Common Booting issues:

Q-1 what if Boot Loader (MBR / Grub) got corrupted?

The MBR maximum size is 512 byes long. If from some reason the first 448 bytes are overwritten, the CentOS or Red Hat
Enterprise Linux cannot be loaded unless you boot the machine with a CentOS ISO image in rescue mode or
using other boot loading methods and reinstall the MBR GRUB boot loader.

Recover Grub Boot Loader

1. While the Bios perform the Post test, press a special key (Esc, F2, F11, F12, Del depending on the motherboard
instructions) in order to enter BIOS settings and modify the boot sequence so that the bootable DVD/USB image
is booted first at machine start-up
2. After the CentOS 7 / RHEL bootable media has been detected, the first screen will appear in your machine
monitor output. From the first menu choose the Troubleshooting option and press [enter] key to continue.
3. On the next screen choose Rescue a CentOS/RHEL system option and press [enter] key to move further. A new
screen will appear with the message ‘Press the Enter key to begin the installation process’. Here, just press
[enter] key again to load the CentOS/RHEL system to memory.
4. After the installer software loads into your machine RAM, the rescue environment prompt will appear on your
screen. On this prompt type 1 in order to Continue with the system recovery process
5. On the next prompt the rescue program will inform you that your system has been mounted under
/mnt/sysimage directory. Here, as the rescue program suggests, type chroot /mnt/sysimage in order to
change Linux tree hierarchy from the ISO image to the mounted root partition under your disk.
6. Next, identify your machine hard drive by issuing the below command in the rescue prompt.
# ls /dev/sd*
after you’ve identified your machine hard disk, you can start installing the GRUB boot loader by issuing the below
commands
/sbin/grub2-install /dev/sda
Exit & again Exit

Q-2. What if Default run level has been changed (Suppose runlevel 6)?

If Default run level got changed to run-level 6 and we have rebooted the system, it’s got rebooted again and again
whenever its go to systemd at boot time.

So in order to resolve the issue first we need to add below term at kernel line “Linux16”
rhgb quiet 3

Press ctrl+x and once system is up change the default run level to run-level3

Systemctl set-default multi-user.target or

ln –sf /lib/system/system/multi-user.target /etc/systemd/system/default.target

Q-3. How to resolve the kernel panic issue?

Ans. Kernel panic issue mostly occurred when the system is patched and the kernel is not updated properly. So in
order to resolve the issue we need to reboot the kernel and boot it with old kernel.

Once system is booted we need to update the system again and also we need to check if vmlinuz and initramfs of
the newly updated kernel is present or not in /boot if initramfas is not there we also need to create it through dracut
command.
Q-4. Error Bootable media not found:

Ans: 1st need to check the BIOS settings to confirm the default bootable media. Sometimes system is booted from
wrong booting device such as Floppy disk.

If Bootable media is correct, might be possible our MBR is got corrupted, so we need to recover it same as Grub.

Q-5 MBR error

● Invalid partition table, Error loading operating system, Missing Operating system, Bootable Media not
found.

Ans. Need to reconfigure the Grub

Q-6 Difference between Grub & Grub2:

1. Grub has main configuration file menu.Ist and grub.conf whereas grub2 has only one main configuration file
grub2.cfg
2. In Grub it’s really hard for normal user to modify the configuration file but grub2 is more user-friendly, grub2-
mkconfig will automatically change the configuration.
3. Grub uses physical and logical address to identify the disk whereas, grub2 uses UUID to identify the disks.
(Related to partprobe)
4. We also have choice of create custom menuentry in /erc/grub.d/40_custom

Q-7 MBR?

Master boot record is 512 bytes of record located in the first sector of the hard disk and stored the boot loader as boot
strap code and partition table info and also boot signature. It’s divided into 3 parts:

Description Size

Boot Strep Area 446 Bytes

Partition Entry No. 1 16 Bytes

Partition Entry No. 2 16 Bytes

Partition Entry No. 3 16 Bytes

Partition Entry No. 4 16 Bytes

Boot Signature / Magic Number 2 Bytes

- The Boot Strap code area:

Also called the master Boot Code or the Boot Loader area. Boot Strapping is a simple process activating a more
complicated system. The Boot Strap code is responsible for the following activities:

● Scans the partition table for the active partition.

