Networking Interview Questions

Network types can be classified and divided based on the area of distribution of the network. The below diagram would help to understand the same:

Private Address: For each class, there are specific IPs that are reserved specifically for private use only. This IP address cannot be used for devices on the Internet as they are non-routable.

Special Address: IP Range from 127.0.0.1 to 127.255.255.255 are network testing addresses also known as loopback addresses are the special IP address.

An IP address is a 32-bit dynamic address of a node in the network. An IPv4 address has 4 octets of 8-bit each with each number with a value up to 255.

IPv4 classes are differentiated based on the number of hosts it supports on the network. There are five types of IPv4 classes and are based on the first octet of IP addresses which are classified as Class A, B, C, D, or E.

Also, check out Scaler topics' Free Computer Networks course with certification to learn the fundamentals of computer networking. 

The different types of network topology are given below:

Bus Topology:

• All the nodes are connected using the central link known as the bus.
• It is useful to connect a smaller number of devices.
• If the main cable gets damaged, it will damage the whole network.

Star Topology:

• All the nodes are connected to one single node known as the central node.
• It is more robust.
• If the central node fails the complete network is damaged.
• Easy to troubleshoot.
• Mainly used in home and office networks.

Ring Topology:

• Each node is connected to exactly two nodes forming a ring structure
• If one of the nodes are damaged, it will damage the whole network
• It is used very rarely as it is expensive and hard to install and manage

Mesh Topology:

• Each node is connected to one or many nodes.
• It is robust as failure in one link only disconnects that node.
• It is rarely used and installation and management are difficult.

Tree Topology:

• A combination of star and bus topology also know as an extended bus topology.
• All the smaller star networks are connected to a single bus.
• If the main bus fails, the whole network is damaged.

Hybrid:

• It is a combination of different topologies to form a new topology.
• It helps to ignore the drawback of a particular topology and helps to pick the strengths from other.

Network topology is a physical layout of the network, connecting the different nodes using the links. It depicts the connectivity between the computers, devices, cables, etc.

Node: Any communicating device in a network is called a Node. Node is the point of intersection in a network. It can send/receive data and information within a network. Examples of the node can be computers, laptops, printers, servers, modems, etc.

Link: A link or edge refers to the connectivity between two nodes in the network. It includes the type of connectivity (wired or wireless) between the nodes and protocols used for one node to be able to communicate with the other.

Few types of VPN are:

• Access VPN: Access VPN is used to provide connectivity to remote mobile users and telecommuters. It serves as an alternative to dial-up connections or ISDN (Integrated Services Digital Network) connections. It is a low-cost solution and provides a wide range of connectivity.
• Site-to-Site VPN: A Site-to-Site or Router-to-Router VPN is commonly used in large companies having branches in different locations to connect the network of one office to another in different locations. There are 2 sub-categories as mentioned below:
• Intranet VPN: Intranet VPN is useful for connecting remote offices in different geographical locations using shared infrastructure (internet connectivity and servers) with the same accessibility policies as a private WAN (wide area network).
• Extranet VPN: Extranet VPN uses shared infrastructure over an intranet, suppliers, customers, partners, and other entities and connects them using dedicated connections.

Below are few advantages of using VPN:

• VPN is used to connect offices in different geographical locations remotely and is cheaper when compared to WAN connections.
• VPN is used for secure transactions and confidential data transfer between multiple offices located in different geographical locations.
• VPN keeps an organization’s information secured against any potential threats or intrusions by using virtualization.
• VPN encrypts the internet traffic and disguises the online identity.

VPN or the Virtual Private Network is a private WAN (Wide Area Network) built on the internet. It allows the creation of a secured tunnel (protected network) between different networks using the internet (public network). By using the VPN, a client can connect to the organization’s network remotely. The below diagram shows an organizational WAN network over Australia created using VPN:

LANs are widely used to connect computers/laptops and consumer electronics which enables them to share resources (e.g., printers, fax machines) and exchange information. When LANs are used by companies or organizations, they are called enterprise networks. There are two different types of LAN networks i.e. wireless LAN (no wires involved achieved using Wi-Fi) and wired LAN (achieved using LAN cable). Wireless LANs are very popular these days for places where installing wire is difficult. The below diagrams explain both wireless and wired LAN.

