Top 40 Computer Networking Interview Questions and Answers 2026

Last Updated: March 2026 | Level: Beginner to Advanced | Reading Time: ~22 min

Computer Networking is essential for full-stack engineers, DevOps, system designers, and backend developers. These 40 questions cover everything from OSI layers to TCP/IP, DNS, security protocols, and troubleshooting — exactly what you'll face in interviews at Google, Amazon, Microsoft, and Cloud providers.

OSI/TCP-IP Model (Q1–Q10)
Protocols (Q11–Q20)
Network Security (Q21–Q28)
DNS, DHCP & NAT (Q29–Q34)
Troubleshooting (Q35–Q40)

OSI/TCP-IP Model

Q1. What is the OSI model? Explain all 7 layers. `[Easy]`

Layer 7: Application    → HTTP, FTP, SMTP, DNS (User-facing protocols)
Layer 6: Presentation   → Encryption (SSL/TLS), Compression, Encoding
Layer 5: Session        → Session management, Authentication
Layer 4: Transport      → TCP, UDP (End-to-end delivery)
Layer 3: Network        → IP, ICMP, Routing (Logical addressing)
Layer 2: Data Link      → MAC addresses, Ethernet, ARP (Physical addressing)
Layer 1: Physical       → Cables, WiFi signals, Hubs (Raw bits)

Mnemonic: "Please Do Not Throw Sausage Pizza Away"
(Physical, Data Link, Network, Transport, Session, Presentation, Application)

Q2. What is the TCP/IP model? How does it differ from OSI? `[Easy]`

OSI Model (7)	TCP/IP Model (4)	Protocols
Application		HTTP, FTP, DNS
Presentation	Application Layer	SSL/TLS
Session		SOCKS, RPC
Transport	Transport Layer	TCP, UDP
Network	Internet Layer	IP, ICMP, IGMP
Data Link	Network Access Layer	Ethernet, ARP, WiFi
Physical		Cables, Signals

Key Differences:

Feature	OSI Model	TCP/IP Model
Nature	Conceptual, theoretical	Practical, implementation-based
Layers	7 layers	4 (or 5) layers
Protocol independence	Protocol-agnostic	Built around TCP/IP
When defined	Late 1970s	1974, evolved with ARPANET
Usage	Teaching, reference	Real-world Internet

Q3. Explain the functions of each TCP/IP layer. `[Medium]`

1. Application Layer (Layers 5-7 of OSI)

User Application → HTTP Request → Server Application

Provides network services to applications
Protocols: HTTP/HTTPS (web), FTP (file transfer), SMTP/POP3/IMAP (email), DNS (naming)

2. Transport Layer (OSI Layer 4)

HTTP Request → [Segment Header + HTTP Data] → TCP/UDP Processing

End-to-end communication between hosts
TCP: Reliable, ordered, connection-oriented
UDP: Unreliable, unordered, connectionless (fast)

3. Internet Layer (OSI Layer 3)

Segment → [IP Header + Segment] → Packet → Routing

Logical addressing (IP addresses)
Routing between networks
Protocols: IP, ICMP (ping), IGMP (multicast)

4. Network Access Layer (Layers 1-2 of OSI)

Packet → [Frame Header + Packet + Frame Trailer] → Frame

Physical transmission of data
MAC addressing, framing, error detection
Protocols: Ethernet, WiFi (802.11), PPP

Q4. What is encapsulation and decapsulation? `[Medium]`

Encapsulation Process:

Application Data
      ↓ +TCP Header
   Segment (Transport)
      ↓ +IP Header
    Packet (Network)
      ↓ +Frame Header/Trailer
    Frame (Data Link)
      ↓ → Bits on wire
   Physical Transmission

Decapsulation Process: (Receiver)

Bits from wire
      ↓ Remove Frame Header/Trailer
    Frame → Extract Packet
      ↓ Remove IP Header
    Packet → Extract Segment
      ↓ Remove TCP Header
    Segment → Data to Application

Header sizes:

TCP Header: 20-60 bytes
IP Header (v4): 20 bytes (min)
Ethernet Frame: 14 bytes header + 4 bytes trailer

Q5. What is the difference between a hub, switch, and router? `[Medium]`

Device	OSI Layer	Function	Key Feature
Hub	Layer 1 (Physical)	Broadcasts to all ports	Dumb, causes collisions
Switch	Layer 2 (Data Link)	Forwards to specific MAC	Learns MAC addresses
Router	Layer 3 (Network)	Routes between networks	Uses IP addresses

Detailed comparison:

Hub (Obsolete):

    A → [Hub] ← B
         ↓
    (A's data goes to B, C, D - everyone!)