● Find the Starting sector of the active partition.
● Loads a copy of the boot sector from the active partition into memory.
● Transfer control to the executable code in the boot sector.

If the boot strap code cannot complete this function the system displayed one of the following error message:

● Invalid partition table Error loading operating system

 ● Missing Operating system Bootable Media not found.

Q-8 Boot Process

Whenever we press the power button

1. Its first go to BIOS, which perform the POST for all the attached peripheral devices and if all they are working its try to
locate the bootable media from BIOS settings to load the MBR or we can say its handover the process to MBR

2. MBR is Master Boot Record which located in the first sector of hard disk. Size of the MBR is 512 Bytes, which is divided
into three parts:

446: have info of Boot loader

64: Have info of the partition table in 4 partition of 16*4

2: Signature Verifier

Basically its find the Grub and handover the system to Grub boot loader

3. Grub stores all the info of kernel and splash a screen of all the kernel installed on our server to allow us the kernel to
execute, if we did not choose the kernel it will load the default kernel mentioned in /boot/grub2/grub.cfg as per the
menuentry. It’s contained cpio archive of kernel image vmlinuz

4. Kernel load the initrd as temporary root file system until the kernel is booted and actual root file system is mounted
and also execute the systemd process. As its 1st process of kernel its PID is 1. It’s also load all the kernel modules.

5. Systemd load all the services which is defined in /etc/systemd/system/default.target

6. Target: Systemd load the default runlevel 3 or 5 from default.traget

7. Getty process executed and prompted for user credentials.

Run Level Dir:

Run Level 0 - /etc/rc/d/rc0.d

Run Level 1 - /etc/rc/d/rc1.d

Run Level 2 - /etc/rc/d/rc2.d

Run Level 3 - /etc/rc/d/rc3.d

Run Level 4 - /etc/rc/d/rc4.d

Run Level 5 - /etc/rc/d/rc5.d

Run Level 6 - /etc/rc/d/rc6.d

Q-9 Diff in MBR and GPT:

Ans: ***MBR works with disks up to 2 TB in size, but it can’t handle disks with more than 2 TB of space. MBR only
supports up to four primary partitions*** or 3 Primary and 1 logical (128 partitions), working with Legacy and UEFI BIOS
both

GPT 128 Primary partition, Boot records / Partition info stored in 2 places 1st sector of disk and last sector of disk,
working with UEFI BIOS.
Q-10 what happen when we browse a website: -?

1. Whenever we browse the any website, browser search it on 1st Browser cache, if it’s not found anything
2. its searched it in the OS/System Cache, if not found
3. Its searched it on router cache, if not found
4. It’s searched it on ISP cache, which browser would check with the last hope.

If the requested URL is not in any cache, the DNS resolver initiate the DNS query to find the IP address of the concern
URL.

1. So the ISP's DNS recursor contact to root name server.

2. The root name server will redirect it to Top Level Domain (.com, .in, .org, etc.) Name Server
3. the TLD's Name Server send request to Second Level Domain Name Server
4. Then the SLD's NameServers find the IP address of concern URL from DNS zone and provide it to DNS recursor.
5. The DNS recursor provide it to requestor browser/client
6. once client got the IP address of concern URL's Server, then its start tcp handshake process

1. It sends the server a SYN packet "Hello There, please Open a connection for me"
2. The Server send a SYN-ACK packet to client. Acknowledgment of the client request and SYN packet by asking
"Hello There do you want me to open the connection too and on which port"
3. The client sends ACK to server yes please open a connection for me and on port 80.

