This column will continue to update – please iOS friends pay attention!

(The answer is not unique, just for reference,)

1. How to understand HTTP?

HTTP is a Protocol in essence. Its full name is Hypertext Transfer Protocol. HTTP is a TCP/ IP-based communication protocol to transfer data. The protocol is used to specify the rules of transmission between the client and the server. The content to be transmitted is not limited to text (in fact, any type of data can be transmitted).

An HTTP can be thought of as a transaction that works in four steps:

  1. The client establishes a connection with the server
  2. After the connection is established, the client sends a request to the server
  3. The server receives the message and responds
  4. After receiving the message, the client displays the message on the screen and disconnects the client.

2. What is the difference between GET and POST in HTTP?

  • Get is used to obtain data from the server, and POST is used to send data to the server
  • The GET parameter is concatenated in the URL address, and the POST parameter is placed in the package body. Post is safer and more private than GET
  • Get can be cached and can be stored in the browser browsing history

3. A complete HTTP request? When we type ‘Docs.qq.com/doc/DTWxwWE…And then I hit enter, and when I hit enter what happens to the page?

Domain name resolution --> initiate TCP 3-way handshake --> Initiate HTTP request after establishing TCP connection --> Server responds to HTTP request, browser gets HTML code --> Browser parses HTML code, And requests resources in the HTML code (such as JS, CSS, images, etc.) --> The browser renders the page to the userCopy the code

4. Brief description of the request packet?

Request packets include request line, request header, and request body

  1. Request line: The request line contains the request Method, uniform resource identifier (URI), and HTTP version number
  2. Request header: The request header mainly stores the additional information that the client wants to send to the server. Host: the network address of the target server. Accept: Allows the server to know the data type that the client can receive, such as text/ HTML/content-Length: body Length, and so on
  3. Request body: the data that really needs to be sent to the server

5. Brief description of the response packet?

The response packet contains three parts: response line, response header, and response entity. 1. Status line: indicates the status information returned by the server to the client, including the HTTP version number, status code, and the English name corresponding to the status code. Response header: Additional information similar to the request header. 3. Response body: real data returned by the server

6. What are the features of HTTP?

HTTP is an object-oriented protocol at the application layer. The HTTP protocol has five characteristics:

  1. Support client/server mode.
  2. Simple and fast: When a client requests service from a server, only the request method and path need to be passed. The common request methods are GET, HEAD, and POST. Each method specifies a different type of contact between the client and the server. Because the HTTP protocol is simple, the program size of the HTTP server is small, so the communication speed is very fast.
  3. Flexibility: HTTP allows the transfer of data objects of any type. The Type being transmitted is marked by a Content-type, which is the identifier used in HTTP packets to represent the Content Type.
  4. Connectionless: Connectionless means that only one request can be processed per connection. When the server finishes processing the customer’s request and receives the customer’s reply, it disconnects. In this way, transmission time can be saved.
  5. Stateless: THE HTTP protocol is stateless. Stateless means that the protocol has no memory for transactions. The lack of state means that if the previous information is needed for subsequent processing, it must be retransmitted, which can result in a larger amount of data being transmitted per connection. On the other hand, the server responds faster when it doesn’t need the previous information.

7. What are the common HTTP methods?

HTTP1.0 defines three request methods: GET, POST, and HEAD. HTTP1.1 adds five new request methods: OPTIONS, PUT, DELETE, TRACE, and CONNECT.

  1. GET requests the specified page information and returns the entity body.
  2. HEAD is similar to a GET request, except that the response returned has no specific content, which is used to retrieve the header
  3. POST submits data to a specified resource for processing a request (such as submitting a form or uploading a file). The data is contained in the request body. POST requests may result in the creation of new resources and/or the modification of existing resources.
  4. PUT Transfers data from the client to the server in place of the contents of the specified document.
  5. DELETE requests the server to DELETE the specified page.
  6. The CONNECT HTTP/1.1 protocol is reserved for proxy servers that can pipe connections.
  7. OPTIONS allows clients to view server performance.
  8. TRACE Indicates the request received by the server. It is used for testing or diagnosis.

8. What is TCP?

  • TCP (Transmission Control Protocol) is a connection-oriented, reliable, byte stream – based transport – layer communication protocol. Is designed specifically to provide a reliable end-to-end byte stream over unreliable Internet, byte stream oriented. There will be three handshakes to establish the connection, and there will be confirmation when the data is passed. Windows. Retransmission. Congestion control mechanism that disconnects after data transmission to save system resources.