Electrical signal repeater
No intelligence — broadcasts everything
Creates collision domains
Rarely used today

Switch:

MAC Table:
A → Port 1    B → Port 2    C → Port 3

A sends to B: Switch checks MAC table, forwards ONLY to Port 2

Learns MAC addresses and builds a table
Creates separate collision domains per port
Modern switches operate at Layer 2 (and sometimes Layer 3)

Router:

Network A (192.168.1.x) ←[Router]→ Network B (10.0.0.x)
              ↓
         Routing Table:
         0.0.0.0 → Gateway (Internet)

Connects different networks
Uses IP addresses and routing tables
Performs NAT (Network Address Translation)

Q6. What is a MAC address? `[Easy]`

Format: 6 bytes (12 hex digits), typically shown as: 00:1A:2B:3C:4D:5E

Structure:

00:1A:2B | 3C:4D:5E
  OUI    | NIC Specific
(24 bits)  (24 bits)

OUI (Organizationally Unique Identifier): Identifies the manufacturer (e.g., 00:1A:2B = Intel)
NIC Specific: Unique to the device

Types:

Unicast: 0xxx... — Single destination
Multicast: 1xxx... — Group of devices
Broadcast: FF:FF:FF:FF:FF:FF — All devices on local network

ARP (Address Resolution Protocol): Maps IP addresses to MAC addresses on the local network.

Host A (192.168.1.10) wants to send to 192.168.1.1
1. Check ARP table — not found
2. Broadcast: "Who has 192.168.1.1?"
3. Router responds: "192.168.1.1 is at 00:11:22:33:44:55"
4. Host A caches this and sends frame

Q7. What is an IP address? Explain IPv4 vs IPv6. `[Easy]`

IPv4:

32-bit address (4.3 billion addresses)
Format: 192.168.1.1 (4 octets, 0-255 each)
Address classes (historical):
- Class A: 1.0.0.0 – 126.255.255.255 (Large networks)
- Class B: 128.0.0.0 – 191.255.255.255 (Medium)
- Class C: 192.0.0.0 – 223.255.255.255 (Small)
Problem: IPv4 exhaustion — ran out in 2011

IPv6:

128-bit address (3.4×10³⁸ addresses — enough for every grain of sand)
Format: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Shortened: 2001:db8:85a3::8a2e:370:7334
Benefits:
- Massive address space
- Built-in security (IPsec)
- Better routing efficiency
- No NAT required

IPv4 to IPv6 Transition:

Dual-stack: Devices run both
Tunneling: IPv6 over IPv4 networks
Translation: NAT64 for IPv6-only to IPv4 communication

Q8. What is CIDR? How does it work? `[Hard]`

Format: IP Address / Prefix Length

192.168.1.0/24 means first 24 bits are network, last 8 are hosts
/24 = subnet mask 255.255.255.0

Subnet Mask Conversion:

CIDR	Subnet Mask	Hosts Available
/8	255.0.0.0	16,777,214
/16	255.255.0.0	65,534
/24	255.255.255.0	254
/30	255.255.255.252	2
/32	255.255.255.255	1 (loopback)

Example — Subnetting:

Company has: 192.168.10.0/24 (256 addresses)
Needs: 4 subnets with ~50 hosts each

Solution: Borrow 2 bits for subnets (/26)
Subnet 1: 192.168.10.0/26    (0-63)
Subnet 2: 192.168.10.64/26   (64-127)
Subnet 3: 192.168.10.128/26  (128-191)
Subnet 4: 192.168.10.192/26  (192-255)

Each subnet: 64 addresses, 62 usable hosts

Q9. What are private IP addresses? `[Easy]`

Class	Private Range	CIDR
A	10.0.0.0 – 10.255.255.255	10.0.0.0/8
B	172.16.0.0 – 172.31.255.255	172.16.0.0/12
C	192.168.0.0 – 192.168.255.255	192.168.0.0/16

Also reserved:

127.0.0.0/8 — Loopback (127.0.0.1 = localhost)
169.254.0.0/16 — Link-local (APIPA — when DHCP fails)
192.0.2.0/24 — Documentation/examples

Why private IPs?