Below are few types of networks:

The router is a networking device used for connecting two or more network segments. It directs the traffic in the network. It transfers information and data like web pages, emails, images, videos, etc. from source to destination in the form of packets. It operates at the network layer. The gateways are also used to route and regulate the network traffic but, they can also send data between two dissimilar networks while a router can only send data to similar networks.

DNS is the Domain Name System. It is considered as the devices/services directory of the Internet. It is a decentralized and hierarchical naming system for devices/services connected to the Internet. It translates the domain names to their corresponding IPs. For e.g. interviewbit.com to 172.217.166.36. It uses port 53 by default.

SMTP is the Simple Mail Transfer Protocol. SMTP sets the rule for communication between servers. This set of rules helps the software to transmit emails over the internet. It supports both End-to-End and Store-and-Forward methods. It is in always-listening mode on port 25.

HTTP is the HyperText Transfer Protocol which defines the set of rules and standards on how the information can be transmitted on the World Wide Web (WWW).  It helps the web browsers and web servers for communication. It is a ‘stateless protocol’ where each command is independent with respect to the previous command. HTTP is an application layer protocol built upon the TCP. It uses port 80 by default.

HTTPS is the HyperText Transfer Protocol Secure or Secure HTTP. It is an advanced and secured version of HTTP. On top of HTTP, SSL/TLS protocol is used to provide security. It enables secure transactions by encrypting the communication and also helps identify network servers securely. It uses port 443 by default.

It is a compressed version of the OSI model with only 4 layers. It was developed by the US Department of Defence (DoD) in the 1980s. The name of this model is based on 2 standard protocols used i.e. TCP (Transmission Control Protocol) and IP (Internet Protocol).

Here the 7 layers of the OSI reference model:

Open System Interconnections (OSI) is a network architecture model based on the ISO standards. It is called the OSI model as it deals with connecting the systems that are open for communication with other systems.

The OSI model has seven layers. The principles used to arrive at the seven layers can be summarized  briefly as below:

• Create a new layer if a different abstraction is needed.
• Each layer should have a well-defined function.
• The function of each layer is chosen based on internationally standardized protocols.

For basic understanding, the difference between these 3 are:

1. Switch - Connects various devices using a single LAN and MAC
2. Router - Connects different networks
3. Bridge - Connects two network segments

Sounds confusing? Don’t worry, I’ll explain the difference between each!

These three devices all move data, but they don’t operate at the same level or for the same purpose.

A bridge works at Layer 2, which is the Data Link layer, and connects two network segments.

It looks at MAC addresses and decides whether to forward or filter traffic. You can think of it as an early way to reduce unnecessary traffic between two parts of a network. Bridges usually have very few ports and are mostly considered predecessors to switches.

Now, a switch does something similar to a bridge but on a much larger scale.

It is essentially a multiport bridge. It also works at Layer 2 and uses a MAC address table to forward frames only to the correct device instead of broadcasting to everyone.

Because switches are hardware-based and have many ports, they are much faster and more efficient than bridges. This is why switches have almost completely replaced bridges in modern networks.

A router operates quite differently.

It works at Layer 3 which is the Network layer and uses IP addresses instead of MAC addresses. Its job is to connect different networks, for example, your home network to the internet.

Instead of a MAC table, it uses a routing table to decide where to send packets.

One thing you should keep in mind is that modern networks often use Layer 3 switches, which combine both switching and routing capabilities.

Mainly the different types of network delays are: propagation delay, transmission delay, processing delay, and queueing delay.

I’ll explain everything in-depth!

You know when data travels from one system to another, almost every time you face a certain delay. This process is basically called a total delay or latency and it’s made up from multiple smaller delays.

So, here is how it goes:

Propagation delay is the time it takes for the signal to physically travel from sender to receiver. Now, a propagation delay completely depends on distance and the medium such as fiber, copper, etc., so even at high speeds, long distances do add delay.

And then, comes your transmission delay.

This is the time required to push all bits of a packet onto the wire. So if the packet is large or the bandwidth is low, this delay eventually increases.