9. What is UDP?

  • UDP(User Datagram Protocol) is the counterpart of TCP. It is a connectionless protocol, it does not establish a connection with the other party, but directly to send packets to the past! UDP Is applicable to applications that transmit only a small amount of data at a time and have low reliability requirements

10. Differences between TCP and UDP

  1. TCP connection-oriented (three-way handshake); UDP is connectionless, meaning that a connection does not need to be established before sending data
  2. TCP provides reliable services. That is to say, the data transmitted through the TCP connection, no error, no loss, no repetition, and in order to arrive; UDP delivers as best it can, meaning it does not guarantee reliable delivery. Tcp delivers reliably through checksum, retransmission control, serial number identification, sliding window, and acknowledgement reply. For example, when the packet is lost, it can also control the order of the subcontract which is out of order.
  3. UDP has better real-time performance and higher work efficiency than TCP. It is suitable for high-speed transmission and real-time communication or broadcast communication.
  4. Each TCP connection can only be point-to-point. UDP supports one-to-one, one-to-many, many-to-one and many-to-many interactions
  5. TCP requires more system resources, while UDP requires less system resources.

11. What is a three-way handshake?

Three-way Handshake is a TCP connection that requires a total of Three packets sent by the client and server to confirm the connection.

  • First handshake: The client sends a SYN packet (SYN =j) to the server, enters the SYN_SEND state, and waits for the acknowledgement from the server.
  • Second handshake: After receiving a SYN packet, the server must acknowledge the client’s SYN(ACK =j+1) and send a SYN packet (ACK =k). Then the server enters the SYN_RECV state.
  • Third handshake: After receiving the SYN+ACK packet from the server, the client sends an ACK packet (ACK = K +1) to the server. After the ACK packet is sent, the client and server enter the ESTABLISHED state and complete the three-way handshake. The packet sent during the handshake does not contain data. Data is transferred between the client and the server only after the three-way handshake.

Reference: www.jianshu.com/p/0b32c7275…

12. What are four waves?

Because TCP connections are full-duplex, each direction must be closed separately. The principle is that when a party completes its data sending task, it can send a FIN to terminate the connection in that direction. Receiving a FIN only means that there is no data flowing in that direction. A TCP connection can still send data after receiving a FIN. The first party to close will perform an active close, while the other party performs a passive close.

  1. TCP A TCP client sends a FIN to shut down data transfer from the client to the server.
  2. When the server receives the FIN, it sends back an ACK confirming that the serial number is the one it received plus one. Like SYN, a FIN takes a serial number.
  3. The server closes the connection to the client and sends a FIN to the client.
  4. The client sends an ACK packet and sets the acknowledgement number to the receiving number plus 1.

13. What is HTTTS?

HTTPS (full name: Hyper Text Transfer Protocol over Secure Socket Layer or Hypertext Transfer Protocol Secure (Hyper Text Transfer Protocol Secure) is a Secure HTTP channel. In short, it is a secure version of HTTP. The SSL layer is added to HTTP. The security basis of HTTPS is SSL, so the detailed content of encryption needs SSL.

14. Description of the HTTPS connection process

  1. The client initiates an HTTPS request to the server
  2. The server (which applies for a CA certificate) returns the certificate (including the public key) to the client
  3. The client uses the root certificate to verify the validity of the server certificate for identity verification
  4. The client generates a symmetric key, uses the public key for the password, and sends the password to the server
  5. The server uses the private key to decrypt and obtain the symmetric key
  6. A pair uses symmetrically encrypted data to communicate

15. What is symmetric encryption

Symmetric encryption is the fastest and simplest type of encryption, using the same secret key as encryption and decryption. There are many kinds of symmetric encryption algorithms. Because of its high efficiency, it is widely used in the core of many encryption protocols. The common ones are AES,DES,3DES and so on

16. Asymmetric encryption

Asymmetric encryption provides a very secure method for encrypting and decrypting data. It uses a pair of keys, public key and private key. A private key is held securely by only one party and cannot be leaked, while a public key can be given to anyone who requests it. Asymmetric encryption uses one of the keys to encrypt, while decryption requires the other key. Common: RSA algorithm

17. Differences between HTTP and HTTPS

The differences between HTTPS and HTTP are as follows:

  1. For HTTPS, you need to apply for a certificate from the CA. Generally, there are few free certificates and you need to pay a fee.
  2. HTTP is the hypertext transfer protocol, and information is transmitted in plain text. HTTPS is the SECURE SSL encryption transfer protocol.
  3. HTTP and HTTPS use completely different connections and ports (80 and 443).
  4. HTTP connections are simple and stateless; HTTPS is a network protocol based on SSL and HTTP for encrypted transmission and identity authentication. It is more secure than HTTP