IPv4 address conservation
Security (hidden from Internet)
Flexibility (same ranges used in different organizations)

Q10. What is a gateway? `[Medium]`

Default Gateway:

The IP address of the router on your local network
All traffic destined outside the local subnet goes here
Example: Your PC (192.168.1.10) sends Internet-bound traffic to Gateway (192.168.1.1)

PC (192.168.1.10) → Default Gateway (192.168.1.1) → Internet
         Local Network            Router

Routing Table on PC:
Destination      Gateway         Interface
0.0.0.0/0        192.168.1.1     eth0  ← Default route
192.168.1.0/24   On-link         eth0  ← Local network
127.0.0.0/8      On-link         lo0   ← Loopback

Protocols

Q11. What is TCP? How does it ensure reliable delivery? `[Medium]`

TCP Features for Reliability:

1. Connection Establishment (Three-Way Handshake):

Client                    Server
  |      SYN (seq=x)       |
  | ─────────────────────> |
  |   SYN-ACK (seq=y,ack=x+1) |
  | <───────────────────── |
  |      ACK (ack=y+1)     |
  | ─────────────────────> |
  |    Connection ESTABLISHED  |

2. Acknowledgment (ACK):

Receiver sends ACK for received data
If ACK not received, sender retransmits

3. Sequence Numbers:

Every byte has a sequence number
Allows reordering of out-of-order packets

4. Flow Control (Sliding Window):

Receiver advertises window size (how much data it can receive)
Prevents overwhelming slow receivers

5. Congestion Control:

Slow Start: Exponentially increase sending rate
Congestion Avoidance: Linear increase after threshold
Fast Retransmit/Fast Recovery: Detect loss via duplicate ACKs

6. Error Checking:

TCP checksum detects corrupted data

Q12. What is UDP? When to use TCP vs UDP? `[Medium]`

UDP Characteristics:

No connection setup (faster)
No acknowledgments
No retransmission
No ordering guarantees
No flow/congestion control
Smaller header (8 bytes vs TCP's 20-60)

TCP vs UDP Comparison:

Feature	TCP	UDP
Connection	Connection-oriented	Connectionless
Reliability	Guaranteed delivery	Best effort
Ordering	Guaranteed	Not guaranteed
Speed	Slower	Faster
Header size	20-60 bytes	8 bytes
Use case	HTTP, FTP, Email	Video streaming, DNS, Gaming

When to use UDP:

Real-time applications where speed > reliability (video calls, gaming)
DNS queries (single packet, timeout-based retry)
IoT sensor data (frequent small updates, loss acceptable)
Broadcasting/multicasting

Q13. What is the three-way handshake? `[Easy]`

Step 1 - SYN:
  Client sends SYN (synchronize) packet with initial sequence number (ISN=x)
  → "I want to connect, my sequence starts at x"

Step 2 - SYN-ACK:
  Server responds with SYN-ACK
  - SYN flag + its own ISN (y)
  - ACK flag + acknowledgment number (x+1)
  → "I acknowledge your SYN, my sequence starts at y"

Step 3 - ACK:
  Client sends ACK with acknowledgment number (y+1)
  → "Connection established, data transfer can begin"

Why not two-way?

Two-way could lead to "ghost" connections if initial SYN was delayed
Three-way ensures both sides can send and receive

Four-way Termination:

Client                  Server
  |       FIN           |
  | ─────────────────>  |
  |       ACK           |
  | <─────────────────  |
  |       FIN           |
  | <─────────────────  |
  |       ACK           |
  | ─────────────────>  |
  |   Connection CLOSED |

Q14. What is HTTP? Explain the request-response cycle. `[Easy]`

HTTP Request Structure:

GET /api/users/123 HTTP/1.1      ← Request Line (Method, Path, Version)
Host: api.example.com            ← Headers
Authorization: Bearer token123
Accept: application/json
                                 ← Empty line
                                 ← Body (for POST/PUT)

HTTP Response Structure:

HTTP/1.1 200 OK                  ← Status Line (Version, Status Code, Text)
Content-Type: application/json   ← Headers
Content-Length: 124
Cache-Control: max-age=3600
                                 ← Empty line
{"id": 123, "name": "Aditya"}   ← Body

HTTP Methods:

Method	Purpose	Idempotent?
GET	Retrieve resource	Yes
POST	Create resource	No
PUT	Update/replace resource	Yes
PATCH	Partial update	No
DELETE	Remove resource	Yes
HEAD	Get headers only	Yes
OPTIONS	Get supported methods	Yes

Q15. What are HTTP status codes? `[Easy]`

1xx — Informational

100 Continue — Server received request headers, client should send body

2xx — Success

200 OK — Request successful
201 Created — Resource created
204 No Content — Success, no body

3xx — Redirection

301 Moved Permanently — Resource relocated permanently
302 Found — Temporary redirect
304 Not Modified — Cached version is still valid

4xx — Client Error

400 Bad Request — Malformed request
401 Unauthorized — Authentication required
403 Forbidden — Authenticated but not authorized
404 Not Found — Resource doesn't exist
429 Too Many Requests — Rate limit exceeded

