Computer Networks Interview Questions
Computer networking is a core topic in backend, SDE, DevOps, and system-design interviews. These are the questions interviewers actually ask, with concise answers you can speak confidently.
17 questions with concise, interview-ready answers.
1. What are the seven layers of the OSI model?
The OSI model describes networking in seven layers, from bottom to top: Physical, Data Link, Network, Transport, Session, Presentation, and Application. The Physical layer carries raw bits, the Data Link layer handles frames and MAC addressing, the Network layer handles IP addressing and routing, and the Transport layer handles end-to-end delivery with TCP or UDP. The top three layers manage sessions, data format and encryption, and the application protocols themselves. A common memory aid is "Please Do Not Throw Sausage Pizza Away."
2. What is the difference between TCP and UDP?
TCP is connection-oriented and reliable: it establishes a connection with a handshake, guarantees ordered delivery, retransmits lost packets, and provides flow and congestion control. UDP is connectionless and best-effort: it just sends datagrams with no guarantee of delivery or ordering, which makes it faster with less overhead. You use TCP for web pages, email, and file transfer, and UDP for latency-sensitive traffic like video streaming, voice calls, online gaming, and DNS lookups.
3. How does the TCP three-way handshake work?
The three-way handshake sets up a TCP connection in three steps. First the client sends a SYN packet with an initial sequence number. The server replies with a SYN-ACK, acknowledging the client and sending its own sequence number. Finally the client sends an ACK back, and the connection is established so data can flow. This exchange synchronizes sequence numbers on both sides before any data is sent.
4. How does DNS work?
DNS (Domain Name System) translates human-readable domain names like example.com into IP addresses. When you request a name, the resolver checks local and browser caches first, then queries a recursive resolver, which walks the hierarchy: a root server points to the top-level domain server (such as .com), which points to the domain's authoritative name server, which returns the final IP. The answer is cached along the way based on its TTL so future lookups are faster.
5. What is the difference between HTTP and HTTPS?
HTTP sends data in plain text, so anyone between the client and server can read or tamper with it. HTTPS is HTTP layered over TLS, which encrypts the traffic, verifies the server's identity with a certificate, and protects data integrity. HTTPS typically uses port 443 while plain HTTP uses port 80, and it is now the standard for any site handling sensitive information.
6. What is TLS and how does an HTTPS connection get secured?
TLS (Transport Layer Security) is the protocol that encrypts HTTPS traffic; it is the successor to SSL. During the TLS handshake the client and server agree on a cipher suite, the server presents a certificate signed by a trusted certificate authority to prove its identity, and the two sides establish a shared session key, often using asymmetric cryptography to exchange it. After the handshake, the actual data is encrypted with fast symmetric encryption using that session key. This gives confidentiality, integrity, and authentication.
7. What is an IP address and what is the difference between IPv4 and IPv6?
An IP address is a numeric label that identifies a device on a network so packets can be routed to it. IPv4 addresses are 32 bits, written as four decimal numbers like 192.168.1.1, giving about 4.3 billion addresses. IPv6 addresses are 128 bits, written in hexadecimal groups, giving a vastly larger space to handle address exhaustion. IPv6 also simplifies the header and improves features like autoconfiguration.
8. What is subnetting and what does the subnet mask do?
Subnetting divides a large IP network into smaller logical sub-networks for better organization, security, and efficient address use. The subnet mask determines which part of an IP address is the network portion and which is the host portion, for example a /24 mask (255.255.255.0) reserves the first 24 bits for the network and the last 8 for hosts. CIDR notation like 10.0.0.0/16 expresses the mask as a prefix length. Devices use the mask to decide whether a destination is on the local subnet or must be sent to a router.
9. What is the difference between a public and a private IP address?
A public IP address is globally unique and routable on the internet, assigned to you by your ISP. A private IP address comes from reserved ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) that are used only inside local networks and are not routable on the public internet. Devices on a home or office network share private IPs internally and reach the internet through a single public IP using NAT.
10. What is the difference between a router, a switch, and a hub?
A hub is a simple Layer 1 device that broadcasts incoming data out of every port, which is inefficient and causes collisions. A switch operates at Layer 2 and uses MAC addresses to forward frames only to the specific port where the destination device is, so it is far more efficient within a local network. A router operates at Layer 3 and connects different networks together, using IP addresses to route packets between them, such as between your home network and the internet.
11. What is the difference between a MAC address and an IP address?
A MAC address is a permanent hardware identifier burned into a network interface, used for delivery within a local network segment at Layer 2. An IP address is a logical, assignable address used for routing across networks at Layer 3, and it can change as a device moves between networks. In short, the IP address identifies where a device is on the wider network, while the MAC address identifies the specific physical interface on the local link.
12. What is ARP?
ARP (Address Resolution Protocol) maps a known IP address to the MAC address needed to deliver a frame on a local network. When a device wants to send to an IP on its subnet but does not know the hardware address, it broadcasts an ARP request asking who owns that IP, and the matching device replies with its MAC address. The result is stored in an ARP cache so the lookup does not repeat for every packet.
13. What is DHCP?
DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses and other network settings to devices when they join a network, removing the need for manual configuration. A client broadcasts a request and a DHCP server leases it an IP address along with the subnet mask, default gateway, and DNS servers. The process is often summarized as DORA: Discover, Offer, Request, and Acknowledge. Leases are temporary and renewed periodically.
14. What happens when you type a URL into your browser and press Enter?
The browser first resolves the domain name to an IP address using DNS, checking caches before querying a resolver. It then opens a TCP connection to the server, performing the three-way handshake and, for HTTPS, a TLS handshake to secure it. Next it sends an HTTP request, the server responds with the HTML, and the browser parses it and requests additional resources like CSS, JavaScript, and images. Finally the browser renders the page. Along the way packets are routed across networks using IP, with each hop guided by routers.
15. What is the difference between latency and bandwidth?
Latency is the time it takes for data to travel from source to destination, usually measured in milliseconds, and is often described as the delay. Bandwidth is the maximum amount of data that can be transferred per unit of time, such as megabits per second, and is described as capacity. A useful analogy is a pipe: bandwidth is how wide the pipe is, while latency is how long it takes water to travel through it. High bandwidth does not help if latency is high, and vice versa.
16. What is congestion control in TCP?
Congestion control prevents a sender from overwhelming the network and causing widespread packet loss. TCP infers congestion mainly from lost or delayed packets and adjusts how much data it sends using a congestion window. Classic algorithms include slow start, which ramps the window up exponentially at first, congestion avoidance, which then grows it linearly, and fast retransmit and fast recovery, which react to loss without dropping all the way back. This is distinct from flow control, which prevents overwhelming the receiver specifically.
17. What are ports and what is NAT?
A port is a 16-bit number that identifies a specific application or service on a host, letting one IP address handle many connections at once; for example HTTP uses port 80, HTTPS uses 443, and SSH uses 22. NAT (Network Address Translation) lets many devices on a private network share a single public IP address: the router rewrites the source IP and port of outgoing packets and tracks the mapping so replies are returned to the correct internal device. NAT both conserves scarce public IPv4 addresses and adds a layer of isolation for the internal network.
Get these answered live in your real interview
NostrobeAI is a real-time AI interview copilot — it hears the question and drafts a strong answer on your screen, invisible on Zoom, Meet, and Teams. One-time pricing, no subscription.
Try NostrobeAI free