📌 Final AWS CSE (Networking) Interview Preparation Checklist

✅ 1. Core Networking Concepts to Master

📖 Protocols & Troubleshooting

• HTTP vs HTTPS (SSL/TLS encryption, handshake process).

• DNS (query process, caching, records: A, CNAME, MX, TXT, PTR).

• TCP/IP Stack (3-way handshake, 4-way termination, windowing).

• UDP vs TCP (when to use each, advantages/disadvantages).

• Routing & Switching (OSPF vs BGP, VLANs, STP).

• Load Balancing (Layer 4 vs Layer 7, sticky sessions, cookie-based).

✅ 2. AWS-Specific Networking Services

📖 AWS VPC & Networking

• VPC Subnets (public vs private), Route Tables, Internet & NAT Gateway.

• Security Groups vs NACLs (stateless vs stateful).

• AWS Transit Gateway & VPC Peering (differences, use cases).

• AWS Direct Connect vs VPN (hybrid networking).

• VPC Flow Logs & Network Troubleshooting.

📖 AWS Load Balancing & Traffic Control

• ALB vs NLB vs CLB (when to use each).

• How Elastic Load Balancer handles HTTP requests.

• DNS Failover & Route 53 Routing Policies.

✅ 3. Network Security & Firewalls

📖 Security Concepts

• SSL/TLS Encryption (certificate verification, AWS ACM).

• Web Application Firewall (AWS WAF) (how it blocks SQLi, XSS).

• Intrusion Detection & Prevention (IDS/IPS) (AWS GuardDuty vs AWS Network Firewall).

• DDoS Protection with AWS Shield.

• DNS Security Best Practices (domain hijacking prevention).

✅ 4. Linux & Windows System Administration

📖 Linux Fundamentals

• Startup Process (BIOS, GRUB, systemd).

• User & File Permissions (chmod, chown, sudo roles).

• Monitoring Logs (journalctl, tail -f /var/log/syslog).

• Firewall Management (iptables, firewalld --list-all).

• Networking Commands (ifconfig, ip addr, netstat, ss).

📖 Windows Fundamentals

• Windows networking (ipconfig, netstat -an, firewall settings).

• Event Viewer for troubleshooting logs.

✅ 5. Application Monitoring & Performance Analysis

• AWS CloudWatch (Monitoring Logs, Metrics, Alerts).

• Grafana & Datadog (Setting up dashboards for network monitoring).

• Prometheus (Metrics collection & alerting rules).

1. HTTP

1.1 The Traffic Flow of HTTP

1. Client (Browser/API Requester) → User sends an HTTP request.

2. DNS Resolution → Converts domain (example.com) into an IP address.

3. Frontend Server (CDN/Load Balancer) → Serves static content and routes traffic.

4. Backend Server → Handles logic, interacts with the database.

5. Database → Stores and retrieves data.

6. Response Back to Client → Server returns HTTP response to the browser.

1.2 About Cookies

• Purpose: Store session data, authentication tokens, and user preferences.

• Types:
• Session Cookies → Temporary, deleted when the browser closes.
• Persistent Cookies → Stored on disk, expire after a set time.
• Secure Cookies → Sent only over HTTPS.
• HttpOnly Cookies → Not accessible via JavaScript (prevents XSS attacks).

• Set-Cookie Header Example: Set-Cookie: sessionId=abc123; Secure; HttpOnly

1.3 What is in a Request?

• Defines the protocol version (HTTP/1.1, HTTP/2, HTTP/3).

• Specifies resource location (https://example.com/api/users).

• Only used in POST, PUT, and PATCH requests.

• Contains JSON, XML, or form data.

• Example JSON Request Body:

1.4 What is in a Response?

• Contains HTML, JSON, or XML data.

• Example JSON Response:

1.6 curl in PowerShell Syntax Summary

1.7 curl Examples in PowerShell

1.8 How to Filter JSON Response in PowerShell

2 HTTPS

• Asymmetric Encryption → Used initially for key exchange.

• Symmetric Encryption → Used after the handshake for secure data transmission.