1. Once the TCP connection is established the browser send a GetResponse to the Server asking for the concern
URL webpage. If you’re entering credentials or submitting a form this could be a POST request. This request will
also contain additional information such as browser identification (User-Agent header), types of requests that it
will accept (Accept header), and connection headers asking it to keep the TCP connection alive for additional
requests. It will also pass information taken from cookies the browser has in store for this domain.

2. The server passes this request to the concern handler of program (whether it’s in php, ruby, java etc.), then the
handlers assemble the code in particular format xml/html and server send response with requested webpage
with status code
3. At the end you will see the concern URL webpage in browser

And that’s how the website appeared on the browser.

Also if website is using the SSL/TLS:

- The client asked the server to open an Encrypted connection with its cipher suits and TLS version it’s supported.
- The server then sends the certificate and public key to client by saying hey let’s use this particular cipher suits
and I can use the TLS version you are using.
- The client verifies the server's certificate then extract the public key and use it to encrypt a new pre-master key
and sent the pre-master key to server
- The server uses the private key to decrypt the pre-master key.
- At this point the client and server both are using the pre-master key to compute a shared master key called
"Shared Secret"
- Client send an encrypted message and saying to server please decrypt it and verify that it's up to spec and now
from this point everything I send will be encrypted using our shared secret
- The server decrypts and verifies the message and sends a message back to the client in encrypted format and
saying that your encrypted message check-out here is the encrypted message please decrypt it too. Also from
this point everything I send will be encrypted using our shared secret.
Q-11 Explain “top” commands output

Ans.: 1° Row — top 

Current time (11:37:19), uptime of the machine (up 1 day, 1:25), users sessions logged in (3 users),
average load on the system (load average: 0.02, 0.12, 0.07) the 3 values refer to the last minute, five minutes
and 15 minutes.

Load Average = tells you how busy your system’s CPU, disk & other resources are.

2° Row – task

 Processes running in totals (73 total), Processes running (2 running), Processes sleeping (71 sleeping), Processes
stopped (0 stopped), Processes waiting to be stop at from the parent process (0 zombie)

3° Row – cpu

The third line indicates how the cpu is used. If you sum up all the percentages, the total will be 100% of the cpu. Let’s
see what these values indicate in order:
🡪Percentage of the CPU for user processes (0.3%us)
🡪Percentage of the CPU for system processes (0.0%sy)
🡪Percentage of the CPU processes with priority upgrade nice (0.0%ni)
🡪Percentage of the CPU not used (99.4%id)
🡪Percentage of the CPU processes waiting for I/O operations (0.0%wa)
🡪Percentage of the CPU serving hardware interrupts (0.3% hi — Hardware IRQ)
🡪Percentage of the CPU serving software interrupts (0.0% si — Software Interrupts)
🡪The amount of CPU ‘stolen’ from this virtual machine by the hypervisor for other tasks (such as running another virtual
machine) this will be 0 on desktop and server without Virtual machine. (0.0%st — Steal Time)

4° and 5° Rows – memory usage

The fourth and fifth rows respectively indicate the use of physical memory (RAM) and swap. In this order: Total memory
in use, free, buffers cached.
Let’s see what information we can get in the different columns:

● PID – l’ID of the process(4522)

● USER – The user that is the owner of the process (root)
● PR – priority of the process (15)
● NI – The “NICE” value of the process (0)
● VIRT – virtual memory used by the process (132m)
● RES – physical memory used from the process (14m)
● SHR – shared memory of the process (3204)
● S – indicates the status of the process: S=sleep R=running Z=zombie (S)
● %CPU – Percentage of CPU used by this process (0.3)
● %MEM – Percentage of RAM used by the process (0.7)
● TIME+ – Total time of activity of this process (0:17.75)
● COMMAND – Name of the process (bb_monitor.pl)

Q-12 Telnet?
Ans: telnet is a computer protocol that was built for interacting with remote computers. It’s a protocol used on the
internet or local area network to provide a bidirectional. It’s used to establish a connection to transmission control
protocol. Where a telnet server application (telnetd) is listening.

Once of the biggest perks of telnet is with a simple command you can test whether a port is open
# telnet <host or IP> <port>.