18. What about sessions and cookies?

  • Session is a data structure used by the server to authenticate and track users. A user is identified by judging the information sent from the client and the unique identifier of the user is the SessionId sent from the client
  • A Cookie is a mechanism used by clients to store user information. HTTP protocol records a SessionID in the Cookie for the first session, and sends the SessionID to the server for each session
  • Sessions are generally used to authenticate users. By default, sessions are stored in a file on the server, but they can also be stored in memory, in a database
  • If cookies are disabled on the client, the client uses the URL rewriting technique, that is, adding the SessionID to the end of the URL during the session and sending it to the server

19. What kind of Socket?

  • Two programs on a network exchange data through a two-way communication connection, one end of which is called a socket.
  • At least one pair of sockets is required to establish a network communication connection. Socket is the essence of programming interface (API), the encapsulation of TCP/IP, TCP/IP should also provide for programmers to do network development interface, this is the socket programming interface; HTTP is a car that provides a concrete form of encapsulating or displaying data; Sockets are engines that provide network communication capabilities.

20. What is DNS?

The DomainNameSystem (DNS) is a service of the Internet. As a distributed database that maps domain names and IP addresses to each other, it makes it easier for people to access [the Internet]

21.DNS hijacking problem?

DNS hijacking is also called (domain name hijacking), refers to the hijacked intercept DNS request within the limits of network, analyze the request of the domain name, outside the scope of review requests, otherwise returns false IP address or do nothing lose request response, its effect is to specific network can not access url is false or visit. Solution: Use HTTPDNS

22. What is Layer 7?

The OSI model has seven layers, and each layer can have several sub-layers. The OSI layer 7 is divided into 7 layers from top to bottom: application layer 6 representation layer 5 Session layer 4 Transport layer 3 Network layer 2 Data link layer 1 Physical layer. Layers 7, 6, 5, and 4 define the functions of the application, while the following three layers (layers 3, 2, and 1) are focused on the end-to-end data flow over the network.

  1. An interface between an application layer network service and the end user. The protocols are HTTP FTP TFTP SMTP SNMP DNS TELNET HTTPS POP3 DHCP
  2. Presentation layer data representation, security, compression. (in the five layer model has been merged into the application layer) format, JPEG, ASCll, DECOIC, encryption format 3. The session layer establishes, manages, and terminates sessions. (In the five-layer model, it has been merged into the application layer.) The corresponding host process refers to the ongoing session between the local host and the remote host
  3. The transport layer defines the protocol port numbers for transferring data, as well as flow control and error verification. Protocols are: TCP UDP, once the data packets leave the network interface card will enter the network transport layer
  4. The network layer carries on the logical address, realizes the path selection between different networks. Protocol: ICMP IGMP IP (IPV4 IPV6) ARP RARP
  5. The data link layer establishes logical connections, addresses hardware addresses, error verification [2] and other functions. (defined by the underlying network protocol) Combining bits into bytes and then into frames, accessing media with MAC addresses, error detection but not correction.
  6. Physical layer establishes, maintains, and disconnects physical connections. (Protocol defined by the underlying network)

23. How to handle the security of the network layer in the project?

  1. Try to use HTTPS
  2. Do not transmit passwords in plain text
  3. Post is no safer than Get
  4. Do not use 301 hops
  5. All HTTP requests carry a MAC
  6. HTTP requests use temporary keys
  7. AES uses CBC mode

24. How to implement breakpoint continuation?

Through HTTP, can be very convenient to achieve breakpoint continuation.

  • Breakpoint continuation relies on the Range defined in the HTTP header. An application can resume downloading a resource by requesting a return or part of the resource that it failed to obtain. Of course not all wind servers support Range, so those that do not support Range are out of the question. Range is measured in bytes, so when you request it, you don’t have to give me the last bytes, because the requester doesn’t necessarily know the size of the resource.

This keyword tells the server what data to return to me. Such as:

  • Bytes =500-999 Indicates the 500th – 999th byte
  • Bytes =500- Indicates all bytes after the 500th byte
  • Then according to the data returned by the server, we will get data splicing to the back of the file, you can achieve breakpoint continuation.

25. What is WebSocket and what problems does it solve?

WebSocket is an application layer protocol at layer 7 of the application layer. It must rely on THE HTTP protocol for a handshake. After the handshake succeeds, the data will be transferred directly from the TCP channel. For example, a message is divided into several frames and sent out in sequence. This has several benefits:

  1. The transmission of big data can be fragmented, without considering the insufficient length flag bit caused by data size.
  2. Like THE CHUNK of HTTP, it can generate data and transmit messages at the same time, that is, improve the transmission efficiency. In summary: WebSocket implementation is divided into handshake, data send/read, and close connection.

26. What is a heartbeat?

  • Heartbeat is used to check whether both sides of a TCP connection are available
  • The client initiates the heartbeat Ping. If no callback is received after 10 seconds, either the server or the client is faulty. In this case, you need to disconnect the connection.