5xx — Server Error

500 Internal Server Error — Unexpected server error
502 Bad Gateway — Invalid response from upstream
503 Service Unavailable — Server temporarily down
504 Gateway Timeout — Upstream didn't respond in time

Q16. What is HTTPS? How does TLS/SSL work? `[Hard]`

TLS Handshake Process:

Step 1 - Client Hello:
  Client → Server: Supported TLS versions, cipher suites, random number

Step 2 - Server Hello:
  Server → Client: Chosen TLS version, cipher suite, random number, Certificate

Step 3 - Certificate Verification:
  Client verifies certificate chain up to trusted CA root

Step 4 - Key Exchange:
  Client generates pre-master secret, encrypts with server's public key
  Both client and server derive session keys from pre-master + randoms

Step 5 - Finished:
  Both send "Finished" message encrypted with session key
  Handshake complete — encrypted application data begins

TLS 1.3 Improvements (2026 standard):

Reduced handshake from 2-RTT to 1-RTT (or 0-RTT for resumption)
Removed obsolete algorithms (MD5, SHA-1, RSA key exchange)
Perfect Forward Secrecy by default

Q17. What is a WebSocket? How is it different from HTTP? `[Hard]`

HTTP vs WebSocket:

Feature	HTTP	WebSocket
Connection	Short-lived (request-response)	Persistent, long-lived
Direction	Client → Server only (polling for server→client)	Bidirectional
Headers	Large headers per request	Small framing after handshake
Use case	REST APIs, static content	Chat, live updates, gaming

WebSocket Handshake:

Client Request:
GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13

Server Response:
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

After handshake, data flows in both directions with minimal framing overhead.

Q18. What is ICMP? `[Medium]`

Common ICMP Types:

Type	Code	Meaning
8	0	Echo Request (ping)
0	0	Echo Reply (ping response)
3	0	Destination Network Unreachable
3	1	Destination Host Unreachable
11	0	Time Exceeded (TTL = 0 in transit)
11	1	Time Exceeded (TTL = 0 during reassembly)

Ping Example:

$ ping google.com
PING google.com (142.250.80.46): 56 data bytes
64 bytes from 142.250.80.46: icmp_seq=0 ttl=118 time=12.3 ms
64 bytes from 142.250.80.46: icmp_seq=1 ttl=118 time=11.8 ms

Traceroute: Uses ICMP or UDP with increasing TTL values to map the route.

Q19. What is FTP vs SFTP? `[Medium]`

Feature	FTP	SFTP
Full name	File Transfer Protocol	SSH File Transfer Protocol
Security	Unencrypted (credentials in plaintext)	Encrypted (SSH tunnel)
Port	21 (control), 20 (data)	22
Authentication	Username/password	SSH keys or password
Modern usage	Legacy systems only	Standard for secure file transfer

FTPS (FTP Secure): FTP over TLS/SSL — encrypts the FTP connection, but still complex (multiple ports).

Recommendation: Always use SFTP or FTPS, never plain FTP in production.

Q20. Explain the difference between REST and GraphQL. `[Hard]`

REST (Representational State Transfer):

Architecture style using standard HTTP methods
Multiple endpoints: /users, /users/123, /users/123/orders
Fixed response structure — client gets what server returns

GraphQL:

Query language for APIs
Single endpoint: /graphql
Client specifies exact data needed

Comparison:

Aspect	REST	GraphQL
Endpoints	Multiple (resource-based)	Single
Data fetching	Fixed structure	Client-defined
Over-fetching	Common (get extra data)	Eliminated
Under-fetching	Common (multiple requests)	Single request
Caching	HTTP caching works well	Custom caching needed
Complexity	Simpler	More complex (resolvers, schema)
Tooling	Standard HTTP tools	Requires GraphQL clients

REST Example:

GET /api/users/123
Response: { id, name, email, address, orders, preferences, ... }
-- Client only needed name and email but got everything

GraphQL Example:

query {
  user(id: 123) {
    name
    email
  }
}
Response: { "data": { "user": { "name": "Aditya", "email": "[email protected]" } } }
-- Client gets exactly what was requested

Network Security

Q21. What is a firewall? `[Easy]`

Types of Firewalls:

1. Packet-Filtering Firewall (Layer 3/4)

Inspects source/dest IP, port, protocol
Fast but can't inspect payload
Example: iptables, AWS Security Groups

2. Stateful Inspection Firewall

Tracks connection state (TCP handshake, established connections)
Allows return traffic for established connections

3. Application Firewall (Layer 7 / WAF)

Inspects HTTP/HTTPS content
Blocks SQL injection, XSS attacks
Example: AWS WAF, Cloudflare, ModSecurity