If the connection succeeds, a blank screen will show up, meaning that the port is open.
A failed connection indicate either a closed port or remote server is not listening on the provided port.

Q-13 Difference between RHEL 6 & 7

Feature Name RHEL 6 RHEL 7

 

Default file system EXT4 XFS

Kernel Version 2.3.x.x 3.10.x.x

Release Name Santiago Maipo

Gnome Version Gnome2 Gnome3.8

KDE Version KDE 4.1 KDE 4.6

Release Date Wed,10/11/2010 Tue 10/06/2014

NFS version NFS 4 NFS 4.1 NFSV2 is Deprecated in RHEL 7

Samba Version SMB 3.6 SMB 4.4

Default DATABASE Mysql Mariadb

Cluster Resource RGmanager Pacemaker

Manager

Networking  interface Bonding can be as active- Team Driver will support multiple types of teaming
Grouping backup,XoR IEEE and load balancing methods called active-backup,load-balancing and
Broadcast

Kdump Kdump doesn’t support with large Rhel -7 can be supported upto 3TB
Ramsize

Boot Loader Grub0.97 Grub2

File system check E2fsck Xfs_repair

Process -d Initd process PID 1 Systemd PID 1

Boot time 40 seconds 20 sec

 File system size Ext4 16TB with XFS 100 TB XFS 500TB with ext4 16TB

Processor Architecture 32 bit and 64 bit 64 bit

Network configuration Setup Nmtui

Tool

Hostname conf file /etc/sysconfig/network /etc/hostname

Interface name Eth0 Ens33

Managing service Service sshd start Systemctl start/stop/restart servicename

Service sshd restart Systmectl enable/disable Serrvicename
Chkconfig sshd on

System logs /var/log /var/log, journalctl

UID information System user-id will start from 1 to System uid 1- 999
499, normal user-id will start from Normal uid 1000 – 65534
500 to 65534

By pass root Append 1 or s , init=/bin/bash to Append rd.break or init=/bin/bash to kernel

kernel command line command line

Rebooting and Reboot – init 6 Systemctl reboot

poweroff Poweroff – init 0 Systemctl poweroff

Port security Iptables by default service port is Firewalld instead of iptables. Iptables can also
enabled when service is switched supported with RHEL 7. But we can’t use both of
on them at the same time. Firewall will not allow any
port until and unless you enable it

Q 14: What is Extents?

- Each volume within a volume group is segmented into small, fixed-size chunks called extents
- When creating volume group on a physical volume, the whole volume divided into small chunk block of equal size that
we call extents/physical extent.
- Suppose, we have a physical volume of size 2Gib, while creating volume group on that the PV is divide into PE as
 Number of PE = total available size/size of one PE (default size is 4MB)
 - we can change to size of PE while creating VG.
  # vgcreate -s 32M vgname

Q 15: lvm reduce

sometimes, we need to resize/reduce our LVM file-system due to different kinds of reasons.
steps to reduce LVM
1. unmount the filesystem that mount on that particular LVM that you want to reduce
# umount /dev/mapper/myvg-mylv
2. check file system
# e2fsck
3. reduce the file system to desired size
# resize2fs /dev/vg/lv 10G
4. reduce the LV using lvreduce
# lvreduce -L -8G /dev/VG/lv.
5. Mount the file system again.
Q 16: Difference between Buffer & Cache.
- The Buffer is mostly used for Input/output processes while the cache is used during reading and writing process
from the disk.
- Cache can also be a section of the disk while a buffer is only a section of the Ram.

Q 17: What is DHCP and how it works?

Ans: DHCP stands for dynamic host configuration protocol. It is used to control the network configuration of a host
through a remote server. DHCP functionality comes installed as a default feature in most of the contemporary operating
systems.
- It is an excellent alternative to the time-consuming manual configuration of network settings on a host
or a network device.
- DHCP works on client-server model. Being a protocol, it has its own set of messages that are
exchanged between the client and server.
 
Here are the different messages that are used in the process.
 
