwxrwxrwt. 12 root root 4096 Oct 19 03:36 /tmp/
Start at 0
SUID = 4
SGID = 2
Sticky = 1
Advertisements
about:blank
REPORT THIS AD
chmod X### file | directory
chmod 1777 abc.txt
sticky
chmod +t /tmp or chmod 1777 /tmp
chmod -t /tmp
Q4 SELinux?
Security Enhanced Linux, it is access control system built into Linux kernel. it is used to enforce the resource policies that define what level of access users, programs and services have on a system.
default mode is enforcing. SELinux will deny any log any unauthorized attempts to access any resources. explicit permission must be givn to user or program
Q5 ulimit?
it can set or report the resource limit of the current user.
#ulimit -a
Q6 umask?
it is used to assign the default file permission sets for newly created folders and files.
check current umask: #umask
set new umask: #umask XXX
#umask 022
666 - 022 = 644 --> this is for file
777 - 022 = 755 --> this is for directory
Q7 linux server hardening examples?
- disable unused file systems(hfs, hfsplus, udf, )
- ensure /tmp is configured with tempfs filesystem
- ensure nodev option is set on /tmp
- Ensure cron daemon is enabled and running
- use different port for ssh
- Ensure SSH access is limited
- Ensure SSH MaxAuthTries is set to 4 or less
- Ensure SSH root login is disabled
- Ensure SSH PermitEmptyPasswords is disabled
- Ensure SSH Idle Timeout Interval is configured
- Ensure SSH MaxSessions is limited
Q8 How to check which process is utilizing more CPU?
#top
#htop
M – sort task list by memory usage
P – sort task list by processor usage
N – sort task list by process ID
T – sort task list by run time
Q9 In which files we make user entry if we dont have to use useradd or adduser command?
-Add an entry for the user in /etc/passwd file.
-Add an entry for the group in /etc/group file.
-Create the home directory for the added user.
-Set the new user password using the passwd command.
Q10 Linux server is running slow what you will check?
run top command
- check io wait, cpu idle time
- if io wait and cpu idle time is low then check cpu user time
- check swap uses
- check if any appliation is consuming lots of CPU or RAM
Q11 Unable to take ssh?
- ping server
- take ssh,
- try to login with root,
- check if ssh service is up and running
- check iif ssh port 22 is opened
- check if users password is expired or lock
- check if users shell is set to nologin
- try to take console with VM or iLO or IDRAC and see for the error
Q12 Collect Sar report for last 10 days?
go to /var/log/sa and you will get multiple folders with sa1, sa2 etc. check last 3rd days log with below command
sar -f /var/log/sa/sa03
Note: We can get sar logs for max 30 days
Q13 how to calculate load average in linux?
- top, uptime, glances, cat /proc/loadavg
- we see load average for 1, 5 and 10 mins
- if we have 1 core cpu and load average is 2 0.5 0.6
- it means 1 process is running and 1 process is waiting for the CPU in last 1 min
- CPU was not being utilized and was available 50% in last 5 min
- CPU was available 40% for utilization in last 15 mins
Q14 How to check how many inodes are available?
df -ih
Q15 what to do when the disk inode is full?
check if inode is full or not with df -ih command. either you can delete the unused files to free up some inodes or you can increase the filesystem size to increase the fre node.
you can use find command to find the directory with most of the files
Note for inode:
- It’s quite easy for a disk to have a large number of inodes used even if the disk is not very full.
- An inode is allocated to a file so, if you have gazillions of files, all 1 byte each, you’ll run out of inodes long before you run out of disk.
- It’s also possible that deleting files will not reduce the inode count if the files have multiple hard links.
- As I said, inodes belong to the file, not the directory entry. If a file has two directory entries linked to it, deleting one will not free the inode.
- Additionally, you can delete a directory entry but, if a running process still has the file open, the inode won’t be freed.