4. Next-Generation Firewall (NGFW)

Deep packet inspection
Intrusion detection/prevention (IDS/IPS)
Application awareness and control

Q22. What is a VPN? How does it work? `[Medium]`

How VPN Works:

Remote User                    Corporate Network
     |                              |
[VPN Client] ←──Encrypted Tunnel──→ [VPN Server]
     |                              |
  Internet (untrusted)              Internal Resources

VPN Protocols:

Protocol	Security	Speed	Use Case
OpenVPN	Excellent	Good	General purpose
WireGuard	Excellent	Excellent	Modern standard (2026)
IPsec/IKEv2	Good	Good	Mobile devices
L2TP/IPsec	Moderate	Moderate	Legacy support
PPTP	Weak	Fast	Avoid (deprecated)

VPN Types:

Remote Access VPN: Individual users connecting to corporate network
Site-to-Site VPN: Connecting entire networks (e.g., HQ to branch office)
SSL VPN: Web-based access via browser (no client needed)

Q23. What is a proxy server? `[Medium]`

Proxy Types:

Forward Proxy (Client-side):

Client → Proxy → Internet → Server

Hides client identity
Content filtering
Access control
Caching

Reverse Proxy (Server-side):

Internet → Reverse Proxy → Backend Servers

Load balancing
SSL termination
Caching
Hide server architecture
Example: Nginx, HAProxy, AWS ALB

Transparent Proxy:

Client doesn't know proxy exists
Commonly used for caching/monitoring

Q24. What is a DDoS attack? How to prevent it? `[Hard]`

Types of DDoS:

1. Volumetric (Layer 3/4)

UDP floods, ICMP floods
Goal: Consume bandwidth
Volume: Often >100 Gbps

2. Protocol Attacks

SYN floods — exhaust connection tables
Ping of Death — oversized packets

3. Application Layer (Layer 7)

HTTP GET/POST floods
Slowloris — slow partial requests
Harder to detect (looks like legitimate traffic)

Mitigation Strategies:

Layer	Solution
Network	Blackhole routing, rate limiting
CDN	Cloudflare, AWS Shield, Akamai (absorb traffic)
Firewall	Geo-blocking, IP reputation filtering
Application	Rate limiting, CAPTCHA, challenge-response
Architecture	Auto-scaling, multi-region deployment

Q25. What is the difference between symmetric and asymmetric encryption? `[Medium]`

Feature	Symmetric Encryption	Asymmetric Encryption
Keys	Same key for encrypt/decrypt	Public key encrypt, Private key decrypt
Speed	Fast (bulk data)	Slow (key exchange, signatures)
Key distribution	Challenging (secure channel needed)	Easy (public key can be shared)
Use case	Data encryption	Key exchange, digital signatures
Examples	AES, ChaCha20	RSA, ECC, Diffie-Hellman

How TLS uses both:

1. Asymmetric (RSA/ECC): Client encrypts "pre-master secret" with server's public key
2. Both derive symmetric session keys
3. Symmetric (AES): All application data encrypted with session keys
→ Best of both: Asymmetric for key exchange, Symmetric for data

Q26. What is a Digital Certificate? How does PKI work? `[Hard]`

X.509 Certificate Contents:

Subject (domain name, organization)
Issuer (CA that signed it)
Public key
Validity period
Serial number
Signature from CA

PKI (Public Key Infrastructure) Hierarchy:

Root CA (offline, highly secured)
    ↓ signs
Intermediate CA
    ↓ signs
Server Certificate (for yourdomain.com)

Certificate Validation Chain:

Client receives server certificate
Checks signature using Intermediate CA's public key
Checks Intermediate CA's signature using Root CA's public key
Root CA is in browser's trust store → chain valid
Verify domain matches, not expired, not revoked

Q27. What is OAuth 2.0? `[Hard]`

OAuth 2.0 Flows:

Authorization Code Flow (most secure):

User → Client App → Authorization Server → User authenticates & approves
                         ↓
                   Authorization Code
                         ↓
Client App → Authorization Server (with code + client secret)
                         ↓
                   Access Token + Refresh Token
                         ↓
Client App → Resource Server (with Access Token)

Key Concepts:

Term	Description
Resource Owner	User who owns the data
Client	Application requesting access
Authorization Server	Issues tokens (Google, Auth0, Okta)
Resource Server	API hosting the protected resources
Access Token	Short-lived credential for API access
Refresh Token	Long-lived token to get new access tokens
Scope	Permissions granted (read:email, write:posts)