1.       DHCPDISCOVER: - it is DHCP message that marks the beginning of the DHCP interaction between server
and client. It is sent by a client. It is a broadcast message that used 255.255.255.255 as destination IP
address and 0.0.0.0 as a source address.
2.       DHCPOFFER: - It’s a message that is sent in response of DHCPdiscover by the server to client. This message
contains network configuration settings for the client that sent the DHCPDISCOVER message.
3.       DHCPREQUEST: - This message is sent in response to DHCPoffer indicating that the client has accepted the
network configuration sent in DHCPOFFER message from the server.
4.       DHCPACK: - It is sent by the DHCP server in response to DHCP request received from the client. This
message marks the end of the process that started with
5.       DHCPNACK: - It is the exact opposite to DHCPACK described above. This message is sent by the DHCP
server. When it is not able to satisfy the DHCPrequest message from the client.
6.       DHCPDECLINE: - It is sent from the client to the server in case the client finds that the IP address assigned
by DHCP server is already in use.
7.       DHCPINFORM: - This message is sent from the DHCP client in case the IP address is statically configured on
the client and only other network settings or configuration are desired to be dynamically acquired from
DHCP server.
8.       DHCPRELEASE: - this message is sent by the client in case it wants to terminate the lease of network
address it has been provided by DHCP server.

Q 18: Difference between TCP and UDP

Ans:
● TCP stands for “Transmission Control Protocol” UDP stands for “User datagram Protocol”.
● TCP is a connection oriented protocol while UDP is a connectionless protocol.
● TCP is more reliable than UDP.
● UDP is faster for data sending than TCP.
● UDP makes error checking but no reporting but TCP checks for errors and performs reporting.
● TCP provides guaranteed Delivery of Data but UDP has no guarantee.
● Header size of TCP is 20 bytes while that of UDP is 8 bytes.
● TCP has acknowledgement segments but UDP has no acknowledgement.

● TCP is used for applications that require high reliability but less time critical whereas UDP is used for applications
that are time sensitive but require less reliability.

Q 19 CPU Cache:

Computer has two types of memory

DRAM (Dynamic RAM): Uses Capacitor to store data and these capacitors have to constantly and dynamically be
refreshed often with electricity in order for them to store data

SRAM (static RAM): SRAM is what is used in CPU cache because SRAM doesn't have to be constantly refreshed it is a lot
faster than DRAM and it's also very expensive

CPU cache is CPus internal Memory and its job is to store copies of data and instructions from RAM that's waiting to be
used by the CPU.

** CPU cache holds the common data that its think that CPU is going to access over and over again because when the
CPU needs to access certain data it's always check the faster cache memory first to see if data it needs is there and if it
is not then CPU would have to go back to slower primary memory or RAM to get the data it needs so that's why cache
memory is so important. **

** Because if the CPU can access what it needs onto faster cache the faster the computer will perform. **
** The whole Idea behind cache is to make the computer run faster at a cheaper price. **
** Computer can run without CPU cache but it would be a lot slower. **
** CPU cache acts like a middleman between CPU and RAM to assist in feeding the CPU that data it needs a lot faster
which reduces bottlenecks. **

CPU cache comes in three different levels.

Level 1 cache
    -    Also called primary cache.
    -    Located on the processor.
    -    Runs as the same speed as the processor.

** And if the CPU is not find the data it needs in the Level 1 cache it then searches the level 2 cache for the data. **
    
Level 2 cache
    -    Also called external cache
    -    Used to catch the recent accesses from the processor that were not caught by Level 1 cache.
    -    In Earlier Computers, Level 2 cache was located on a separate chip on the motherboard.
    -    In Modern CPUs it would be located on the processor.
    -    Level 2 cache is larger than the level 1 cache but it’s not as fast as level 1 cache.

