Networking Important Questions & Answers

— ny_wk

Networking interview questions tend to circle the same core ideas: how data moves through the OSI and TCP/IP models, how IP addressing and subnetting work, and how protocols like TCP, UDP, DNS, and DHCP keep traffic flowing. This prep guide organizes the most-asked questions into clear sections with accurate, explained answers you can actually use in an interview.

Each answer is written to be technically correct and easy to recall under pressure, with corrected port numbers, protocol details, and subnet math. Use the section headers to drill into weak spots, and treat the sample questions as talking points rather than scripts to memorize word for word.

OSI Model and TCP/IP Model

Nearly every networking interview opens with the layered models. Interviewers want to see that you understand encapsulation - the idea that each layer adds its own header as data moves down the stack, and strips it on the way back up.

What are the seven layers of the OSI model?

From top (closest to the user) to bottom (closest to the wire):

A common memory aid is "All People Seem To Need Data Processing" (top to bottom). Note that ARP is often described as straddling Layers 2 and 3 because it maps IP addresses to MAC addresses.

How does the TCP/IP model differ from the OSI model?

The TCP/IP model is the practical, four-layer model the modern internet actually runs on. The mapping is straightforward:

• Application - combines OSI Layers 5, 6, and 7.
• Transport - matches OSI Layer 4 (TCP and UDP).
• Internet - matches OSI Layer 3 (IP, ICMP).
• Network Access (Link) - combines OSI Layers 1 and 2.

The key talking point: OSI is a conceptual reference model used for teaching and troubleshooting, while TCP/IP is the implemented standard. Describe data units by layer - bits at Physical, frames at Data Link, packets at Network, and segments (TCP) or datagrams (UDP) at Transport.

IP Addressing and Subnetting

Subnetting questions separate candidates who memorized facts from those who understand the math. Be ready to do quick calculations on paper or in your head.

What is the difference between IPv4 and IPv6?

• IPv4 uses 32-bit addresses, giving roughly 4.3 billion addresses, written in dotted-decimal like 192.168.1.10.
• IPv6 uses 128-bit addresses, written in hexadecimal like 2001:0db8:85a3::8a2e:0370:7334, providing an effectively unlimited pool.
• IPv6 has built-in support for IPsec, eliminates the need for NAT in most cases, and replaces broadcast with multicast and anycast.

What are private IP address ranges?

Defined by RFC 1918, these are not routable on the public internet and are reused behind NAT:

Also know 127.0.0.1 (loopback) and the APIPA range 169.254.0.0/16, which a host self-assigns when no DHCP server responds.

Walk me through subnetting a /24 into four subnets.

Start with 192.168.1.0/24, which has 256 addresses. To create four subnets you borrow 2 bits from the host portion (because 2 squared = 4), giving a /26 mask (255.255.255.192). Each /26 has 64 addresses: 62 usable hosts after subtracting the network and broadcast addresses.

• Subnet 1: 192.168.1.0/26 - hosts .1 to .62, broadcast .63
• Subnet 2: 192.168.1.64/26 - hosts .65 to .126, broadcast .127
• Subnet 3: 192.168.1.128/26 - hosts .129 to .190, broadcast .191
• Subnet 4: 192.168.1.192/26 - hosts .193 to .254, broadcast .255

The two reliable formulas: usable hosts = 2^h - 2 (where h is host bits), and number of subnets = 2^b (where b is borrowed bits). The "minus 2" accounts for the network and broadcast addresses, which cannot be assigned to hosts.

What is the difference between a public and a private IP address?

A public IP is globally unique and routable on the internet, assigned by your ISP. A private IP is used inside a local network and must be translated by NAT to reach the internet. Multiple organizations can use the same private ranges simultaneously because those addresses never appear on the public internet.

Routing and Routing Protocols

Routing happens at Layer 3 and is about choosing the best path between networks. Expect questions on how routers learn routes and the difference between protocol families.

What is the difference between a router and a switch?

• A switch operates mainly at Layer 2, forwarding frames within a single network using MAC addresses.
• A router operates at Layer 3, forwarding packets between different networks using IP addresses and a routing table.
• A switch creates one broadcast domain (per VLAN) and many collision domains; a router separates broadcast domains.

Static versus dynamic routing?

Static routes are manually configured and do not adapt to topology changes - simple, secure, and predictable, but unmanageable at scale. Dynamic routing protocols let routers exchange information and adapt automatically. The main families:

• Distance-vector (RIP) - chooses paths by hop count; RIP caps at 15 hops, making 16 unreachable.
• Link-state (OSPF) - each router builds a full topology map and runs Dijkstra's algorithm to find the shortest path; metric is based on link cost (bandwidth).
• Path-vector (BGP) - the protocol that runs the internet, exchanging routes between autonomous systems based on policy and path attributes.