2.1 TLS Handshake

2.2 TLS Certificate and CA

2.3 Integrity and Encryption

2.4 MITM (Man-in-the-Middle) Attacks

3 TCP/IP Model vs. OSI Model

3.1 TCP/IP Model (4 Layers)

3.2 OSI Model (7 Layers)

4 DNS

4.1 Top-Level Domain and Level 2 Domain

4.2 DNS Query Types

4.3 DNS Recursive vs. Iterative Query

• When a hostname (e.g., www.example.com) is queried, most DNS resolvers perform recursion by default.

• Iterative queries are mainly used for IP-based reverse lookups (PTR records) or when querying root/TLD DNS servers.

• Recursive: One query, resolver does all work, used by ISPs & public DNS.

• Iterative: Multiple queries, client follows referrals, used by root & TLD servers.

4.4 DNS UDP and TCP

• DNS normally uses UDP (port 53) for speed.

• If the response is larger than 512 bytes, the server sets the TC flag, and the client switches to TCP.

5 TCP

5.1 TCP Header Packet Form

• Source port: this is a 16 bit field that specifies the port number of the sender. (0-65,535)

• Destination port: this is a 16 bit field that specifies the port number of the receiver.

• Sequence number: the sequence number is a 32 bit field that indicates how much data is sent during the TCP session. When you establish a new TCP connection (3 way handshake) then the initial sequence number is a random 32 bit value. The receiver will use this sequence number and sends back an acknowledgment. Protocol analyzers like wireshark will often use a relative sequence number of 0 since it’s easier to read than some high random number.

• Acknowledgment number: this 32 bit field is used by the receiver to request the next TCP segment. This value will be the sequence number incremented by 1.

• DO: this is the 4 bit data offset field, also known as the header length. It indicates the length of the TCP header so that we know where the actual data begins.

• RSV: these are 3 bits for the reserved field. They are unused and are always set to 0.

• Flags: there are 9 bits for flags, we also call them control bits. We use them to establish connections, send data and terminate connections:
• URG: urgent pointer. When this bit is set, the data should be treated as priority over other data.
• ACK: used for the acknowledgment.
• PSH: this is the push function. This tells an application that the data should be transmitted immediately and that we don’t want to wait to fill the entire TCP segment.
• RST: this resets the connection, when you receive this you have to terminate the connection right away. This is only used when there are unrecoverable errors and it’s not a normal way to finish the TCP connection.
• SYN: we use this for the initial three way handshake and it’s used to set the initial sequence number.
• FIN: this finish bit is used to end the TCP connection. TCP is full duplex so both parties will have to use the FIN bit to end the connection. This is the normal method how we end an connection.

• Window: the 16 bit window field specifies how many bytes the receiver is willing to receive. It is used so the receiver can tell the sender that it would like to receive more data than what it is currently receiving. It does so by specifying the number of bytes beyond the sequence number in the acknowledgment field.

• Checksum: 16 bits are used for a checksum to check if the TCP header is OK or not.

• Urgent pointer: these 16 bits are used when the URG bit has been set, the urgent pointer is used to indicate where the urgent data ends.

• Options: this field is optional and can be anywhere between 0 and 320 bits.

5.2 TCP Lifecycle

• TCP uses a 3-way handshake to establish a connection between client and server.
• Client sends a SYN packet with an initial sequence number (SEQ=x).
• Server responds with a SYN-ACK, acknowledging the client's SEQ (ACK=x+1) and sending its own SEQ=y.
• Client sends a final ACK (ACK=y+1), confirming the connection. Once established, both sides can start sending data.

• During data transmission, TCP ensures flow control and error recovery using sequence numbers (SEQ) and acknowledgment numbers (ACK). The sender assigns a SEQ number to each packet (SEQ=100). The receiver responds with an ACK number (ACK=101), meaning "I received SEQ 100 and expect 101 next." The sender continues sending packets, and the receiver keeps acknowledging.

• If a packet gets lost or corrupted, TCP retransmits it. If the receiver does not receive a packet, it does not send an ACK for it. The sender notices a missing ACK and retransmits the packet. TCP can use timeout-based retransmission or fast retransmit (triggered by duplicate ACKs).

