← Back to Interview Prep
🌐

Networking & OSI Model Q&A

50 real-world networking interview questions covering the OSI model, TCP/IP, IP addressing, DNS, HTTP, and network security.

10 OSI & Basics10 IP & Routing10 TCP/UDP10 DNS & HTTP10 Security
1

OSI Model & TCP/IP Basics

Q1.What is the OSI model and why is it important?

  • The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions of a telecommunication or computing system into 7 layers.
  • Importance: It helps in troubleshooting by isolating network problems, promotes interoperability between different vendors, and simplifies learning about networks.
  • Layers from bottom to top: Physical, Data Link, Network, Transport, Session, Presentation, Application.

Q2.Explain the difference between the OSI model and the TCP/IP model.

  • OSI model has 7 layers, while TCP/IP model typically has 4 layers (Network Access, Internet, Transport, Application).
  • TCP/IP combines OSI's Application, Presentation, and Session layers into its Application layer, and Physical and Data Link into Network Access.
  • TCP/IP is a practical implementation that powered the Internet, whereas OSI is mostly a theoretical model.

Q3.What happens at the Data Link layer (Layer 2)?

  • It handles node-to-node frame delivery and physical addressing (MAC addresses).
  • Provides error detection (using FCS/CRC) but generally not error correction.
  • Switches and bridges operate at this layer. Protocols include Ethernet, Wi-Fi (802.11), and PPP.

Q4.What is a MAC address and how does it differ from an IP address?

  • MAC (Media Access Control) address is a physical address burned into the NIC by the manufacturer (e.g., 00:1A:2B:3C:4D:5E). It operates at Layer 2.
  • IP address is a logical address assigned by a network administrator or DHCP (e.g., 192.168.1.5). It operates at Layer 3.
  • MAC is for local delivery on the same network segment; IP is for end-to-end routing across different networks.

Q5.What is the purpose of the Address Resolution Protocol (ARP)?

  • ARP resolves a known IP address to an unknown MAC address on a local network.
  • When a device wants to send a packet to an IP on its subnet, it broadcasts an ARP request ("Who has this IP?").
  • The device with that IP replies with its MAC address, allowing the sender to encapsulate the packet into a Layer 2 frame.

Q6.Explain the difference between a Hub, Switch, and Router.

  • Hub (Layer 1): Repeats received signals to all ports. Causes collisions; operates in a single collision domain.
  • Switch (Layer 2): Forwards frames based on MAC addresses. Creates separate collision domains for each port, improving efficiency.
  • Router (Layer 3): Routes packets between different networks based on IP addresses. Separates broadcast domains.

Q7.What is a broadcast domain vs. a collision domain?

  • Collision Domain: A network segment where data packets can collide with one another when being sent simultaneously (separated by switches/routers).
  • Broadcast Domain: The logical division of a network where all nodes can reach each other by broadcast at the data link layer (separated by routers).

Q8.What is MTU (Maximum Transmission Unit)?

  • MTU is the size (in bytes) of the largest Protocol Data Unit (PDU) that the layer can pass onwards.
  • For standard Ethernet, the MTU is 1500 bytes.
  • If a packet exceeds the MTU of a network link, it must be fragmented (broken down) by the router, which can impact performance.

Q9.How does ping work?

  • Ping uses ICMP (Internet Control Message Protocol) Echo Request and Echo Reply messages.
  • It tests reachability of a host on an IP network and measures the round-trip time (latency).
  • It operates at the Network layer (Layer 3) and does not use TCP or UDP ports.

Q10.What is a VLAN and why use it?

  • VLAN (Virtual Local Area Network) logically segments a physical network into multiple broadcast domains at Layer 2.
  • Benefits: Improves security (isolating departments), reduces broadcast traffic, and simplifies network management without changing physical cables.
2

IP Addressing, Subnetting & Routing

Q11.What is the difference between IPv4 and IPv6?

  • IPv4: 32-bit address (e.g., 192.168.1.1), roughly 4.3 billion addresses. Uses numeric dot-decimal notation.
  • IPv6: 128-bit address, virtually unlimited addresses. Uses hexadecimal colon-separated notation.
  • IPv6 includes built-in IPsec, doesn't need NAT, and simplifies routing headers.

Q12.Explain public vs. private IP addresses.