- for freeing up the inodes, delete the files then reboot or check with lsof command to see if any files are deleted but still open. if its open the kill those process and it will free up the space
Q16 What are the entries in fstab and what is its meaning?
there are 6 columns in fstab, path or guid or device, mount point, file system, permission, backup operation( 1 = dump, 0=backup), FSCk (0-it will not check, 1 = root, 2 =other partitions)
Q17 after running df, not getting any output?
we can use strace command and we can see where df is getting stuck. many time if we are using nfs and nfs is not working then we don’t get output of nfs because mount point which is in fstab is not woorking. so we can comment or delete the nfs mount point or we can fix the nfs and then we can check df output
#strace df
Q18 filesystem size is same after deleting the file?
- so we can check if all the deleted files are properly deleted or not. sometimes those files are still open so it will consume the storage.
- use lsof /mountpoint to check open files. if you see deleted or removed message for the files that you deleted then kill those process or reboot linux system to reclaim the process.
Q19 how to increase the priority of any process?
use renice command to change the priority
-20 - for highest priority
+19 - for lowest priority
#renice -n 15 -p 77982
#renice -n -20 -p 77982
-p is the pid
Q20 symlink and hardlink?
hardlink:
- it acts as a copy of the selected file.
- -it uses the same inode number
- not allowed for directories
- can not be used across file system
- -if original file is removed then hard link will still work
- -its comparatively faster
softlink:
- it acts as a pointer or reference to the file
- it uses the different inode number
- it can be used for linking directories
- it can be used across systems
- if the original file is removed then the link will not work
- its slower than hardlink
Q21 ping command is not working?
- it may be possible ping is not installed(not sure).
- if you are pinging domain name then it may be possible that it is not getting dns server
Q22 what is the kernel version in 6 and 7?
rhel 6 – 2.6.x.x, ext4
rhel 7 – 3.10.x.x, xfs
Q23 How to create lv?
#lvcreate -L +150G -n lvname vgname
Q24 how to extend LVM?
1. #lvextend -l +10G lvname
2. #resize2fs lvname
Q25 How to reduce LVM?
reducing LVM is not recommended. you can create a new mount point with the new size then copy the files and then delete the LVM. Below is the direct method to reduce the LVM. Reduce the LVM from 18GB to 10GB.
there are total 6 steps to reduce the LVM
1. umount /dev/sda/lvmname
2. e2fsck -ff /dev/sda
3. resize2fs /dev/sda/lvmname 10gb
4. lvreduce -L -8G /dev/sda/lvmname
5. resize2fs /dev/sda/lvmname
6. mount /dev/sda/lvmname /mount/directory
Q26 How to activate or deactivate the LVM?
Activate:
#lvchange -ay lvname or /dev/sda/lvm
Deactivate:
#lvchange -an lvmname or /dev/sda/lvm
Q27 how to increase or reduce swap?
increasing or reducing the swap means increasing or reducing the storage size of the disk or LVM.
incase of LVM simply increase or decrease the size as we increase or decrease in lvm by lvextend and lvreduce
Q28 how to turn off or on swap?
#swapoff -a
#swapon -a
Q29 What is NFS?
- n/w file sharing
- works on udp port 2049 in rhel6 and works on tcp 2049 on rhel 7
- used for sharing linux to linux
- it is not secure, it doesn’t require authentication
- its faster
Q30 what are the entries in NFS config file?
- directory and prmissions
- permissions are – sync, rw, ro, root_sqaush, no_root_squash, secure etc
- root_squash – squash literal meaning is destroy. it means destroy root. means root user will also have permission as normal user on nfs share
- no_root_squash – means root user will have root permission on the nfs share
Q31 what is sync and async in nfs?
async means that the NFS server will acknowledge data before it’s committed to disk, which can lead to data corruption if the server crashes. sync does the opposite, the server will only acknowledge data after it’s written out.
Q32 how to add the disk to linux system?
- create and add the disk in case of VM. Attach new drive in case of physical server
- Scan the drive
- #echo “- – -” > /sys/class/scsi_host/host0/scan
- use fdisk -l command to check the drive and then click fdisk /dev/sdX command to create the partition
Q33 where is user info is saved?
- /etc/passwd – public info
- /etc/shadow – password hashes, hidden from everyone except root
- /home/username – it will contain users actual file
Q34 how to check status of any user?
#passwd -S username
PS-password is set
LK - password is not set or account locked
Date before 1970 - password is expired
Q34 how to add user in any other group?
#usermod -aG username groupname
Q35 how to check dependencies of any packages with yum and RPM?