What is a default gateway?

The default gateway is the router address a host sends traffic to when the destination is outside its own subnet. Without it, a device can only reach hosts on its local network. In a routing table it appears as the route to 0.0.0.0/0, the catch-all for "everything not otherwise specified."

Switching and VLANs

Switching questions test your understanding of Layer 2 segmentation and how broadcast traffic is contained.

What is a VLAN and why use one?

A VLAN (Virtual LAN) logically segments a physical switch into separate broadcast domains. Devices in different VLANs cannot communicate without a router or Layer 3 switch, even if plugged into the same physical switch. Benefits include:

• Security - isolating sensitive systems from general traffic.
• Performance - shrinking broadcast domains reduces unnecessary traffic.
• Flexibility - grouping users by function rather than physical location.

What is the difference between an access port and a trunk port?

An access port carries traffic for a single VLAN and connects end devices like PCs and printers. A trunk port carries traffic for multiple VLANs between switches, tagging each frame with its VLAN ID using the 802.1Q standard. The trunk's untagged traffic belongs to the native VLAN.

What is the Spanning Tree Protocol?

STP (IEEE 802.1D) prevents Layer 2 loops in networks with redundant links. Loops would otherwise cause broadcast storms and MAC table instability. STP elects a root bridge and selectively blocks redundant paths, reactivating them only if the active path fails. Rapid STP (802.1w) provides much faster convergence.

TCP vs UDP

This is one of the most common interview questions, so be crisp. Both are Layer 4 transport protocols, but they make opposite trade-offs.

Explain the TCP three-way handshake.

TCP establishes a connection in three steps before any data flows:

1. SYN - the client sends a segment with the SYN flag and an initial sequence number.
2. SYN-ACK - the server replies acknowledging the client's sequence number and sending its own.
3. ACK - the client acknowledges the server's sequence number, and the connection is established.

Connections are torn down with a four-way exchange using the FIN flag. A strong answer mentions that sequence and acknowledgment numbers are how TCP tracks delivery and reordering.

DNS and DHCP

These two services quietly make networks usable. DNS handles name resolution; DHCP handles automatic address configuration.

How does DNS resolution work?

DNS (Domain Name System) translates human-readable names like example.com into IP addresses. A typical recursive lookup proceeds:

1. The resolver checks its local cache; if found, it returns immediately.
2. Otherwise it queries a root server, which points to the correct TLD server (for example, .com).
3. The TLD server points to the domain's authoritative name server.
4. The authoritative server returns the final IP address, which is then cached for the duration of its TTL.

Know the common record types: A (IPv4 address), AAAA (IPv6 address), CNAME (alias), MX (mail exchange), NS (name server), and PTR (reverse lookup). DNS primarily uses UDP port 53 for queries and falls back to TCP port 53 for large responses and zone transfers.

How does DHCP assign an address?

DHCP (Dynamic Host Configuration Protocol) automatically leases IP configuration to clients. The process follows the DORA sequence:

• Discover - the client broadcasts looking for any DHCP server.
• Offer - a server offers an available address.
• Request - the client formally requests the offered address.
• Acknowledge - the server confirms and finalizes the lease.

DHCP also hands out the subnet mask, default gateway, and DNS servers. It uses UDP ports 67 (server) and 68 (client). Because the initial Discover is a broadcast, routers need a DHCP relay (IP helper) to forward requests across subnets.

NAT (Network Address Translation)

NAT is why your home network of many devices can share a single public IP. Interviewers want the concept plus the common variants.

What is NAT and why is it needed?

NAT translates private IP addresses into a public address (and back) as traffic crosses the router. It conserves the limited IPv4 address space and adds a layer of obscurity by hiding internal addressing. The main types:

• Static NAT - a one-to-one mapping between a private and a public address.
• Dynamic NAT - maps private addresses to a pool of public addresses on demand.
• PAT (Port Address Translation) - also called NAT overload; many private addresses share one public address, distinguished by source port number. This is what home routers use.

Common Ports and Protocols

Memorizing well-known ports is low-hanging fruit that interviewers expect you to nail. The well-known range is 0-1023.

A frequent gotcha: HTTPS is 443, not 80, and SSH is 22, not 23 (that is Telnet). Mixing these up is an instant red flag.