  • Public IPs are routable on the global Internet and must be unique.
  • Private IPs are reserved for internal networks and are not routable on the Internet (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
  • NAT (Network Address Translation) translates private IPs to a public IP to access the Internet.

Q13.What is Subnetting and why is it done?

  • Subnetting is the process of dividing a single large network into multiple smaller, manageable sub-networks (subnets).
  • Reasons: Improves network performance by reducing broadcast traffic, enhances security by isolating groups, and conserves IP addresses.

Q14.What is a Subnet Mask?

  • A subnet mask is a 32-bit number that separates the IP address into the network address and the host address.
  • Example: Mask 255.255.255.0 (/24) means the first 24 bits represent the network, and the last 8 bits represent the host.

Q15.What is CIDR notation?

  • CIDR (Classless Inter-Domain Routing) replaces old classful network (A, B, C) divisions.
  • It appends a slash and a number to the IP address indicating the number of bits in the subnet mask (e.g., 192.168.1.0/24).
  • It allows more flexible and efficient allocation of IP addresses.

Q16.How does a Router make forwarding decisions?

  • A router looks at the destination IP address of an incoming packet.
  • It checks its routing table for the longest prefix match (most specific route) for that destination.
  • It forwards the packet out the corresponding interface to the next hop.

Q17.What is the Default Gateway?

  • The default gateway is the IP address of the router interface on the local subnet.
  • When a device needs to send traffic to an IP address outside its own subnet, it sends it to the default gateway.
  • Without it, devices can only communicate within their local network.

Q18.Explain Static vs. Dynamic Routing.

  • Static Routing: Routes are manually configured by an administrator. Good for small, stable networks. High administrative overhead.
  • Dynamic Routing: Routers use protocols (like OSPF, BGP) to learn and share routes automatically. Adapts to topology changes and failures.

Q19.What is BGP (Border Gateway Protocol)?

  • BGP is the protocol that makes the Internet work. It's an Exterior Gateway Protocol (EGP).
  • It exchanges routing and reachability information among autonomous systems (AS) on the Internet.
  • It chooses paths based on policies, rules, and network paths rather than purely technical metrics like speed.

Q20.What is NAT (Network Address Translation)?

  • NAT translates private IP addresses on an internal network to a single (or pool of) public IP addresses for Internet access.
  • It typically runs on a router or firewall.
  • PAT (Port Address Translation) is a common form of NAT that uses different port numbers to map multiple internal devices to one public IP.
3

TCP, UDP & Transport Layer

Q21.Explain the TCP 3-way handshake.

  • The process used by TCP to establish a reliable connection.
  • 1. SYN: Client sends a SYN (synchronize) packet to the server.
  • 2. SYN-ACK: Server receives it and replies with a SYN-ACK packet.
  • 3. ACK: Client receives the SYN-ACK and sends an ACK (acknowledge) packet back. Connection is established.

Q22.What is the difference between TCP and UDP?

  • TCP (Transmission Control Protocol): Connection-oriented, reliable, guarantees delivery and order, has flow and congestion control. Slower. (HTTP, SSH, FTP).
  • UDP (User Datagram Protocol): Connectionless, unreliable, fire-and-forget, no order guarantee. Faster and lower latency. (Video streaming, DNS, VoIP).

Q23.How does TCP handle reliability and lost packets?

  • TCP assigns a sequence number to every byte of data.
  • The receiver sends acknowledgments (ACKs) for data received.
  • If the sender doesn't receive an ACK within a timeout period, it assumes the packet was lost and retransmits it.

Q24.What is a port number?

  • A 16-bit number used by Transport layer protocols (TCP/UDP) to identify specific applications or services running on a host.
  • Well-known ports (0-1023) are reserved for standard services (e.g., 80 for HTTP, 443 for HTTPS).
  • Ephemeral ports (49152-65535) are assigned dynamically to client applications.

Q25.How does TCP flow control work?

  • TCP uses a "sliding window" mechanism.
  • The receiver advertises its window size (how much buffer space it has available) in every ACK.
  • The sender will not send more unacknowledged data than the receiver's advertised window, preventing the receiver from being overwhelmed.

Q26.What is multiplexing in the context of transport layers?

