Top 30 Computer Networks Interview Questions for Freshers (2025)

The OSI (Open Systems Interconnection) model is a conceptual framework for how network communication works. 7 layers (top to bottom): 7. Application (HTTP, FTP, SMTP — user-facing protocols). 6. Presentation (encryption, encoding, compression — SSL/TLS). 5. Session (establish, manage, terminate sessions). 4. Transport (end-to-end delivery, segmentation — TCP/UDP). 3. Network (logical addressing, routing — IP, ICMP). 2. Data Link (MAC addressing, framing, error detection — Ethernet, Wi-Fi). 1. Physical (bits over wire/wireless — cables, signals). Mnemonic: 'All People Seem To Need Data Processing.'

TCP/IP is the practical 4-layer model used in the internet. Application layer (maps to OSI 5+6+7 — HTTP, DNS, FTP, SMTP). Transport layer (OSI 4 — TCP, UDP). Internet layer (OSI 3 — IP, ICMP, ARP). Network Access/Link layer (OSI 1+2 — Ethernet, Wi-Fi). TCP/IP is descriptive (what the internet actually does); OSI is prescriptive (a reference model). All real internet communication uses TCP/IP — OSI is used for understanding and troubleshooting.

TCP (Transmission Control Protocol): connection-oriented (three-way handshake), reliable (guarantees delivery, ordering, no duplicates), flow control, congestion control, slower. Use for: HTTP/HTTPS, email, file transfer, databases. UDP (User Datagram Protocol): connectionless, unreliable (no guarantee of delivery, order, or deduplication), no handshake, much lower overhead, faster. Use for: DNS (fast lookups), video streaming, online gaming, VoIP — where speed matters more than perfection. UDP packets are called datagrams.

The three-way handshake establishes a TCP connection before data transfer: 1. SYN: client sends a segment with SYN flag set and a random initial sequence number (ISN) to the server. 2. SYN-ACK: server responds with SYN+ACK flags, acknowledging the client's ISN+1 and sending its own ISN. 3. ACK: client sends ACK acknowledging the server's ISN+1. Now both sides know each other's sequence numbers and the connection is established. Connection teardown uses a four-way handshake (FIN, ACK, FIN, ACK).

An IP address is a logical identifier assigned to a device on a network, used for routing packets. IPv4: 32-bit, written as 4 decimal octets (192.168.1.1), supports ~4.3 billion addresses — exhausted in 2011. IPv6: 128-bit, written as 8 groups of 4 hex digits (2001:0db8:85a3::8a2e:0370:7334), supports ~3.4×10³⁸ addresses, built-in IPsec, simpler header, no broadcast (uses multicast). IPv6 adoption is growing but many networks still use IPv4 with NAT to extend address space.

DNS (Domain Name System) translates human-readable domain names (google.com) to IP addresses. Resolution steps: 1. Browser checks its cache. 2. OS checks its cache + /etc/hosts. 3. Query sent to Recursive Resolver (ISP or 8.8.8.8). 4. Resolver queries Root Name Server (knows TLD servers). 5. Resolver queries TLD Name Server (.com server — knows authoritative NS). 6. Resolver queries Authoritative Name Server (returns the actual IP). 7. IP cached at each level with TTL. DNS uses UDP on port 53 (TCP for large responses or zone transfers).

Hub (Layer 1): broadcasts all data to all ports — no intelligence, creates collisions, obsolete. Switch (Layer 2): uses MAC address table to forward frames only to the correct port — no collisions, creates separate collision domains. Router (Layer 3): routes packets between different IP networks using IP addresses and routing tables — connects your LAN to the internet, performs NAT. Summary: hub broadcasts blindly, switch forwards intelligently within a LAN, router connects different networks and makes forwarding decisions based on IP.

NAT translates private IP addresses (192.168.x.x, 10.x.x.x) to one public IP address for internet communication, and vice versa for return traffic. This extends IPv4 address space — thousands of devices can share one public IP. The router maintains a NAT table mapping (private IP:port ↔ public IP:port). Types: Static NAT (one-to-one), Dynamic NAT (pool of public IPs), PAT/NAPT (many-to-one using ports — most common home router setup). Downside: NAT breaks true end-to-end connectivity (problems for P2P, VoIP, gaming).

HTTP (HyperText Transfer Protocol): application-layer protocol for transferring web content, port 80, plaintext — all data is visible to anyone intercepting traffic. HTTPS: HTTP over TLS (Transport Layer Security), port 443, encrypted. TLS uses asymmetric encryption (RSA/ECDH) to exchange a symmetric key, then encrypts all traffic with that key. HTTPS prevents eavesdropping, tampering, and man-in-the-middle attacks. TLS also authenticates the server via a digital certificate signed by a Certificate Authority. Always use HTTPS — Chrome now marks HTTP sites as 'Not Secure.'

GET: retrieve a resource (no body, idempotent, cacheable). POST: submit data to create a resource (has body, not idempotent). PUT: replace a resource entirely (idempotent). PATCH: partial update of a resource (not necessarily idempotent). DELETE: remove a resource (idempotent). HEAD: like GET but returns only headers, no body — used to check if resource exists. OPTIONS: returns supported methods for a URL (used in CORS preflight). Idempotent means calling it multiple times has the same effect as calling it once.