• To close a connection, TCP uses a 4-way handshake.
• The client sends a FIN request.
• The server acknowledges the FIN with an ACK.
• The server then sends its own FIN.
• The client acknowledges the FIN, closing the connection fully.

5.3 TCP Sliding Window

• If MTU = 1500 bytes (Ethernet default) (VPN IPSec 1400 bytes)

• IP Header = 20 bytes, TCP Header = 20 bytes

• Then, MSS = 1500 - 40 = 1460 bytes

5.4 UDP vs TCP

• TCP 80: HTTP (Web Traffic)

• TCP 443: HTTPS (Secure Web Traffic)

• TCP 22: SSH (Secure Shell)

• TCP 25: SMTP (Email Sending)

• UDP 53: DNS (Domain Name System)

• UDP 67/68: DHCP (Dynamic Host Configuration Protocol)

• UDP 123: NTP (Network Time Protocol)

• UDP 161: SNMP (Simple Network Management Protocol)

5.5 TCP Q&A

6 ALB (Application Load Balancer) Cookie-Based Session Persistence

6.1 Logic Flow

• The client (browser, API, mobile app) initiates a request to the Application Load Balancer (ALB)

• The Listener in ALB is configured on Port 80 (HTTP) or 443 (HTTPS).

• The listener rules decide which Target Group the request should go to.

• Example Rules:
• If the path is /api/*, forward to Target Group A (Backend API servers).
• If the path is /dashboard/*, forward to Target Group B (Web App servers).

• The Target Group contains multiple backend instances (EC2, containers, or Lambda functions).

• The ALB chooses a healthy backend server from the target group and forwards the request.

• If stickiness is enabled, ALB checks if the client already has a session cookie (AWSALB or application-defined cookie).

• Scenario 1: First Request (No Cookie Yet)
• ALB routes the request to a randomly selected backend server.
• The backend server processes the request.
• ALB sets a session cookie (AWSALB) in the response.

• Scenario 2: Returning Request (Cookie Present)
• The client sends the same AWSALB cookie in the next request.
• ALB reads the cookie and forwards the request to the same backend server.

• The backend server handles the request, processes data, and sends back a response to the client.

• The client stores the AWSALB cookie in the browser or API client.

• For future requests, the client automatically sends the cookie, ensuring that requests stay on the same backend server.

6.2 Key Terms Explained

6.3 Summary

7 Summary of Bottleneck Troubleshooting with Iperf

8. When an HTTP Request to a Host Fails? tcpdump and telnet

8.1 Check Logs, Use tcpdump, and Attempt a telnet Connection

• Check web server and firewall Logs
• Inspect web server logs (/var/log/nginx/access.log, /var/log/httpd/error.log).
• Check application and firewall logs for possible issues

• Use tcpdump to Analyze Network Traffic: Monitor incoming/outgoing packets to detect timeouts, resets, or dropped connections.

• Attempt a Telnet Connection:Verify if the server is reachable on HTTP/HTTPS ports.

8.2 Alternative Debugging Steps

1. Check if the web server is running

2. Verify firewall rules (ensure HTTP/HTTPS traffic is allowed)

3. Check DNS resolution

4. Test network connectivity with curl

8.3 Summary of the Troubleshooting Approach

9 Linux

9.1 Linux Command

• hostname → Displays the system's hostname.

• whoami → Shows the current logged-in user.

• pwd → Prints the current working directory.

• lscpu → Displays detailed CPU information.

• df → Shows disk space usage.

• df -h → Displays disk space usage in a human-readable format.

• du → Shows disk usage of files and directories.

• du /home → Checks disk usage in the /home directory.

• ls → Lists files and directories in the current location.

• ls -l → Lists files with detailed information (permissions, ownership, size).

• ls -la → Lists all files, including hidden ones.

• ls -li → Lists files with inode numbers.

• mkdir linuxcmd → Creates a directory named linuxcmd.

• cd <directory> → Changes to a specific directory.

• cd . → Stays in the same directory.

• cd .. → Moves to the parent directory.

• touch testfile.txt → Creates an empty file.

• mv text4.txt text5.txt → Renames text4.txt to text5.txt.