Q28. What is JWT (JSON Web Token)? `[Medium]`

JWT Structure:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.  ← Header (Base64Url)
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.  ← Payload (Base64Url)
SflKxwRJSMeKKF2QT4fwpMe...  ← Signature (HMAC-SHA256)

Decoded:
Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"1234567890","name":"John Doe","iat":1516239022}
Signature: HMACSHA256(base64Url(header) + "." + base64Url(payload), secret)

JWT vs Session Cookies:

	JWT	Session
Storage	Client-side	Server-side
Scalability	Stateless (easy to scale)	Requires session store
Revocation	Hard (wait for expiry)	Easy (delete from store)
Size	Larger (contains claims)	Small (just session ID)

DNS, DHCP & NAT

Q29. What is DNS? How does it work? `[Medium]`

DNS Resolution Process:

User types: google.com

1. Browser Cache → 2. OS Cache → 3. Local DNS Resolver (ISP)
                                              ↓
4. Root DNS Server (.) → "Ask .com server"
                                              ↓
5. TLD Server (.com) → "Ask google.com server"
                                              ↓
6. Authoritative DNS (google.com) → "IP is 142.250.80.46"
                                              ↓
7. Local DNS caches result, returns to client

DNS Record Types:

Record	Purpose	Example
A	IPv4 address	example.com → 93.184.216.34
AAAA	IPv6 address	example.com → 2606:2800:220:1::
CNAME	Alias to another domain	www.example.com → example.com
MX	Mail server	example.com → mail.example.com
NS	Name server	example.com → ns1.example.com
TXT	Text information	SPF, DKIM records
SOA	Zone authority info	Primary NS, serial, refresh

Q30. What is DHCP? `[Medium]`

DHCP Process (DORA):

1. Discover:   Client broadcasts "I need an IP address"
2. Offer:      DHCP server offers IP, subnet mask, gateway, DNS
3. Request:    Client requests the offered IP
4. Acknowledge: Server confirms, lease begins

DHCP Lease:

IP is assigned for a limited time (lease duration)
Client must renew before expiry
If not renewed, IP returns to pool

DHCP Options:

IP Address
Subnet Mask
Default Gateway
DNS Servers
Domain Name
NTP Servers

Q31. What is NAT? Explain types. `[Medium]`

How NAT Works:

Private Network               Internet
192.168.1.10:54321 ──[NAT]──► 203.0.113.5:60001 → Server:80
192.168.1.11:54322 ──[NAT]──► 203.0.113.5:60002 → Server:80

NAT Table:
Private IP:Port      Public IP:Port       Remote IP:Port
192.168.1.10:54321   203.0.113.5:60001    93.184.216.34:80
192.168.1.11:54322   203.0.113.5:60002    93.184.216.34:80

Types of NAT:

Type	Description	Use Case
Static NAT	1:1 mapping (private ↔ public)	Servers needing fixed public IP
Dynamic NAT	Pool of public IPs, assigned dynamically	Larger organizations
PAT/NAT Overload	Many-to-1 (Port Address Translation)	Home routers, most common
Twice NAT	Source and destination both translated	Complex multi-homed networks

Q32. What is Port Forwarding? `[Medium]`

Example:

External Request: your-public-ip:8080
                          ↓
                   Router (Port Forward Rule)
                    8080 → 192.168.1.100:80
                          ↓
                   Internal Web Server (192.168.1.100:80)

Use Cases:

Hosting a game server from home
Remote access to internal applications
IP cameras, NAS devices

Security Warning: Exposing internal services directly to the Internet is risky. Use VPNs or reverse proxies with authentication when possible.

Q33. What is a CDN? `[Medium]`

How CDN Works:

Without CDN:
User (Mumbai) ────────→ Origin Server (Virginia) = 250ms latency

With CDN:
User (Mumbai) ────────→ Edge Server (Mumbai) = 20ms latency
                              ↓ (if cache miss)
                        Origin Server

CDN Benefits:

Reduced latency (closer to users)
Reduced origin server load
DDoS protection
SSL termination at edge
Caching static assets (images, JS, CSS)

Major CDNs: Cloudflare, AWS CloudFront, Akamai, Fastly

Q34. What is Anycast? `[Hard]`

Anycast vs Unicast:

Unicast: 1 IP → 1 Server
Anycast: 1 IP → Nearest of Many Servers

BGP routes based on shortest AS path:
User (India) → ISP → [Shortest path] → Anycast Server (Mumbai)
User (US)    → ISP → [Shortest path] → Anycast Server (New York)
Both use: 1.1.1.1 (Cloudflare DNS)

Use Cases:

Public DNS servers (8.8.8.8, 1.1.1.1)
CDN edge servers
DDoS mitigation (traffic spread across many locations)