  • Multiplexing allows a single host with one IP address to run multiple network applications simultaneously.
  • It uses port numbers to separate the traffic. For example, web traffic goes to port 443, while email goes to port 25, all over the same IP connection.

Q27.Explain the TCP teardown process (4-way handshake).

  • To cleanly close a connection: 1. Host A sends a FIN packet. 2. Host B sends an ACK.
  • 3. When Host B is also done sending data, it sends its own FIN.
  • 4. Host A sends an ACK, and the connection is fully closed.

Q28.Why does DNS use UDP instead of TCP most of the time?

  • DNS queries are usually small enough to fit in a single UDP packet.
  • UDP avoids the overhead of the TCP 3-way handshake, making resolutions much faster.
  • DNS switches to TCP for large responses (over 512 bytes) or for zone transfers between servers.

Q29.What is a socket?

  • A socket is one endpoint of a two-way communication link between two programs running on the network.
  • It is defined by an IP address and a port number (e.g., 192.168.1.10:443).
  • A TCP connection is uniquely identified by the 4-tuple: (Source IP, Source Port, Destination IP, Destination Port).

Q30.What happens if a UDP packet arrives out of order?

  • UDP does not have sequence numbers or reassembly mechanisms.
  • If packets arrive out of order, UDP passes them to the application as they arrive.
  • It is up to the Application layer (if it cares) to reorder them or handle the discrepancy.
4

DNS, HTTP & Application Layer

Q31.What is DNS and how does it resolve a domain name?

  • DNS (Domain Name System) translates human-readable names (google.com) to IP addresses.
  • Process: 1. Check local cache. 2. Query Recursive Resolver (ISP). 3. Resolver queries Root server. 4. Root directs to TLD server (.com). 5. TLD directs to Authoritative Name Server. 6. Authoritative server returns the IP.

Q32.Explain the difference between HTTP and HTTPS.

  • HTTP transfers data in plain text (port 80). Anyone sniffing the network can read it.
  • HTTPS (HTTP Secure) uses TLS/SSL to encrypt the data before transmission (port 443).
  • HTTPS provides confidentiality (encryption), integrity (data hasn't been tampered with), and authentication (verifying server identity via certificates).

Q33.What happens when you type a URL into a browser and press Enter?

  • 1. Browser checks cache for DNS; if not found, performs DNS resolution.
  • 2. Browser establishes a TCP connection (3-way handshake) with the server IP.
  • 3. If HTTPS, a TLS handshake occurs.
  • 4. Browser sends an HTTP GET request.
  • 5. Server processes request and sends HTTP response (HTML). 6. Browser renders the DOM.

Q34.What is DHCP and how does it work (DORA process)?

  • DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses to devices.
  • DORA process: 1. Discover: Client broadcasts seeking a DHCP server.
  • 2. Offer: Server replies with an available IP.
  • 3. Request: Client requests the offered IP.
  • 4. Acknowledge: Server confirms the lease.

Q35.What are HTTP status codes? Give examples of 2xx, 3xx, 4xx, 5xx.

  • 2xx Success: 200 OK (request succeeded), 201 Created.
  • 3xx Redirection: 301 Moved Permanently, 302 Found.
  • 4xx Client Error: 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found.
  • 5xx Server Error: 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable.

Q36.What is the purpose of a proxy server?

  • A proxy sits between a client and the Internet.
  • Forward Proxy: Used by clients to access the internet (can filter content, cache requests, mask client IP).
  • Reverse Proxy: Sits in front of backend servers (used for load balancing, SSL termination, caching, hiding backend architecture).

Q37.How do cookies work in HTTP?

  • HTTP is stateless. Cookies maintain state (like login sessions).
  • Server sends a `Set-Cookie` header in the response.
  • Browser stores the cookie and sends it back in the `Cookie` header for all subsequent requests to that domain.

Q38.Explain what a REST API is.

  • REST (Representational State Transfer) is an architectural style for web services.
  • It uses standard HTTP methods (GET for read, POST for create, PUT/PATCH for update, DELETE).
  • It is stateless (each request contains all info needed) and deals with resources identified by URIs (e.g., /users/123).

Q39.What is WebSocket and how is it different from HTTP?