** And if the CPU can't find the data in the Level 2 cache then it searches the last level of cache which is level 3. **

Level 3 cache
    -    Level 3 cache is also located on the processor.
    -    Level 3 is often referred to shared cache because its memory is shared between all the cores on the CPU.
    -    Used to catch recent data access which were not caught by level 2 cache.
    -    Level 3 is larger than the level 2 but it’s not as fast as level 2 cache.
    -    Finally if level 3 does not have the data then the CPU has to go back to the slower Ram to find the data its needs.

** Level 3 is often referred to shared cache because its memory is shared between all the cores on the CPU whereas
Level 1 and Level 2 cache are dedicated to their own CPU core. **

Q 20: Type of Kernel:

Ans: Kernel is the core part of an operating system which manages system resources. It also acts like a bridge between
application and hardware of the computer. It is one of the first programs loaded on start-up (after the Bootloader).
 1. Monolithic Kernel. This kernel type has all required functionality inside the kernel, schedulers, device
drivers, memory management etc all in a memory space owned by the kernel. Monolithic kernels
typically have the highest data throughput of all kernels and is best used in large servers or job
dedicated servers.

2. Micro Kernel. This kernel type uses the minimum set-up required for scheduling, memory
management and inter-process communication. This vastly reduces the amount of memory required
for kernel use. The minimum size of the kernel means that the amount of extra communication
required by device drivers reduces the maximum data flow through the kernel but also decreases
kernel response time to interrupts. Microkernels are typically found in real time systems.

3. Hybrid Kernel. This is a mix between the 2 above. The kernel is larger than micro but smaller than
monolithic. What you normally get is a stripped down monolithic kernel that has the majority of
device drivers removed but still all of the system services within the kernel space. The device drivers
will be attached to the kernel as required when starting up or running. These kernels are typically
found on desktops, Windows, Mac and Linux OS flavors.

4. Nano Kernel. This kernel type only offers hardware abstraction, there are no services and the kernel
space is at a minimum. A Nano kernel forms the basis of a hypervisor upon which you may emulate
multiple systems via virtualization. Nano kernels are also very good for embedded projects.

5. Exo-Kernel. This kernel is the smallest kernel that I know of. It offers process protection and resource
handling and nothing else. The programmer using this kernel is responsible for correctly accessing the
device they wish to use. I do not know of an instance of the kernel type where it is used outside of
academia but I’m happy to be corrected.

Q 22: How to set Default Run-Level?

Ans: RHEL 6: We can change the runlevel by editing /etc/inittab
RHEL 7: systemctl set-default multi-user.target
systemctl get-default (to check the current run level)

Q 23: What is Broadcast domain?

Ans: A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by
broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to
other LAN segments.

Ping Results:
Request Time Out: Host is down or it’s blocking the ping request.
Destination host unreachable: Message comes from router, which means that route to the destination cannot be
found.

Q 24: What is Hypervisor?

Ans: A hypervisor also known as a Virtual Machine Monitor, is a process that creates and run virtual machines
(VMs). A Hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, like
Memory and processors.
Two Type of Hypervisor: 1. Bare-metal (Microsoft hyper-V, VMware ESXi, Citrix XenServer)
2. Hosted Hypervisor (KVM and Xen)
Q 25: What is Subnetting?
Ans: Subnetting is used to divide a single physical network into more than one smaller sub-networks. Subnetting
allows an organization to add sub-networks without the need to acquire a new network number via the ISP.
Q 26: How TCP connection got terminated?
Ans:
1. Initiator(Client/Server) send a Fin package to receiver(Server/Client) by saying that hey I want to close the
connection
Here at this point the initiator is on waiting mode and connection is half-closed
2. Then the receiver sends a Ack packet to Initiator by saying I got your request
3. The receiver sends a Fyn packet to receiver by saying hey I am closing your connection and at this point the
connection is on half-closed mode at receiver end as well.
4. Then the Initiator sends the Ack packet to receiver that connection got closed.

Q 27: OSI Model:

Application (layer 7): - This layer is where the application and user communicates. Application specific protocols are
used here such as SMTP (simple mail transfer protocol) for sending emails from Outlook.

Presentation (layer 6): - This layer formats the data in a way that the receiving application can understand it. This
layer is also able to encrypt and decrypt date if needed.