A MAC (Media Access Control) address is a 48-bit hardware identifier burned into every network interface card (NIC) at the factory. Written as 6 hex pairs (AA:BB:CC:DD:EE:FF). The first 3 bytes identify the manufacturer (OUI — Organizationally Unique Identifier); the last 3 are unique to the device. MAC addresses operate at Layer 2 (Data Link) — used for local network delivery. Unlike IP addresses, MACs don't change with network topology (though they can be spoofed in software). ARP translates IP addresses to MAC addresses within a LAN.

ARP resolves IP addresses to MAC addresses within a local network. Process: when a device wants to send a packet to 192.168.1.5 but doesn't know its MAC, it broadcasts an ARP Request ('Who has 192.168.1.5?') to all devices on the LAN. The device with that IP replies with an ARP Reply ('I have 192.168.1.5, my MAC is XX:XX:XX:XX:XX:XX'). The requester caches this mapping in its ARP table (ARP cache). ARP Spoofing: attacker sends fake ARP replies to poison ARP caches — used for man-in-the-middle attacks.

Subnetting divides a large network into smaller sub-networks (subnets) for better organization, security, and IP efficiency. A subnet mask defines which part of an IP address is the network and which is the host. Example: IP 192.168.1.50, mask 255.255.255.0 (/24) — first 3 octets are network (192.168.1), last octet is host (50). CIDR notation: /24 means 24 bits for network, 8 for hosts (254 usable addresses). Subnetting shrinks broadcast domains, isolates security zones, and allows efficient IP allocation.

A firewall is a network security device (hardware or software) that monitors and filters incoming/outgoing traffic based on predefined security rules. Types: Packet Filter (inspects IP/port headers, stateless). Stateful Firewall (tracks connection state, knows if a packet belongs to an established session). Application/Proxy Firewall (deep packet inspection, understands application protocols). NGFW (Next-Gen): combines stateful + DPI + IDS/IPS + SSL inspection. Rules are evaluated top-to-bottom; first match wins. A DMZ (demilitarized zone) uses two firewalls to isolate public-facing servers.

A VPN (Virtual Private Network) creates an encrypted tunnel over a public network (internet) between two endpoints, making remote connections appear as if they're on a private network. Use cases: remote work (employee connects to company network securely), bypass geo-restrictions, privacy from ISP. Types: Site-to-site VPN (connects entire networks), Remote access VPN (individual user to network), SSL VPN (browser-based). Protocols: OpenVPN, WireGuard, IPSec/IKEv2, L2TP. VPN encrypts data in transit but the VPN provider can see your traffic — zero trust models are replacing traditional VPNs.

Bandwidth: the maximum data transmission capacity of a link — like the width of a pipe (e.g., 1 Gbps Ethernet). Throughput: actual data successfully transferred per unit time — what you really get (lower than bandwidth due to overhead, errors, congestion). Latency (RTT): the time for a packet to travel from source to destination and back. High bandwidth doesn't mean low latency — a satellite link can have 50 Mbps but 600ms latency. Low latency matters for real-time apps (gaming, VoIP); high throughput matters for file transfer and streaming.

DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses and network configuration to devices when they join a network. DORA process: Discover (client broadcasts 'I need an IP'), Offer (DHCP server offers an IP), Request (client accepts the offer), Acknowledge (server confirms the lease). DHCP also provides: subnet mask, default gateway, DNS server addresses, lease duration. Without DHCP, every device would need a manually configured static IP. DHCP server is usually the router on home networks, or a dedicated server in enterprises.

TLS (Transport Layer Security) is the cryptographic protocol securing HTTPS, email, and other network communications. TLS 1.3 handshake: 1. Client Hello (supported TLS version, cipher suites, random nonce). 2. Server Hello (chosen cipher suite, its certificate, server random). 3. Client verifies the server certificate against trusted CAs. 4. Key Exchange (ECDH): both sides compute the same shared secret without transmitting it. 5. Session keys derived from shared secret + randoms. 6. Finished messages verify the handshake wasn't tampered with. All subsequent data encrypted with symmetric keys (AES-GCM). TLS 1.3 reduced handshake from 2 round trips to 1.

A port is a 16-bit number (0–65535) that identifies a specific process or service on a host (HTTP = 80, HTTPS = 443, SSH = 22). Ports allow multiplexing — multiple services run on the same IP. A socket is an endpoint for communication — the combination of IP address + port + protocol (TCP or UDP). A socket pair (client socket + server socket) uniquely identifies a connection. In code, a socket is a file descriptor you read/write to communicate over the network. Well-known ports: 0–1023 (requires root). Registered: 1024–49151. Ephemeral: 49152–65535.

Forward Proxy: sits between clients and the internet, forwarding requests on behalf of clients. Clients are aware of it. Used for: internet access control, caching, anonymity (hide client IP from servers). Reverse Proxy: sits in front of backend servers, forwarding requests from clients on behalf of servers. Clients are usually unaware of it. Used for: load balancing, SSL termination, caching, DDoS protection, API gateway. Examples: Nginx and HAProxy are common reverse proxies. Cloudflare is a reverse proxy + CDN. Your corporate web filter is a forward proxy.