Now, once the packet reaches a router, it doesn’t immediately move ahead. There’s a small processing delay, where the router checks the packet header and decides where to send it next.

Even after everything is covered, there is still some time where the packet has to wait.

That waiting time is called queuing delay.

Remember that this is the most unpredictable one; it depends on network congestion. If many packets arrive at the same time, some of them sit in a buffer before being forwarded.

Here’s what you should note:

Bandwidth and latency are often confused with one another.

So this is how you can differentiate it, A bandwidth is like the number of lanes on a highway, while latency is the speed limit.

You can have a wide road, i.e, high bandwidth, but if the speed is low, i.e, high delay, things still move slowly.

Here’s what you need to remember: A

ping

command is given because it is the simplest way to check if a system is reachable over a network

But how does it work?

So, when you run a

ping

, your machine sends an ICMP Echo Request to the destination. If the destination is reachable, it replies with an ICMP Echo Reply.

And so,

ping

is responsible for 2 things, and those are if the system is reachable or just how long it would take, i.e, the round-trip time.

Now, along with this, every packet also carries something called TTL, i.e, Time To Live.

TTL is just a counter inside the IP packet.

Each time the packet passes through a router, the TTL is reduced by 1. When it reaches 0, the packet is discarded, and the router sends back an ICMP ‘Time Exceeded’ message.

You might be wondering what is the need of these

So, essentially, because without TTL, a packet stuck in a routing loop could keep circulating forever. And that is why TTL helps packets eventually expire.

One thing you probably would notice in

ping

output is the TTL value.

Different systems use different default TTLs, for example, Linux/macOS - around 64 and Windows - around 128.

So sometimes, you can roughly guess the OS based on the TTL in the reply.

When we look at

traceroute

and how it connects:

traceroute

cleverly uses TTL.

It sends packets with TTL = 1, then 2, then 3… Each router drops the packet when TTL becomes 0 and replies back.

This is how

traceroute

maps the path from source to destination.

And voila, this is everything you can cover for a ping-related question, but yes, there can be a follow-up question in the interview, like:

Q. If

ping

works but HTTP doesn’t, what does that mean?

Your ans: It means basic network connectivity is fine. The issue is likely at a higher layer, for example, a blocked port, a service not running, or an application-level problem.

SSL and TLS are the same and just named differently. Currently people call it TLS which stands for Transport Layer Security because SSL is now the older version.

The ‘S’ from this TLS is put into https. Interesting right?

TLS comes in between HTTP and TCP, and its main job is to make communication secure and that is to make it encrypted, verified, and tamper-proof.

Now, a handshake happens before any secure data is sent:

I will let you know about this simply, so stay with me:

The client, which is the browser, starts by sending a message saying, which TLS versions it supports and which encryption methods/ciphers it can use.

The server responds with:

• the chosen cipher
• its digital certificate

This certificate contains the server’s public key and is issued by a trusted Certificate Authority (CA).

Now, the only thing that is left is for the client to verify the certificate.

If it’s valid, both sides agree on a session key, which will be used for the rest of the communication.

After this takes place, all data is encrypted.

But how does it happen?

• Asymmetric encryption is used during the handshake to securely exchange keys
• Symmetric encryption is used after that because it’s faster for data transfer

Remember: TLS 1.3 improves this process by reducing the number of round trips needed to establish the connection.

A VLAN is a way to divide a single physical network into multiple logical networks using a switch.

Even though all devices may be connected to the same switch, VLANs make it work as if there were separate networks.

Okay, so to understand this better, you should think of LAN.

In a regular setup, all devices connected to a switch belong to the same broadcast domain. So any broadcast message like ARP is sent to everyone.

Now here’s what VLAN does.

• Basically all the devices are grouped into different VLANs, and each VLAN acts like its own separate network. So from here, broadcast traffic stays within that VLAN and does not reach others.
• Another interesting part is that devices in the same VLAN can communicate as if they are on the same LAN, even if they are connected through different physical switches.

This is possible because VLAN information is carried across all the switches by using the 802.1Q standard, which adds a VLAN ID ranging from 1 to 4094 to Ethernet frames.

Now, what if two devices are in different VLANs?

Unfortunately, they won’t be able to communicate directly. Communication between VLANs requires inter-VLAN routing, which is done using either a router or a Layer 3 switch.

So Why VLANs are actually used?

With the use of VLAN, the grouping becomes possible based on function instead of physical location.

For example: There can be HR department in one VLAN and Engineering in another

This mainly helps in:

• improving security
• reducing broadcast traffic
• making network management more flexible

Because of this, most switches use VLAN 1, unless it is configured to be otherwise.

A proxy server acts as an intermediary/middlemam between a client and a server. I

So what happens is that direct communication doesn’t take place, and a request is passed through the proxy, which is then forwarded to the destination intended.

Now, proxy works differently depending on where it is placed. And this can be understood through forward and revers proxies.

I’ll first explain this to you with a simple idea.

Normally, a request goes from a client to server.

But when a proxy is introduced, the client first nudges the proxy and then it reaches the server.

In Forward Proxy, the proxy sits in front of the client. So the request flow goes from client to the forward proxy and then the internet.

And because of this, the server doesn’t really see the client’s IP address instead it only confronts the proxy.

So, wherever websites are needed to be controlled, like in the corporate setting, the forward proxy is used. It can also be used for caching or hiding user identity.

Now talking about Reverse Proxy

Consider the opposite case.

Here, the proxy sits in front of the server and because of that the flow goes from client to the revers proxy and then the server.

From the client’s point of view, it looks like they are communicating with a single server, but internally, the proxy may be routing the request to multiple backend servers.

This setup is usually used for load balancing, SSL handling, and protecting servers from direct exposure.

In the most basic sense, what you should remember is that forward proxy is used on the client’s side to hide client’s identity and a revers proxy is used on the server side which hides the server’s identity.

Some examples that you can use are:

• Forward proxies are often used in corporate firewalls.
• Reverse proxies are commonly used with tools like Nginx or services like Cloudflare.

An IP address works well with the machines and systems but it doesn’t necessarily tell you which application or service on that machine must handle the request.

And that is why, Port numbers are used.

So basically, a port identifies a specific process or service running on a host.

For example:

192.168.1.10:443

Here,

192.168.1.10

is the device, and

443

tells the system to route the request to the HTTPS service.

This combination of IP address and port is called a socket, and it uniquely identifies a communication endpoint.

Port numbers are divided into ranges:

• 0–1023 - well-known ports which are system-level services
• 1024–49151 - registered ports
• 49152–65535 - dynamic/ephemeral ports used temporarily by clients

Here are some well-known ports that you should keep in mind:

• HTTP - 80
• HTTPS - 443
• FTP - 21 (control), 20 (data)
• SSH - 22
• Telnet - 23
• SMTP - 25
• DNS - 53
• DHCP - 67/68
• POP3 - 110
• IMAP - 143
• SNMP - 161

Also remember! TCP and UDP handle ports separately. So port 53 (DNS) can work over both TCP and UDP.

You can be asked this question as a follow-up during an interview:

Q. Can two services use the same port?

Your ans: Not on the same protocol at the same time. However, TCP:80 and UDP:80 are treated as separate, so both can work simultaneously.

Subnetting means dividing a network into smaller parts. The subnet mask help in the division where it tells which part of an IP address is the network and which part is for hosts.

CIDR notation is just a shorter way to represent this.

For example,

/24

means the first 24 bits are for the network, and the remaining 8 bits are for hosts.

You can understand this with the help of an example:

192.168.1.0/24

Here:

Total addresses = 256

Usable hosts = 254

But why not 256?

It is because

.0

is the network address and

.255

broadcast address

So actual usable IPs are:

192.168.1.1 to 192.168.1.254

Now if you split this

/24

into two smaller networks:

You increase the network bits -

/25

192.168.1.0/25

192.168.1.128/25

This will give you two subnets:

First:

.0 to .127

Second:

.128 to .255

Now when this happens, each subnet gets fewer hosts and the segmentation gets better.

Now here are some quick info you need to keep in mind about subnetting

• It reduces unnecessary broadcast traffic
• improves security, i.e, isolation between networks
• uses IP addresses more efficiently

Some common CIDR values that you should remember are:

/8 - 255.0.0.0

/16 - 255.255.0.0

/24 - 255.255.255.0

/32 - single host

NAT is a networking technique. It is used by routers, so that private networks on multiple devices can share a singular IP address to access the internet.

But why is it needed?

Devices inside a network use private IPs, which are not directly accessible on the internet. So when a request is sent out, the router replaces the private IP with its own public IP. When the response comes back, the router uses a mapping to forward it to the correct device.

This mechanism especially became necessary because IPv4 addresses were limited.

And that is why, instead of assigning a unique public IP to every device, NAT made it so, that multiple devices could share a single public IP.

You should also note the different types of NAT:

Static NAT creates a fixed one-to-one mapping between a private and public IP which is usuallu used for servers. Whereas, Dynamic NAT uses a pool of public IPs and assigns them as needed.

But even so, the most commonly used form is PAT, also known as NAT overload.

In PAT, multiple devices share the same public IP, and connections are distinguished using port numbers. The router maps internal IP and port combinations to a unique external port which helps with the multiple simultaneous connections.

One thing you should keep in mind about NAT is that it breaks end-to-end connectivity.

External systems cannot directly initiate communication with devices inside a private network unless additional configurations like port forwarding are used.

And this limitation is one of the many reasons why IPv6 was designed, where each device can have a globally unique address and NAT is not required.

Before getting into the detailed answer, first remember these 3 words: SYN, SYN-ACK, ACK.

Talking about TCP. Before any data is sent ove to TCP, the client and server are expected to make sure that the connection is reliable.

In this case, TCP uses a three-way handshake method where it establishes a connection where both sides are ready to send and receive data.

Here’s how it goes:

1. A client, say your browser wants to connect to a server. It starts by sending a SYN packet. Along with this, it includes an initial sequence number basically saying, “I want to start a connection, and here’s where my data numbering begins.”

2. The server receives this and responds with a SYN-ACK. Two things take place here, it acknowledges the client’s sequence number and also sends its own sequence number back.

3. Now the client sends a final ACK, confirming that it received the server’s sequence number.

4. At this point, the connection is established, and data transfer can begin.

You might wonder why 3 steps are required here instead of 2

And it is because both sides need to confirm two things, and that is if they can send and receive.

With only two steps, the server wouldn’t know if the client actually received its response.

Once communication is done, the connection is closed using a four-step process, i.e, FIN - ACK - FIN - ACK, which is slightly more involved.

Here’s what you might get asked during the interviews for a follow-up:

Q. What happens if the SYN-ACK is lost?

Your Ans: The client waits for a timeout and then retransmits the SYN packet.

Q. What is a SYN flood attack?

Your Ans: It’s when an attacker sends a large number of SYN requests but never completes the handshake. This leaves connections half-open and can exhaust server resources.

Internet Protocol Version 6, or popularly called IPv6 is an updated version of IP addressing, and (might sound silly), but the main reason for its launch was because IPv4 ran out of addresses.

IPv4 used 32-bit addresses, which gave roughly 4.3 billion unique combinations. And at that time, it sounded like a lot, but with phones, laptops, IoT devices, etc., it ended up not being enough.

Hence, IPv6 was introduced to solve this by using 128-bit addresses which were written in hexadecimal format:

2001:0db8:85a3::8a2e:0370:7334

With this format, an almost unlimited space was created, so every device could have its own unique IP. Also, this is why IPv doesn’t rely on NAT the way IPv did.

We spoke about spaces, but there’s more to their differences!

1. IPv6 makes the packet header simpler than IPv4 did to make routing efficient.

2. Reducing unnecessary traffic became important, and that is IPv6 replaced broadcasting traffic with multicast communication.

3. You must also note that another important thing about IPv6 is that it has built-in IPSec support. It’s useful because this makes it easier to have communication at the protocol level with IPv6.

4. You will also notice that IPv6 supports something called auto-configuration, which is also known as SLAAC. This means that devices can create their IP addresses without needing a DHCP server in many cases, with IPv6.

So, where do they both stand currently?

Basically, IPv6 hasn’t fully replaced IPv4; instead, they are working together as a dual-stack setup.

One thing you must not forget here is that both systems don’t communicate directly. They require transition mechanisms like dual-stack, tunneling, or NAT64 to work together.