27. How can I ensure that the public key is not tampered with?

  • Solution: Place the public key in the digital certificate. As long as the certificate is trusted, the public key is trusted.

28. The calculation of public key encryption is too large, how to reduce the consumption of time?

  • Solution: Each session, the client and server generate a “session key” and use it to encrypt information. Because the “conversation key” is symmetric encryption, so the operation speed is very fast, and the server public key (asymmetric encryption) is only used to encrypt the “conversation key” itself, so the consumption of the encryption operation is reduced.

29. Implementation of resident threads in AF

  • Add a singleton to the runloop with an NSMachPort to prevent the new thread from exiting due to no activity. Thread preservation using MachPort and RunLoop
  • Why does AF3.x no longer need resident threads? One of the major problems with NSURLConnection is that after a request is made, the thread doesn’t just go away, it has to wait for a callback. Requests initiated by NSURLSession no longer require a proxy method callback in the current thread! We can specify the delegateQueue for the callback, so we don’t have to keep threads alive to wait for the proxy callback method. Also pay attention to, the specified Queue for receiving callback maxConcurrentOperationCount are set to 1, here the purpose is to want to let the concurrent request serial callback. Why serial callbacks?
- (AFURLSessionManagerTaskDelegate *)delegateForTask:(NSURLSessionTask *)task { NSParameterAssert(task); AFURLSessionManagerTaskDelegate *delegate = nil; [self.lock lock]; / / to the lock to access the resources, prevent data confusion delegate = self. MutableTaskDelegatesKeyedByTaskIdentifier [@ (task. TaskIdentifier)]; [self.lock unlock]; return delegate; }Copy the code

Side of the self. MutableTaskDelegatesKeyedByTaskIdentifier access to carry on the lock, the purpose is to guarantee a multithreaded environment data security the interviewer may ask you: Why you need to set up in AF3.0 self. OperationQueue. MaxConcurrentOperationCount = 1; But not for AF2.0? –>>> AF3.0’s operationQueue is designed to receive NSURLSessionDelegate callbacks. Set the maxConcurrentOperationCount = 1 to achieve the effect of serial correction – > > > AF2.0 operationQueue is used to add operation and concurrent requests, so don’t be set to 1.

30. What is XMPP?

  1. XMPP is an XML-based protocol. XMPP is a decentralized communication network
  2. XMPP is a protocol based on XML, a subset of the standard General Markup Language. It inherits the flexibility to develop in XML environment, and XMPP has super extensibility. XMPP defines three roles: client, server, and gateway. Communication can occur in both directions between any two of these three, and their transmission is an XML stream
  3. How XMPP works: All messages and data from one client to another pass through the server
  4. XMPP allows you to set up parallel TCP socket links to all the clients and servers on the connection. Persistent socket connections enable XMPP to more efficiently support advanced, existential applications using bandwidth and processing resources.

Summary: At its core, XMPP is a streaming protocol that shards XML across the network. This streaming protocol is the delivery basis of XMPP’s im instructions and is a very important network infrastructure protocol that can be further exploited. So you can say that XMPP is streaming XML over TCP.

31. What is the difference between MAC address and IP address?

  • A MAC address is a physical address, hardware address, or link address used on the media access layer. The MAC address is written into the hardware when the network device manufacturer manufactures the MAC address.
  • IP is a 32-bit IP address assigned to a host through TCP/IP. The IP address consists of four 8-octet groups separated by dots. For example, 192.168.0.1 is an IP address. It is written in dotted decimal notation.
  • The IP address corresponds to your current address, which will change as you move, while the MAC address corresponds to your ID number. These personal information are unique and will not change.

32. How the packet capture tool captures HTTPS

All you need to do is masquerade the server against the client and masquerade the client against the server, specifically

  • Intercepts HTTPS requests from real clients and sends HTTPS requests to real servers in disguise
  • Receiving the real server response, Charles uses his own certificate to disguise the server to send the data content to the real client

If an HTTPS certificate is not configured in the APP, the data can be captured even though it is an HTTPS request. If an HTTPS certificate is configured in the APP, the data cannot be captured.

33. What protocol is Ping

  • Ping is also a communication protocol. It is part of the TCP/IP protocol. You can use the ping command to check whether the network is connected.
  • PING (Packet Internet Groper) is a program used to test the number of network connections. Ping sends an Internet Control Messages Protocol (ICMP). The echo request message is sent to the destination and reports whether the desired ICMPecho has been received. It is used to check whether the network is normal or network connection speed command. Ping is the first DOS command you must master as an administrator or hacker living on the network. It works like this: Using the uniqueness of the IP address of the machine on the network, it sends a packet to the target IP address, and then asks the other party to return a packet of the same size to determine whether the two network machines are connected and how much the delay is.

Recommended Reading:Interview questions for iOS (part 1)

IOS Interview Materials