Session (layer 5): - This layer is responsible for establishing and terminating of connections between devices.

Transport (layer 4): - The transport layer of OSI Model is used for error handling and sequencing to unsure no data
is lost. This layer also adds source and destination port numbers

Network (layer 3): - The network layer handles IP address routing. At this stage of the OSI model the source and
destination IP address is added to the data.

Data Link (layer 2): - At this layer the physical address (MAC Address) is added to the data, this includes the source
and destination MAC address.

Physical (layer 1): - The physical layer is the lowest layer of the OSI model. Its key responsibility is to carry the data
across the physical hardware such as an Ethernet cable to the destination.

Application - SMTP, FTP, Telnet

Presentation - Format Data Encryption / Decryption
Session - Start Stop Session
Transport - TCP, UDP, Port Numbers
Network - IP Address, Router
Data Link - Mac Address, Switches
Physical - Cables, Ethernet ports

Up to down:
Suppose we are sending an email.
- Application layer - This layer is where the application and user communicates. Application specific protocols are
used here such as SMTP (simple mail transfer protocol) for sending emails from Outlook.
- Presentation layer - Formatted the data as the receiving device can understand. In this Example probably it’s
ASCII. This layer is also able to encrypt and decrypt data if needed.
- Session layer: Establishing the connection with remote devices
- Transport layer: This layer decide what need to use TCP or UDP. In this case its uses TCP to make sure every packet
will be delivered also the source and destination port added to the data. Uses Segment. End to End Delivery or port
to port
- Network Layer: The IP address of the remoter server added as destination and the source IP address also added to
data. Uses Packet. It’s doing Host to host delivery by using the logical IP address
- Data Link Layer: The MAC address of the Source and Destination server added to the Data. And send packet as
FRAMEs and added header and tailer on it as well. And control the flow of data from hop to hop
- Physical Layer: Convert the frames/bits into Signals and The Data Sent Out to the Network using Ethernet

When the Receiving Device received the data it’s proceed the Data in same way but in reverse

Q 28: File System Hierarchy?

Ans.: All file on a Linux system are stored on the file system which are organized into a single inverted tree of directories
known as file system Hierarchy.

/usr: installed software, shared libraries include files & static read only program data

/usr/bin: user commands

/usr/sbin: system administration commands

/usr/local: locally customized software

/etc: configuration file specific to the system

/var: variable data specific to this system that should persist between boots. Files that dynamically change may
be found under /var

/var/log/messages: system log file

/var/tmp: an archiving containing the collected information will be generated in /var/tmp

/run: runtime data for processed started since the last boot. The content of this directory are recreated on
reboot.

/home: where regular user stores their personal data & configuration file

/root: home directories for the administrative super user, root

/tmp: a world-writable space for temporary files.

/boot: file needed in order to start the boot process.

/dev: contains special device files which are used by system to access hardware.

/proc: contains all the files of running process and the system stat files as well.

https://www.pcwdld.com/what-is-mtr-and-howto-troubleshoot-connections
https://www.digitalocean.com/community/tutorials/how-to-use-traceroute-and-mtr-to-diagnose-network-
issues
https://www.tecmint.com/linux-performance-monitoring-with-vmstat-and-iostat-commands/
https://www.gmarik.info/blog/2012/orphan-vs-zombie-vs-daemon-processes/
Q 29: What if server is not booting?
Ans:
1. I will goes to Bios first to make sure the first boot device is setup to hard disk drive.
2. If it setup I will check the hard disk cable that its properly attached to the server
3. If it’s still not booting I will assume that MBR might be corrupt. So I will try to reinstall the grub again from
rescue mode through CD or I can attach the concern disk to another working machine to install the grub
again.
4. Assuming now I got the grub screen and it’s stuck there so I will check the boot loader again using attaching
the disk to another working machine or from rescue mode.
5. If system is still not booting then there might be issue with the kernel. Might be there are kernel panic issue
or Kernel image (vmlinuz) and the version of initrd.img is not matched, so we can try to boot the system
with recovery kernel to boot up the system and troubleshoot further.
6. If it’s still not booted then might be the issue with the file system check in that case system might stuck in
Emergency mode. We need to confirm if there are any issue with fstab file or we can also run the filesystem
check on it
Q 30: Traceroute?
Ans: Is a tool that can be used to vary the path that your data will take to reach its destination, without actually
sending the data.
- Each IP that we send on the internet has got a field called as TTL. TTL stands for Time to Live.
- TTL is not measured by no. of seconds but the no. of Hops. It’s a maximum number of Hops that a packet
can travel across the internet before its discarded.
- Hops are nothing but the computers, routers or any device that comes in between the source and
destination.