Q36 how to create yum server?
there are total 5 steps for creating the yum server.
- add new disk or create a new directory or mount point
- copy all the packages from os drive to the above directory
- create repo
#createrepo -v /packages/location
this will create repomd.xml file
4. create .local file in /etct/yum.repos.d directory
[local]
name=local
baseurl=file:///packages/location
enabled=1
gpgcheck=0
5. Verify repo list
#yum repolist
Q37 how you do patching?
we have a RedHat Linux server which is internet facing. we first download all the packages to the RedHat server. we have made this server as our local repo. We have created local repository on our other servers.
so we are using this server for patching. we use the yum command to patch the server.
Q38 what pre-requisites do you take before patching?
- take the backup of server
- check if /, /var, /boot is not completely utilized
- check if server is not rebooted within 100 days.
Q39 How to check which lvm is mounted with which devices?
#lvdisplay
Q40 What is cve patch in Linux?
its a common vulnerability patch. it is scanned by our security team by nessus tool and they provide us the list of CVE patches so we run it manually on the servers
Q41 The server did not come up after patching?
-ping, ssh, take console and see the error, check if you have snapshot or backup
-if its physical then try to boot into maintenance mode and check for error
Q42 How to remove stickybit?
#chmod -t /dirname
Q43 Where samba passwords are stored?
its stored in smbpasswd file /usr/local/samba/private directory
this file is similar as passwd file. it is only accessible to root.
Q44 how to generate sosreport?
#sosreport
Q45 Why different mount point is required?
Q46 In what situation do you call redhat??
Q47 How to compare file of two directory?
use diff command
#diff file1 file2
Q48 Can we recover passwd file if deleted?
- yes we can recover. passwd file gets backedup as /etc/passwd-
- -boot into single mode
- #mount -o rw,remount /
- #cp /etc/passwd- /etc/passwd
- #pwconv this will create /etc/shadow file for above passwd file
- #passwd root
- #shutdown -r now
Q49 How dns works?
when we browse any domain, DNS follows the below stps
- it check the local cache for the IP
- then it checks the /etc/hosts file
- then it checks the resolv.conf file
- then it checks the local dns or goes to the public DNS server that I have provided
- then it public dns sends the requests to top level domain
- then top level domain checks what is the domains TLS and sends it to respective TLD’s dns(.com, .org, .mil etc)
- then it gets resolved to IP and it does everything in reverse order to show the website
Q50 Difference between bin and sbin?
/bin : For binaries usable before the /usr partition is mounted. This is used for trivial binaries used in the very early boot stage or ones that you need to have available in booting single-user mode. Think of binaries like cat, ls, etc.
/sbin : Same, but for binaries with superuser (root) privileges required.
/usr/bin : Same as first, but for general system-wide binaries.
/usr/sbin : Same as above, but for binaries with superuser (root) privileges required.
Q51 Difference between rpm and yum?
yum:
- yellow dog updater modified. it is a package manager for RPM-based Linux system. it is high level frontend for linux distros
- resolves and installs dependencies automatically
- it installs packages and shows it if it is already installed
RPM:
- it is low level package manager
- does not resolve dependencies
- it needs exact name for installing the packages
- difficult to manage when comes to installing and upgrading packages
Q52 Write script for fetching all hardware info?
uname,
lscpu - for cpu info
lshw - lists hardware info cpu, ram, disk. it extracts info from /proc
lspci - lists pci buses and details device connected to them
lsscsi - lists scsi devices
lsusb - lists usb
lsblk - lists block devices(hard drive partitions, storage devices)
df - disk space of file system
free - check the memory
dmidecode - shows hardware info
haparm - it shows stata drive info
Q53 Difference between ssh and telnet?
SSH:
- used to access network devices
- developed by SSH communication Security lts
- It provides strong authentication and secure communications over insecure channels.
- runs on port 22 but we can change it
- communication is encrypted, it is extremely difficult to decrypt and read the data
- uses public key for authentication
Telnet:
- used to access local devices
- sends data in plain text
- runs on port 23
- it does not use any key for authentication hence its not secure
Q54 what is the difference between fstab & mtab?