  • WebSocket provides a persistent, full-duplex, bidirectional communication channel over a single TCP connection.
  • Unlike HTTP (which is request-response and stateless), WebSockets allow the server to push data to the client continuously.
  • Ideal for real-time applications like chat apps or live sports tickers.

Q40.What is a CDN (Content Delivery Network)?

  • A geographically distributed network of proxy servers and their data centers.
  • Goal is to provide high availability and high performance by serving content (images, JS, CSS) spatially relative to end-users.
  • Reduces latency by serving users from the closest edge node rather than the origin server.
5

Network Security & Troubleshooting

Q41.What is a firewall and how does it differ from an IPS/IDS?

  • Firewall: Filters traffic based on rules (IPs, ports, protocols). Usually operates at layers 3 and 4.
  • IDS (Intrusion Detection System): Monitors network for malicious activity and alerts administrators.
  • IPS (Intrusion Prevention System): Like an IDS, but can actively block or drop malicious traffic. Operates up to layer 7 looking at packet payloads.

Q42.Explain how a DDoS attack works.

  • Distributed Denial of Service attack uses multiple compromised systems (a botnet) to flood a target server, network, or service with traffic.
  • Goal is to exhaust the target's resources (bandwidth, CPU, memory, connection limits) making it unavailable to legitimate users.
  • Types include volumetric attacks, protocol attacks (SYN floods), and application layer attacks (HTTP GET floods).

Q43.What is a TLS/SSL handshake?

  • The process to establish a secure HTTPS connection.
  • 1. Client Hello (supported ciphers). 2. Server Hello (chosen cipher, server certificate).
  • 3. Client verifies certificate against trusted CAs. 4. Client generates a pre-master secret, encrypts it with server's public key, and sends it.
  • 5. Both generate symmetric session keys. 6. Secure communication begins.

Q44.What is asymmetric vs. symmetric encryption?

  • Symmetric: Uses the SAME key for both encryption and decryption. Faster, used for bulk data (e.g., AES).
  • Asymmetric: Uses a PAIR of keys (Public and Private). Slower, used for secure key exchange and digital signatures (e.g., RSA).
  • TLS uses asymmetric for the handshake and symmetric for the actual data transfer.

Q45.What is a VPN (Virtual Private Network)?

  • A VPN creates a secure, encrypted tunnel over a less secure network (like the Internet).
  • It allows remote users to securely access corporate network resources as if they were physically connected to the LAN.
  • Common protocols: IPsec, OpenVPN, WireGuard.

Q46.How would you troubleshoot a "Cannot connect to server" issue?

  • 1. Physical/Layer 1: Check cables, link lights.
  • 2. IP/Layer 3: Check local IP/gateway using `ipconfig`/`ifconfig`. Try `ping` to gateway, then `ping 8.8.8.8` to test internet.
  • 3. DNS: Try pinging the hostname. If IP pings but name fails, it's DNS. Use `nslookup` or `dig`.
  • 4. App/Layer 4-7: Check if the port is open using `telnet` or `nc`. Check firewall rules.

Q47.What does the traceroute (or tracert) command do?

  • It maps the path packets take to a destination, showing every router (hop) along the way.
  • It works by sending packets with gradually increasing TTL (Time to Live) values (1, 2, 3...).
  • When TTL hits 0, a router drops it and sends an ICMP Time Exceeded message back, revealing the router's IP.

Q48.What is port forwarding?

  • A configuration on a NAT router that maps external traffic arriving on a specific port to an internal IP address and port.
  • Allows external devices on the internet to reach services (like a web server or game server) hosted on a private, internal network.

Q49.What is MAC Spoofing?

  • A technique where an attacker alters the MAC address of their network interface to masquerade as another device.
  • Used to bypass MAC filtering, hide identity, or perform Man-in-the-Middle (MitM) attacks by stealing another machine's traffic.

Q50.What is Cross-Site Scripting (XSS) and how is it related to networks?

  • XSS is an application-layer vulnerability where attackers inject malicious scripts into web pages viewed by other users.
  • While not a pure "network" layer attack, network defenses like WAFs (Web Application Firewalls) are deployed at the network edge to detect and block XSS payloads in HTTP requests.

🌐 Pro Tip for Networking Interviews

Always know what happens when you type google.com into a browser. It is the most common networking interview question and tests DNS, TCP, TLS, and HTTP.

← Back to All Interview Guides