Troubleshooting

Q35. How do you troubleshoot "cannot connect to website"? `[Hard]`

Step 1: Local Network

ping 8.8.8.8          # Check internet connectivity
ping router-ip        # Check local network
ipconfig / ifconfig   # Verify IP configuration

Step 2: DNS Resolution

nslookup google.com   # Does domain resolve?
dig google.com        # Detailed DNS info
# If DNS fails: Try alternate DNS (8.8.8.8, 1.1.1.1)

Step 3: Routing

traceroute google.com   # Where does routing fail?
mtr google.com          # Continuous traceroute with stats

Step 4: Application Layer

curl -v https://google.com   # HTTP response details
# Check: Is it SSL error? 404? Timeout?

Step 5: Server-Side (if you control it)

Check service status: systemctl status nginx
Check firewall rules
Check logs: /var/log/nginx/error.log
Check resource usage: CPU, memory, disk

Decision Tree:

No Internet → Check cable/WiFi, router, ISP
    ↓
DNS Fails → Check DNS settings, try alternate DNS
    ↓
Routing Fails → Check firewall, routing table, ISP issue
    ↓
Connection Refused → Server down or firewall blocking
    ↓
HTTP Error → Application issue (check logs)

Q36. What tools do you use for network troubleshooting? `[Medium]`

Tool	Purpose	Example
`ping`	Test connectivity	`ping 8.8.8.8`
`traceroute` / `tracert`	Trace route path	`traceroute google.com`
`nslookup` / `dig`	DNS lookup	`dig @8.8.8.8 google.com`
`netstat` / `ss`	Show connections	`ss -tuln`
`tcpdump`	Packet capture	`tcpdump -i eth0 port 80`
`Wireshark`	GUI packet analyzer	Deep protocol analysis
`curl`	HTTP client	`curl -I https://api.com`
`telnet` / `nc`	Test port connectivity	`nc -zv host 443`
`nmap`	Port scanning	`nmap -sT target.com`
`iperf`	Bandwidth testing	`iperf -c server`
`mtr`	Advanced traceroute	`mtr google.com`

Q37. How do you diagnose slow network performance? `[Hard]`

1. Check Bandwidth:

speedtest-cli    # Download/upload speed
iperf -c server  # Point-to-point bandwidth test

2. Check Latency:

ping -c 100 target   # Check packet loss and RTT
tcpping target 443   # TCP ping (tests specific port)

3. Check Jitter:

# Variation in latency
mtr --report target.com

4. Check for Packet Loss:

tcpdump -i eth0 -c 1000 | grep -i "bad"  # Capture and analyze
# Look for retransmissions in Wireshark

5. Check DNS Performance:

dig google.com +stats  # Query time in response
# Compare multiple DNS servers

6. Check Application Layer:

curl -w "@curl-format.txt" -o /dev/null -s https://api.com
# Time breakdown: DNS, connect, TLS handshake, TTFB, total

Common Causes of Slow Performance:

DNS resolution delays
TCP retransmissions (packet loss)
High latency to server
Bandwidth saturation
Server processing time (slow backend)
TLS handshake overhead

Q38. What is Wireshark used for? `[Medium]`

Key Features:

Capture live packets from any network interface
Deep inspection of 1000+ protocols
Filtering: Display filters (tcp.port == 80) and Capture filters
Statistics: Protocol hierarchy, conversations, IO graphs
Export and save captures

Common Use Cases:

Debugging HTTP requests (check headers, payload)
Analyzing TCP connections (retransmissions, window size)
Finding malware (unexpected outbound connections)
Learning protocols (see real packet structure)

Example Filter:

ip.addr == 192.168.1.1 && tcp.port == 443 && ssl.handshake.type == 1
# Shows all TLS Client Hello from/to 192.168.1.1 on port 443

Q39. How does load balancing work? `[Hard]`

Load Balancer Types:

1. Layer 4 (Transport Layer)

Based on IP and port
Faster, less overhead
Example: HAProxy (TCP mode), AWS NLB

2. Layer 7 (Application Layer)

Based on HTTP headers, URL, cookies
Smarter routing decisions
Example: Nginx, AWS ALB, F5 BIG-IP

Load Balancing Algorithms:

Algorithm	Description	Best For
Round Robin	Sequential distribution	Equal-capacity servers
Least Connections	To server with fewest active connections	Variable request times
IP Hash	Same client → same server (sticky)	Session persistence
Weighted	Based on server capacity	Mixed capacity
Least Response Time	To fastest responding server	Performance-sensitive

Health Checks:

Load balancers periodically check backend health
Unhealthy servers removed from pool
Common checks: HTTP 200 response, TCP connect, custom script

Q40. Explain the difference between a Layer 4 and Layer 7 load balancer. `[Hard]`

Feature	Layer 4 (Transport)	Layer 7 (Application)
OSI Layer	4 (TCP/UDP)	7 (HTTP/HTTPS)
Decisions based on	IP, Port	URL, Headers, Cookies, Body
Protocol awareness	None	HTTP-specific
Performance	Higher (less processing)	Lower (more processing)
SSL termination	Can do it	Usually does it
Content-based routing	No	Yes (/api → API servers)
WebSocket support	Pass-through	Can handle natively

Layer 4 Example:

Client TCP SYN → Load Balancer → Backend Server (any protocol)
                  (just forwards packets)

Layer 7 Example:

Client HTTPS Request
       ↓
Layer 7 LB (terminates SSL)
       ↓
Routing decision based on:
  - Host header: api.example.com → API cluster
  - Path: /static/* → Static server cluster
  - Cookie: session=xyz → Same backend (sticky)
       ↓
Backend Server (HTTP)

2026 Architecture Pattern:

Internet
   ↓
Layer 7 LB (Cloudflare/AWS ALB) — SSL termination, routing
   ↓
Layer 4 LB (Internal) — Service mesh, connection distribution
   ↓
Kubernetes Pods / Microservices

Quick Reference: Protocol Comparison Tables

TCP vs UDP

Feature	TCP	UDP
Connection	Connection-oriented	Connectionless
Reliability	Guaranteed	Best effort
Ordering	Yes	No
Flow Control	Yes	No
Header Size	20-60 bytes	8 bytes
Use Case	HTTP, FTP, SSH	DNS, VoIP, Gaming

HTTP vs HTTPS

Feature	HTTP	HTTPS
Port	80	443
Encryption	None	TLS/SSL
Security	Vulnerable	Secure
SEO Ranking	Lower	Higher
Certificate	Not required	Required

IPv4 vs IPv6

Feature	IPv4	IPv6
Address Size	32-bit	128-bit
Total Addresses	4.3 billion	3.4×10³⁸
Header Size	20 bytes (min)	40 bytes (fixed)
Checksum	Yes	No (handled by upper layers)
NAT Required	Yes	No
Configuration	Manual or DHCP	Auto-configuration

Tags: Computer Networking Interview Questions, Network Interview, OSI Model, TCP/IP, DNS, Network Security, CCNA, Network Engineer Interview 2026

Networking Interview Questions 2026

Top 40 Computer Networking Interview Questions and Answers 2026

Table of Contents

OSI/TCP-IP Model

Q1. What is the OSI model? Explain all 7 layers. [Easy]

Q2. What is the TCP/IP model? How does it differ from OSI? [Easy]

Q3. Explain the functions of each TCP/IP layer. [Medium]

Q4. What is encapsulation and decapsulation? [Medium]

Q5. What is the difference between a hub, switch, and router? [Medium]

Q6. What is a MAC address? [Easy]

Q7. What is an IP address? Explain IPv4 vs IPv6. [Easy]

Q8. What is CIDR? How does it work? [Hard]

Q9. What are private IP addresses? [Easy]

Q10. What is a gateway? [Medium]

Protocols

Q11. What is TCP? How does it ensure reliable delivery? [Medium]

Q12. What is UDP? When to use TCP vs UDP? [Medium]

Q13. What is the three-way handshake? [Easy]

Q14. What is HTTP? Explain the request-response cycle. [Easy]

Q15. What are HTTP status codes? [Easy]

Q16. What is HTTPS? How does TLS/SSL work? [Hard]

Q17. What is a WebSocket? How is it different from HTTP? [Hard]

Q18. What is ICMP? [Medium]

Q19. What is FTP vs SFTP? [Medium]

Q20. Explain the difference between REST and GraphQL. [Hard]

Network Security

Q21. What is a firewall? [Easy]

Q22. What is a VPN? How does it work? [Medium]

Q23. What is a proxy server? [Medium]

Q24. What is a DDoS attack? How to prevent it? [Hard]

Q25. What is the difference between symmetric and asymmetric encryption? [Medium]

Q26. What is a Digital Certificate? How does PKI work? [Hard]

Q27. What is OAuth 2.0? [Hard]

Q28. What is JWT (JSON Web Token)? [Medium]

DNS, DHCP & NAT

Q29. What is DNS? How does it work? [Medium]

Q30. What is DHCP? [Medium]

Q31. What is NAT? Explain types. [Medium]

Q32. What is Port Forwarding? [Medium]

Q33. What is a CDN? [Medium]

Q34. What is Anycast? [Hard]