/etc/fstab is a created by the user. It contains list of volumes to be mounted by mount.
/etc/mtab is a created by the system. It contains a list of currently mounted devices.
Q55 How you will revert your centos to the previous version?
#yum list kernel*
this will list all the kernel's on your system.
if you don't see your kernel listed then install the kernal
#yum install kernel-3.10.0-862.el7
Once Kernel is installed then reboot your system and use below commands after reboot to downgrade the kernel.
#yum downgrade redhat-release
Q56 yum command is failing?
- it may be possible that another user is running the yum command
- run #Clear yum cache
- check repo list is proper or not
Q57 pasword less authentication is configured, will scp will work without id and password?
yes, because scp uses ssh
Q58 other than ping command whcich command you can use to check connectivity between servers?
telnet, nmap, nc
Q59 password less authentication is set but its not working?
it may be possible that private and public key got regenerated and client machine doesn’t have latest public key hence its not working.
Q60 when you create snapshot on vm then which file gets created in backend?
.vmsn
Q61 how to compare if file got copied or not?
check md5sum value of both the files
Q62 Command to find the most recently modified files ?
use find command with -mtime or -mmin flag.
find . -mtime +2
it will search file older than 2 days.
find . -mtime -2
it will search file created within 2 days.
find . -mmin +2 or -2
Q63 How do you clear the contents of the file without opening file?
> filename.log
or
true > filename.log
or
cat /dev/null > filename.log
or
cp /dev/null filename.log
or
echo "" > filename.log
or
echo > filename.log
Q64 What are MAJOR and MINOR numbers of special files?
Q65 When you need to edit a file by a system command (like crontab -e) how do you change the default editor that the system opens the file with to nano?
The system will use the editor defined in your EDITOR environment variable and can be set by export EDITOR=nano
Q66 How to see the list of mounted devices on Linux?
#mount -l
Q67 What is a sparse file ?
Sparse files are files that have large amounts of space preallocated to them, without occupying the entire amount from the filesystem. The term “sparse file” is used to mean one containing “holes”; it is easy to recognize one on a running system because its disk usage is less than its size.
# ls -lh /var/log/lastlog
-rw-r--r--. 1 root root 286K Dec 3 04:50 /var/log/lastlog
# du -sh /var/log/lastlog
12K /var/log/lastlog
size is showing as 286K but actual disk size is 12k
Q68 What is run-queue and how do you use it ?
Q69 How can a filesystem be 110% full?
Q70 What is a VFS Panic?
Q71 how to run the script as a service?
Q72 What is journaling in Linux?
A journaling filesystem is a filesystem that maintains a special file called a journal that is used to repair any inconsistencies that occur as the result of an improper shutdown of a computer.
Q73 What are the functions of Kernel?
The kernel is a part of the operating system that handles communication with the hardware. It’s the lowest level of the operating system.
- memory management
- network management
- device driver
- file management
- process management
Q74 access logs in Nginx?
NGINX writes information about client requests in the access log right after the request is processed. By default, the access log is located at /var/log/nginx/access.log, and the information is written to the log in the predefined combined format. You can override the default settings and change the format of logged messages by editing the NGINX configuration file (/etc/nginx/nginx.conf by default).
Q75 How will you check how many users are getting connected to your website?
we can check nginx access logs. We can send logs to elk or prometheus by using exporter and we can get user access details. We can enable stats in nginx conf file.
Q76 how you will reset your password on 300 linux box?
We have to reset the password manually on all the 300 machines if you are not using any centralized management for authentication and authorization. Or if you are using ansible then you can reset the password on all the machine based on the host group.
In our environment, we have added all our servers to the domain so we reset the password from the AD. We use the template to build the server. this server will automatically get added to the domain. so we can reset the password with AD.
Q77 are you using generic login or user-based login?
We are using generic login. our servers are behind the open VPN. Everyone first connects to the VPN and then they connect to the server. For some clients, we are using Jump box servers and from jumpbox we take the ssh of the servers.
Q78 how to check and troubleshoot high cpu utilization
check CPU utilization by top command. check which process is consuming more CPU, memory. if any application is taking more CPU then check application log for more details. application log may be in var/log on anywhere else. if you don’t get anything in application log then check the thread dump. thread dump will show miner changes on the process level. for network, we take the tcp dump.
Q79 Wy CPU utilization is showing 400%?
CPU utilization is measured relative to a single CPU. The maximum is 100% for each CPU, so a four-CPU system would have a maximum CPU utilization of 400%.
Q80 What is IO wait?
Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.
Therefore, %iowait means that from the CPU point of view, no tasks were runnable, but at least one I/O was in progress. iowait is simply a form of idle time when nothing could be scheduled. The value may or may not be useful in indicating a performance problem, but it does tell the user that the system is idle and could have taken more work.
Q81 What are the CPU states in Linux?
A CPU can be in one of four states: user, sys, idle, or iowait. Tools such as vmstat, iostat, sar, etc., print out these four states as a percentage. The kernel maintains this information using counters for each of the states and more. On each clock interrupt, the kernel checks the CPU state and increments the appropriate counter. The user can check the counters in /proc/stat.
Q82 Lets say you have made wrong entry on EC2 VM instance and now VM is not coming up…what you will do?
we can correct the entry of FSTAB by the below 2 steps.
- Detached EBS
- create New VM
- Attached EBS to new VM
- Mount EBS of old VM into New VM
- Cd /mnt/name
- Vi /mnt/name/etc/fstab
- then correct the entry
another way is we can use EC2 Serial Console to access the GRUB menu and recover from boot failures.
Q83 prometheus is push based or pull based?
it is pull based
Q84 What is LAMP Stack?
it is open source software used for web deployment.
- Linux Operating System: backbone of Lampstack. everything runs on this.
- Apache HTTP Server: its a web server, runs on Linux, it process the request and transmits information through the internet.
- MySQL database management system:
- PHP programming language
Q85 Tell me a few server hardening examples?
- Keep Linux Kernel and Software Up to Date
- enable SELinux
- Linux User Accounts and Strong Password Policy
- Set Up Password Aging For Linux Users For Better Security
- Restricting Use of Previous Passwords on Linux
- Locking User Accounts After Login Failures
- Make Sure No Non-Root Accounts Have UID Set To 0
- Disable root Login
- Disable Unwanted Linux Services
- Check listening Network ports
- Separate Disk Partitions For Linux System
Q86 What is permission inheritance in linux?
it means if we set 777 permission to directory then same permission will be assigned to the files in the directory. For inheritance, we can use ACL.
The problem with basic ACL’s is that they are not recursive by default. If you set an ACL on a directory, only the files inside that directory inherit the ACL. If you create a subdirectory, it does not get the parent ACL unless the ACL is set to recurse.
Q87 Why shell script files need execute permission?
if you know your interpreter then you don’t need the execute permission the script. you can execute the script that have only read permissions (#bash /path/to/script)
but scripts can have different interpreters. Its possible your script was written to work with ksh
, zsh
. Thus you have to know what interpreter to use to call the script with. By instead of making a script with a shebang line (that #!/bin/bash
at the top) executable, the user no longer needs to know what interpreter to use.
Q88 log analysis in Linux?
Log analysis is a crucial activity for server administrators who value a proactive approach to IT. By tracking and monitoring Linux log files, administrators can keep tabs on server performance, discover errors, detect potential threats to security and privacy issues and even anticipate future problems before they ever occur. Linux keeps four types of logs that system administrators can review and analyze: Few log types are: Application logs, Event Logs, Service Logs, System Logs etc.
Q89 what is tcp stack?
tcp stack is nothing but tcp/ip model. it has 5 layers.
Q90 What is NAT and PAT?
NAT: NAT is a process where a router or firewall, translates one IP (Private) into another IP (Public) or vice versa. Specifically, a router translates an internal host’s private IP address into its public IP address for outgoing traffic. NAT is of 2 types.
- Static NAT:
- Dynamic NAT:
PAT: Each host on a LAN is translated to the router’s WAN-Side public IP address, with a different port number assignment
Q91 What is port forwarding?
In this we only have only public IP. when accessing internal resources from the internet, we use port numbers to forward the request on specific internal resource. lets say our public ip is 180.5.4.3 and if anyone wants to access ftp with IP and port as 180.5.4.3:21 then this request will be redirected to internal FTP server with any internal IP 192.168.0.10:21
Q92 What is a “/proc” file system?