• find text4.txt → Searches for text4.txt in the current directory.

• find . -name text5.txt → Searches for text5.txt within the current directory tree.

• rpm -q package_name → Redhat Package Management for query package

• cat text5.txt → Displays the contents of text5.txt.

• cat file1 file2 → combine two files

• less text5.txt → Allows scrolling through text5.txt.

• more text5.txt → Views text5.txt page by page.

• head -5 text5.txt → Shows the first 5 lines of text5.txt.

• tail -5 text5.txt → Shows the last 5 lines of text5.txt.

• wc -l text5.txt → Counts the number of lines in text5.txt.

• diff text3.txt text5.txt → Compares two files line by line.

• sort text5.txt → Sorts the contents of text5.txt.

• file → Show file type

• grep "name" text5.txt → Searches for the word "name" in text5.txt.

• egrep "name" text5.txt → Similar to grep, but supports extended regular expressions.

• pwd > pwd.txt → Saves the output of pwd into pwd.txt.

• history > command.txt → Saves the command history into command.txt.

• pwd 2> pwd.txt → Redirects error output to pwd.txt.

• cat abc 2> pwd.txt → Redirects error messages when trying to read abc to pwd.txt.

• top → Displays active system processes.

• ps → Shows running processes.

• ps -ef → Displays all running processes with full details.

• kill 1595 → Terminates the process with PID 1595.

• alias ll='ls -lah’ → An alias is a shortcut for a command or a series of commands in Linux.

• ip → Displays network interfaces and IP addresses.

• ifconfig → Shows network interface configuration.

• ping www.google.com → Checks connectivity to Google.

• ping 8.8.8.8 → Checks connectivity to Google's public DNS.

• netstat → Displays network connections.

• netstat -l → Shows listening ports.

• netstat -putan | grep 22 → Finds active processes using port 22.

• curl → Fetches data from a URL.

• curl --help → Displays help for the curl command.

• telnet → Connects to remote servers via Telnet.

• crontab -i → Edits the cron jobs interactively.

• crontab -u randon -i → Modifies cron jobs for user randon.

• systemctl status ssh → Checks the status of the SSH service.

• systemctl start ssh.service → Starts the SSH service.

• systemctl status https → Checks the status of the HTTPS service.

• systemctl restart http.service → Restarts the HTTP service.

• shred -u text3.txt → Securely deletes text3.txt.

• shred --remove testfile.txt → Securely deletes testfile.txt.

• history → Displays a list of previously executed commands.

• history > history.txt → Saves command history into history.txt.

9.2 Linux Concepts

• The Kernel is the core component of the Linux operating system. It acts as a bridge between the hardware and software, managing system resources like memory, CPU, and device drivers.

• Swap Space is a portion of the hard disk used as virtual memory when the system runs out of physical RAM.

• Runlevel defines the state of the system and determines which services and processes are running.
• Different runlevels help optimize performance, security, and troubleshooting.
• Servers often run in Runlevel 3 (without GUI) to save resources.
• Desktops use Runlevel 5 (GUI Mode) for a graphical experience.

• The Linux system boot process starts with POST (Power-On Self-Test) to check hardware components, followed by the bootloader loading the kernel into memory, which then initializes hardware drivers, memory management, and system processes before finally loading startup services, mounting file systems, and launching the GUI or command-line login prompt.

9.3 Permission Structure:

1. User (Owner)

2. Group (Users in the same group)

3. Others (Everyone else)

• User (Owner) → 7 (rwx) → Read, write, execute.

• Group → 5 (r-x) → Read, execute, no write.

• Others → 5 (r-x) → Read, execute, no write.

9.4 Ownership

9.5 Process and Thread

• A process is an independent program running on a computer with its own memory space.
• For CPU-intensive tasks, use multi-processing.

• A thread is a lightweight process that runs within a process and shares the same memory (heap, code, files) with other threads in the same process.
• For threads for I/O-heavy tasks, use multi-thread.

10 IP Address and DHCP

10.1 Summary of IPv4 Classes

10.2 When a device (client) connects to a network, it follows these 4 DHCP steps: