Networking interview questions cover concepts from basic, intermediate and advanced. Network engineer interview questions are on architecture, troubleshooting, and configuration under different scenarios. Cracking the network administrator interview questions requires hands-on knowledge of the OSI Model, TCP/IP stack, and hardware.
Rather than definitions and descriptions, in answering networking interview questions, you are evaluated for your technical proficiency, depth and width of practical experience, and the ability to find the root cause of a problem. In network engineer interview questions, demonstrate core knowledge of diverse hardware stacks, technologies that use them, optimizing, and balancing.
This article covers top networking inteview questions and their answers that will help you crack the interview and land your dream job.
Key Takeaways
- Networking interview questions vary in technical depth and breadth for beginner, intermediate, and expert levels.
- Network engineer interview questions cover architecture, TCP/ IP, troubleshooting, and configuration under different scenarios.
- You will be asked to draw and explain flowcharts on TCP handshake, TLS Handshake, Multi-region Design, Troubleshooting Flowchart, and other topics.
- Prepare by reading about protocols, implementations, and practice with Cisco Packet Tracer, GNS3, or EVE-NG to build scenarios and practice configuration commands.
Basic Networking Interview Questions
Q1. What is the OSI model, and what does each layer do?
The OSI Model – Open Systems Interconnection Model is a conceptual framework of seven layers that shows how networking systems communicate over a network. The following table shows each layer name, primary function, protocol, and device examples of the OSI model.
| Layer Number | Layer Name | Primary Function | Protocol Examples | Device Examples |
|---|---|---|---|---|
| 7 | Application | User interface, network applications | HTTP, FTP, SMTP, DNS | Gateways, PCs, Servers |
| 6 | Presentation | Data formatting, encryption, compression | SSL/TLS, ASCII, JPEG | Redirectors, Gateways |
| 5 | Session | Managing sessions (establish, maintain, terminate) | NetBIOS, RPC, PPTP | Firewalls, Gateways |
| 4 | Transport | End-to-end connections, reliability, segmentation | TCP, UDP | Firewalls, Gateways |
| 3 | Network | Routing, logical addressing (IP) | IPv4, IPv6, ICMP, OSPF | Routers, Layer 3 Switches |
| 2 | Data Link | Physical addressing (MAC), framing, error detection | Ethernet, PPP, Switch, ARP | Switches, Bridges, NICs |
| 1 | Physical | Physical transmission of raw bits, media, signals | Bluetooth, USB, DSL | Cables, Hubs, Repeaters |
Q2. What is the difference between TCP and UDP?
The OSI Model – Open Systems Interconnection Model is a conceptual framework of seven layers that shows how networking systems communicate over a network. The following table shows each layer name, primary function, protocol, and device examples of the OSI model.
| Feature | TCP | UDP |
|---|---|---|
| Connection type | Connection-oriented (requires handshake) | Connectionless (no handshake required) |
| Reliability | Highly reliable; guarantees delivery via retransmission | Unreliable; no guarantee of delivery |
| Ordering | Guarantees packets arrive in sequence | No ordering; packets may arrive out of order |
| Speed | Slower (higher overhead, 20-60 byte header) | Faster (lower overhead, 8-byte header) |
| Error checking | Extensive, with error recovery | Basic checksums; drops faulty packets |
| Use cases | HTTP/HTTPS, FTP, Email, SSH | VoIP, Video Streaming, Gaming, DNS |
Q3. How does DNS resolution work?
Domain Name System (DNS) resolution is the process of converting human-readable domain names, such as abc.com, into machine-readable IP addresses, such as 195.0.2.1.
A five-step process in the DNS resolution chain from browser to authoritative nameserver is:
- The browser checks the OS cache if the domain has a resolved IP address.
- If not available, a request is sent to a recursive resolver from your ISP or public DNS like Google DNS.
- The resolver queries a root nameserver and sends the request to the appropriate TLD nameserver, such as abc.com.
- The TLD nameserver points to the domain’s authoritative nameserver.
- The authoritative nameserver gives the IP address that is sent to the browser to initiate the connection.
Q4. What is the difference between a hub, switch, and router?
Routers link several networks, such as a home to the internet, with IP addresses.
Switches link devices in a single LAN, using MAC addresses to deliver data.
Hubs are legacy, unintelligent devices that broadcast data to all ports.
| Feature | Hub | Switch | Router |
|---|---|---|---|
| OSI Layer | Physical Layer (Layer 1) | Data Link Layer (Layer 2) | Network Layer (Layer 3) |
| Function | Broadcasts data to all devices | Sends data to the specific device using MAC address | Routes data between different networks using IP address |
| Data Handling | No filtering, sends to all ports | Intelligent forwarding based on MAC table | Determines best path using routing table |
| Collision Domain | One (shared by all devices) | Separate per port | Separate per interface |
| Broadcast Domain | One | One (unless VLANs used) | Breaks broadcast domains |
| Speed & Efficiency | Slow, inefficient | Faster, efficient | Most efficient for large networks |
| Security | Low (all data visible to all devices) | Moderate | High (supports NAT, firewall, etc.) |
| Typical Use | Obsolete, rarely used | LAN (connecting devices in same network) | Connecting different networks (e.g., internet access) |
Q5. What is subnetting and why does it matter?
Subnetting splits a large IP network into smaller sub-networks by borrowing bits from the host portion of an IP address. It improves network performance and security with isolation, making IP address allocation efficient.
An example of CIDR notation and subnetting calculation for 192.168.1.0/24 is:
- Network Address: 192.168.1.0
- Subnet Mask: 255.255.255.0 (/24)
- Usable Host Range: 192.168.1.1 – 192.168.1.254
- Broadcast Address: 192.168.1.255
/24 indicates that the first 24 bits are the network portion, such as 192.168.1.0/24 for subnet mask 255.255.255.0
Q6. What is ARP and when does it run?
ARP resolves a Layer 3 IP address and a Layer 2 MAC address to allow a device to deliver a frame on the local network.
ARP triggers when a device sends data to an IP address on the same subnet but doesn’t know the destination MAC. It triggers when the ARP cache has no entry or the entry has expired. It also triggers when sending traffic to a default gateway, such as a router, and resolves the gateway’s MAC first.
Q7. What is NAT and what problem does it solve?
Network Address Translation (NAT) allows routers to translate private IP addresses to public IP addresses so devices on a local network can communicate with external networks like the internet.
NAT solves the problem of IPv4 address exhaustion, where public IP addresses for every device worldwide are not available. It allows several devices in a private network to share a single public IP.
NAT was needed when the internet grew massively, and the limited pool of IPv4 addresses was not sufficient. NAT extended the life of IPv4 by enabling IP address reuse inside private networks and reducing the need for unique public IPs for every device.
Q8. What is the difference between IPv4 and IPv6?
Internet Protocol version 4 and 6 are protocols to identify devices on networks. The following table compares IPv4 vs IPv6.
| Feature | IPv4 | IPv6 |
|---|---|---|
| Adoption Status | Address depletion | Dominant and growing but expensive |
| Address Length | 32-bit | 128-bit |
| Address Format | Decimal (e.g., 192.168.1.1) | Hexadecimal (e.g., 2001:db8::1) |
| Address Capacity | ~4.3 billion | 340 undecillion (huge!) |
| NAT (Network Address Translation) | Required | Not required |
| Configuration | Manual / DHCP | Auto-configuration supported |
| Security | Optional (IPSec) | Built-in (IPSec mandatory) |
| Broadcast | Supported | Not supported (uses multicast) |
| Header Complexity | Simpler | More efficient (optimized) |
Q9. What happens when you type a URL in the browser? (networking-specific)
A multi-step process runs to fetch and display the webpage. The steps are given below:
- DNS resolution: Resolver is queried by the client for cache and DNS servers to map the domain name to an IP address.
- ARP lookup in local network: When the destination is on the same LAN, ARP resolves the IP address to a MAC address.
- TCP connection setup: The client initiates a connection to the server using the TCP three-way handshake, which involves sending a SYN packet, followed by a SYN-ACK packet, and finally an ACK packet.
- TLS handshake for HTTPS: The client and server use encryption through TLS, exchanging certificates and keys, and establish a secure channel.
- HTTP request sent: Over the established connection, the client sends an HTTP request to the server.
- Server processing and response: The request is processed by the server and returns an HTTP response with a status code, headers, and body over the same connection.
- Connection reuse/teardown: The connection is kept alive for reuse or closed through TCP connection termination with FIN/ACK sequence.
Also Read: Top 50 Must-Know System Design Interview Questions (with Answers)
Q10. What is a default gateway?
It is the router that sends traffic when the destination is outside the local network, and without a default gateway, you can’t reach external networks, such as the internet.
Q11. What is DHCP, and how does it work?
Dynamic Host Configuration Protocol (DHCP) automatically assigns IP settings to devices with the DORA process. The DORA process is: Discover the client broadcasts a request, Offer the server proposes an IP, the Request client accepts, and Acknowledge the server confirms release.
Q12. What is the difference between HTTP and HTTPS?
HTTP sends data in plain text over port 80, and HTTPS encrypts data with TLS over port 443. In HTTPS, certificate validation occurs during the TLS handshake before any HTTP data is exchanged.
Q13. What is a MAC address, and how is it different from an IP address?
A MAC address is a hardware identifier seen at the Data Link layer 2 and is fixed to the device and used for communication within a local network. An IP address works at the Network layer 3, is logical and can change, and is used to route traffic across networks like the Internet.
Q14. What port numbers should every engineer know?
The port quick reference table every engineer should know is:
| Protocol | Port | Use |
|---|---|---|
| HTTP | 80 | Unencrypted web traffic |
| HTTPS | 443 | Encrypted web traffic (TLS/SSL) |
| DNS | 53 | Domain name resolution (UDP/TCP) |
| SSH | 22 | Secure remote login and command execution |
| FTP | 20/21 | File transfer (20 = data, 21 = control) |
| SMTP | 25 | Sending emails between mail servers |
| DHCP | 67/68 | Automatic IP assignment (67 = server, 68 = client) |
| ICMP | — | Network diagnostics (no ports, uses IP protocol) |
| BGP | 179 | Routing between autonomous systems |
| RDP | 3389 | Remote desktop access |
Q15. What is a firewall and what are the main types?
A firewall is a network security system that monitors and filters incoming and outgoing traffic based on predefined rules. The main types of firewalls are:
- Packet-filtering firewall: It inspects the source/destination IP, port, and protocol headers.
- Stateful inspection firewall: It tracks connection state and allows packets belonging to valid sessions.
- Proxy (application-level) firewall: It inspects full application-layer traffic by acting as an intermediary.
- Next-generation firewall (NGFW): It inspects deep packet content, applications, and can include IDS/IPS features.
Intermediate Networking Interview Questions
This section gives an operational understanding of how things work, fail, and interact.
Q16. How does the TCP three-way handshake work?
The TCP three-way handshake creates a reliable connection in three steps:
- SYN: In this step, the client sends a SYN packet to start a connection, and the client enters SYN-SENT.
- SYN-ACK: Server responds with SYN-ACK to acknowledge, server enters SYN-RECEIVED.
- ACK: Client sends ACK back to confirm.
After the third step, the two sides enter the ESTABLISHED state, and data transfer can begin.
The following image illustrates the process of the TCP handshake sequence:
Q17. What is the difference between a stateful and stateless firewall?
A stateful firewall tracks the state of active connections and allows/blocks traffic based on the context of an ongoing session. A stateless firewall inspects each packet independently using predefined rules without awareness of past or related traffic.
Q18. What is a VLAN and why is it used?
A Virtual Local Area Network (VLAN) is a logical segmentation of a physical network that groups devices into separate broadcast domains irrespective of their physical location. It is used to improve security and performance by isolating traffic, reducing broadcast traffic, and allowing better network management and segmentation.
Q19. How does BGP work at a high level?
Border Gateway Protocol (BGP) is a path-vector routing protocol that runs over TCP port 179 and is used to exchange routing information between networks. It routes between Autonomous Systems (AS) by advertising prefixes along with attributes like AS-path, selecting the best path based on policies and not the shortest distance. eBGP operates between different ASes for internet routing, while iBGP runs within the same AS to distribute external routes internally.
Q20. What is OSPF, and how does it differ from BGP?
OSPF (Open Shortest Path First) is a link-state routing protocol used in a single autonomous system, calculating shortest paths using the Shortest Path First (SPF) algorithm. BGP is a path-vector protocol used between autonomous systems, making routing decisions based on policies and path attributes rather than the shortest path.
Q21. How does a CDN work, and what problem does it solve?
A Content Delivery Network (CDN) is a distributed system of edge node servers geographically closer to users that cache and serve content. When a user makes a request, it is routed via DNS or Anycast to the nearest edge node, which delivers cached content instead of hitting the origin server. It reduces latency, speeds up load times, and lowers load on the main server.
Also Read: Top Cloud Engineer Interview Questions for FAANG+ Roles 2026
Q22. What is load balancing and what are the main algorithms?
Load Balancing distributes incoming network or application traffic across multiple servers to ensure a server is not overloaded, improving availability, scalability, and performance. The following table presents the algorithms, how they work, and a use case.
| Algorithm | How It Works | Best Use Case |
|---|---|---|
| Round Robin | Requests are distributed sequentially across all servers | Simple setups with equally capable servers |
| Weighted Round Robin | Each server gets traffic based on assigned weight | Servers with different capacities |
| Least Connections | Sends traffic to the server with the fewest active connections | Long-lived connections (e.g., DB, WebSockets) |
| Least Response Time | Chooses server with fastest response + least active connections | Performance-critical applications |
| IP Hash | Routes requests based on client IP hash | Session persistence (sticky sessions) |
| Random | Randomly selects a server | Simple but less predictable distribution |
| Weighted Least Conn. | Combines weights with least connections logic | Mixed-capacity environments with varying loads |
Q23. What is the TLS handshake?
TLS Handshake establishes a secure, encrypted connection between a client and a server. The main steps in the TLS handshake are:
- ClientHello: Client sends supported TLS versions, cipher suites, and a random value to initiate the connection.
- ServerHello: Server selects the cipher suite, returns its certificate, and sends its own random value.
- Key Exchange & Verification: Client verifies the certificate through Public Key Infrastructure, generates a pre-master secret, and both derive session keys.
- Finished: Both client and server send encrypted “Finished” messages to confirm the handshake and start secure communication.
Also Read: Security Engineering Interview Questions and Answers 2026
Q24. What is a VPN and how does tunneling work?
A VPN builds an encrypted tunnel over a public network by encapsulating the original IP packets inside another packet, encrypting them, and routing them to a VPN server, which decapsulates and forwards them. Common tunneling protocols include IPsec ESP/AH, OpenVPN TLS-based, and WireGuard UDP with modern cryptography.
Q25. What is the difference between routing and switching?
Routing operates at the OSI Layer 3 or Network layer and forwards packets based on IP addresses between different networks. Switching operates at the OSI Layer 2 Data Link layer and forwards frames within a network using MAC addresses.
Q26. What is QoS, and when would you configure it?
Quality of Service (QoS) prioritizes network traffic by classifying and queuing packets so critical flows get guaranteed bandwidth, lower latency, and minimal packet loss. It can be configured on congested networks or limited-bandwidth links to ensure latency-sensitive traffic like VoIP or video conferencing) performs reliably.