Network Security Basics

Even non-security roles get asked foundational security questions. Keep answers concrete.

What is the difference between a firewall and an IDS/IPS?

• A firewall filters traffic based on rules (source/destination IP, port, protocol) and decides what is allowed in or out.
• An IDS (Intrusion Detection System) passively monitors traffic and alerts on suspicious activity.
• An IPS (Intrusion Prevention System) sits inline and can actively block malicious traffic in real time.

What is the difference between symmetric and asymmetric encryption?

Symmetric encryption uses a single shared key for both encryption and decryption - fast, but key distribution is the challenge (AES is the standard). Asymmetric encryption uses a public/private key pair; data encrypted with one key can only be decrypted with the other (RSA, ECC). TLS combines both: asymmetric encryption to securely exchange a symmetric session key, then symmetric encryption for the bulk data.

What is a VPN?

A VPN (Virtual Private Network) creates an encrypted tunnel over a public network, so traffic between endpoints is confidential and integrity-protected. Site-to-site VPNs connect entire networks; remote-access VPNs connect individual users. IPsec and SSL/TLS are the common underlying technologies.

Troubleshooting: ping, traceroute, and netstat

Hands-on troubleshooting questions reveal whether you have actually worked on a network. Be ready to describe a methodical, layer-by-layer approach.

What does ping tell you?

ping sends ICMP echo request packets and measures whether (and how fast) replies come back. It confirms basic reachability and reveals packet loss and round-trip latency. If ping to an IP works but ping to a hostname fails, you have a DNS problem, not a connectivity problem - a classic diagnostic split. Note that some hosts and firewalls block ICMP, so a failed ping does not always mean the host is down.

How does traceroute work?

traceroute (or tracert on Windows) maps the path packets take to a destination by sending packets with incrementing TTL (Time To Live) values. Each router that decrements the TTL to zero returns an ICMP "time exceeded" message, revealing itself hop by hop. It is the go-to tool for finding where along the path latency spikes or connectivity breaks down.

What is netstat used for?

netstat displays active connections, listening ports, and routing information on the local machine. It answers questions like "what is this host connected to?" and "which process is listening on port 8080?" On modern Linux systems ss is the faster successor, and netstat -ano on Windows maps connections to process IDs.

Walk me through troubleshooting "I can't reach a website."

1. Check the physical/link layer - is the interface up and does it have an IP? (ipconfig / ip addr)
2. Ping the default gateway to confirm local connectivity.
3. Ping a known public IP (like 8.8.8.8) to test internet routing.
4. Resolve the hostname with nslookup or dig to isolate DNS.
5. Use traceroute to find where the path fails, and check firewall rules last.

Framing the answer as "work up the OSI layers" signals structured thinking, which interviewers value more than any single command.

Key Takeaways

• Models first: Master the OSI/TCP-IP layers and what data unit lives at each - it underpins almost every other answer.
• Know the math: Subnetting with 2^h - 2 hosts and 2^b subnets is a near-guaranteed question; practice until it is reflexive.
• TCP vs UDP: Reliability and ordering versus speed and low overhead - and be able to recite the three-way handshake.
• Ports matter: HTTPS is 443, SSH is 22, DNS is 53, DHCP is 67/68 - get these exactly right.
• Troubleshoot methodically: ping, traceroute, and netstat applied layer by layer beat random guessing every time.

Frequently Asked Questions

What are the most important networking topics for an interview?

Prioritize the OSI/TCP-IP models, IP addressing and subnetting, the TCP versus UDP distinction, DNS and DHCP, NAT, common port numbers, and basic troubleshooting commands. These appear in the vast majority of entry-level and mid-level networking and system administration interviews.

How do I quickly calculate usable hosts in a subnet?

Count the host bits (the bits not used by the subnet mask), call it h, then compute 2^h - 2. For example, a /26 mask leaves 6 host bits, so 2 to the 6th is 64, minus 2 equals 62 usable hosts. The subtraction removes the network and broadcast addresses.

What is the difference between TCP and UDP in one sentence?

TCP is connection-oriented and reliable with ordering and retransmission, making it ideal for web and email, while UDP is connectionless and fast with no delivery guarantees, making it ideal for streaming, VoIP, and DNS.

Why does ping fail even when a website loads in my browser?

Many servers and firewalls block ICMP echo requests for security, so the host simply ignores your ping while still serving HTTP/HTTPS traffic normally. A failed ping is not a reliable indicator that a host is down.

If this prep guide helped you feel sharper for your next interview, subscribe to @explorenystream on YouTube for more.