What if There was no TTL at all?

Ans: If there are no TTL in a IP packet, the packet will flow endlessly from one router to another and on and on
forever searching for the destination.

If the destination is not found after travelling through too many routers in between Hops and the TTL Value
becomes 0, the receiving router will drop the packet and informs the original sender.
If a router received a packet with TTL of 1, the packet is discarded but the router which discarded the packet will
inform the original sender that the TTL value has exceeded.
The information sends by the router receiving a packet with TTL of 1 back to the original sender is called as “ICMP
TTL exceeded message”.
Hence when an ICMP TTL exceeded the message is sent by a router, the original sender will come to know the
address of the router.

So when we fire the traceroute command i.e traceroute 8.8.8.8:

⮚ Its send a UDP packet which contains following things with the TTL value of 1:
o Source Address
o Destination Address
o A destination random UDP port number, which is invalid in the range of 33434 to 33534
⮚ Packet will reach to my gateway server. On seeing receiving my packet gateway server will reduce the TTL
by 1. Once the TTL is reduced by 1 (1-1=0), my gateway server will send me back a TTL time exceeded
message.
o When my TTL server sends a TTL exceeded message back to me it will send the first 28 Byte header
of the initial packet traceroute send.
⮚ On receiving this TTL time exceeded message, traceroute will come to know that source address and other
details about first hop.
 ⮚ And the 2nd step will go so on by adding 1 in TTL by traceroute until the last hop or original servers send the
message “ICMP Destination/Port unreachable”

Q 31: MTR
MTR combines ping (RTT and Packet loss) with traceroute (Devices in the path between Sender and
receiver). Using this information, you can determine the following in your machine;
● Connectivity to destination device: If the MTR successfully gets the destination, then you know there is
connectivity between source and destination. However, if it is unable to reach the destination, it does not
mean there is no connectivity – there could be something in path blocking traceroute.
● Packet Loss: The packet loss column tells us about the quality of link between source and destination too
many packet losses and you may need to troubleshoot further. Sometimes, packet loss along the path
between source and destination is common as some devices may be rate limiting (or filtering) packets used
by ping/tracerote/mtr
● Round-Trip time: If it’s taking too long for packets to go from source to destination, there may be
something wrong with the quality of your link. It could also be that the distance between source and
destination is quite large.
MTR reports by default, display the following columns:
- Loss% = The percentage of packet for which and ICMP reply was not received.
- Sent = The number of packet sent to each hop.
- Last = The Round Trip time of the last tracerorute packet, in ms.
- Avg = The Average round trip time of all the traceroute packets in ms
- Best = The Shortest round trip time of all traceroute packets, in ms
- Wrst = The longest round trip time of all traceroute packets, in ms
- Stdev = The Standard Deviation

Q 32: Nice Value

Nice is a command for the adjustment of the niceness value of the process. Adjusting the niceness value of
the process allows for setting an advice CPU priority that the kernel scheduler will use to determine which process
get more or less CPU.
Niceness value range from -20(highest priority) to 19(lowest priority). In order to prevent a process from stealing
CPU time from high priority process, we will increase the processes niceness value.
- Changing the niceness value of new process:
# nice –n -20 yum update –y
- Changing the niceness value of a running process:
# renice –m -10 –p <process ID>