Proc file system is a pseudo or virtual file system that provides an interface to the kernel data structure. It generally includes useful information about processes that are running currently. It can also be used to change some kernel parameters at runtime or during execution. It is also regarded as a control and information center for the kernel. All files under this directory are named virtual files.
Q93 is hard drive involved when reading content of /proc?
There is no hard drive involved. When you read from /proc, the kernel generates content on the fly.
Q94 How to check which all files are getting used by top command in the backend?
strace top >/dev/null
this will show that it uses all the files like cpuinfo, meminfo, process id files from /proc directory.
Q95 How to secure an nginx web server?
You can use few of the below steps to secure nginx web server
- Use nginx CIS bencmark to secure it
- Disable Any Unwanted nginx Modules
- Disable nginx server_tokens
- Control Resources and Limits
- Disable Any Unwanted HTTP methods
- Set Up and Configure nginx Access and Error Logs
- Monitor nginx Access and Error Logs
- Update Your Server Regularly
Q96 why DNS record first check /etc/host not in /etc/resolv.conf?
There is one file /etc/nsswitch.conf, in this file name server search sequence is mentioned. We can change the sequence.
/etc/nsswitch: The Name Service Switch (NSS) configuration file, /etc/nsswitch. conf, is used by the GNU C Library and certain other applications to determine the sources from which to obtain name-service information in a range of categories, and in what order. Each category of information is identified by a database name.
Q97 What is the difference between apt and apt-get?
- apt comes with fancy progress bar
- apt shows a list of packages that need to be upgraded
- apt combines the function of apt-get, apt-cache and dpkg -l
- Syntax comparison of apt and apt-get command
- apt is new commands
To summarize, apt
is the user-side replacement for apt-get
. Both commands are relevant and will continue to exist, since one is ideal for high level functions and the other one for low level.
Q98 What is echo -e in linux?
when we run echo “any text” then it simply prints it as out put. but if we want to use escape sequence (\n, \t, \\, etc) in echo then we can use -e
echo -e "Hi, \n this is test line"
Q99 What is echo -n in linux?
It will not go on the new line. Whereas if I just use echo then it will start by default form the new line.
Q100 How to find primary group of user?
id -gn user_name
Q101 How to find all the groups of current user or any other user?
We can use “groups” command to find all the groups
groups
or
groups username
Q102 How to delete all the files(including hidden files & Directory) in Linux?
We can use one of the below command to delete all the hidden files and Directories.
rm -rf ..?* .[!.]* *
or
rm -rf /some/path/
First command will exclude ‘.’ & ‘..’ directory
Q103 How to change the user password in one line?
# echo "linuxpassword" | passwd --stdin linuxuser
or
# echo -e "linuxpassword\nlinuxpassword" | passwd linuxuser
Q104 How to run multiple processes simultaneously in Linux?
We can use xargs command to run multiple processes parallelly.
#seq 1 3 | xargs -I{} -n 1 -P 3 wget https://storage.googleapis.com/test-bucket-sarath/junkfile{}
Now run below command and verify that 3 processes are running.
#ps aux|grep wget
Q105 I have a domain mycomany.com and I have created multiple subdomains like hr.mycompany.com, payroll, finance, blog etc. Now I when I am pinging subdomains internally without FQDN then it is failing. What changes needs to be made in order to ping without FQDN?
We can make the search entry in /etc/resolv.conf file as below.
Now if I ping any subdomain without FQDN then too we will get the ping response internally.
Q106 What is ARP?
ARP (Address Resolution Protocol) is used to identify the hardware address of a host on the local network (i.e: the same subnet). If A
(IP 10.0.1.2/24
) wanted to communicate with another host (C
) with IP address 10.0.1.5
, then the following happens if this host in not in the cache:
A
broadcasts an “ARP Request“- Using the broadcast MAC Address (
ff:ff:ff:ff:ff:ff
) - Asking for any host with the IP Address
10.0.1.5
to respond
- Using the broadcast MAC Address (
- If the remote host (
C
) receives this packet, then it responds with it’s correct MAC Address.
ARP Cache from one of the VM.