Q27. What is a reverse proxy, and how does it differ from a forward proxy?
A reverse proxy is in front of backend servers, receives client requests, and forwards them to internal services, hiding server details and enabling load balancing, e.g., Nginx is an example. A forward proxy is in front of clients, sending outbound requests to the internet on their behalf, masking client identity, while a reverse proxy represents servers to incoming clients.
Q28. What is packet fragmentation, and when does it occur?
Packet fragmentation is when a packet exceeds the path’s MTU, causing a router IPv4 or the sender IPv6 to split it into smaller fragments for transmission. Reassembly happens at the destination host’s network layer, where fragments are combined back into the original packet.
Q29. What is the difference between full-duplex and half-duplex?
Full-duplex allows simultaneous bidirectional communication with send and receive at the same time, while half-duplex allows only one direction at a time, and devices must take turns transmitting. A duplex mismatch, one side full, the other half commonly causes collisions, retransmissions, and poor throughput, making it a frequent troubleshooting issue.
Q30. What is an SLA in networking, and what metrics define it?
A Service Level Agreement (SLA) is a formal contract of the expected performance and reliability of a network service between a provider and a customer. Key metrics include uptime/availability, latency, jitter, packet loss, and throughput, for example, “99.9% uptime” allows about 43 minutes of downtime per month.
Advanced Networking Interview Questions
This section provides networking interview questions for mid-senior engineers and infra candidates, as well as system design and architecture screens.
Q31. What is VXLAN, and why is it used in data center networking?
Virtual Extensible LAN (VXLAN) runs Layer 2 networks over a Layer 3 underlay with UDP encapsulation. VXLAN Tunnel Endpoints (VTEPs) encapsulate/decapsulate Ethernet frames into VXLAN packets for transport across the IP fabric. VTEPs solve the VLAN scale limit of 4096 IDs with a 24-bit VXLAN Network Identifier (VNI), allowing 16 million logical networks and better multi-tenant isolation.
Use cases are large cloud/data center fabrics such as spine-leaf, where VMs or containers need seamless Layer 2 connectivity across racks or sites for mobility and scalable multi-tenancy.
Q32. What is SD-WAN, and how does it differ from traditional WAN?
Software-Defined WAN (SD-WAN) decouples the control plane from hardware with a centralized software controller to dynamically steer traffic across multiple links, like broadband, LTE, and MPLS, based on policy and real-time conditions.
SD-WAN differs from traditional WANs by using application-aware routing, encryption, and overlay tunnels over any IP transport.SD-WAN reduces cost and increases agility by shifting from expensive private links to hybrid/Internet-based connectivity with centralized orchestration and visibility.
Also Read: 100+ AWS Interview Questions for Tech Interview Preparation
Q33. How does BGP handle route selection and what attributes influence it?
Border Gateway Protocol (BGP) selects the best path for a prefix by comparing attributes in a strict, ordered decision process. The following table details the priority, attribute, direction, and notes for BGP.
| Priority | Attribute | Direction | Notes |
|---|---|---|---|
| 1 | Weight | Local (Cisco) | Highest preferred; not propagated to peers; router-specific. |
| 2 | LOCAL_PREF | Inbound (iBGP) | Higher preferred; used to influence outbound traffic across the AS; shared within AS. |
| 3 | AS_PATH length | Path (External) | Shorter path preferred; helps prevent loops and reflects fewer AS hops. |
| 4 | Origin | Path (External) | Preference: IGP (best) > EGP > Incomplete; indicates how the route was introduced. |
| 5 | MED | Inbound (External) | Lower preferred; suggests preferred entry point into an AS; compared between the same neighboring AS. |
| 6 | eBGP over iBGP | Path Type | eBGP-learned routes preferred over iBGP-learned routes. |
| 7 | IGP metric | Internal (IGP) | Lower cost to next-hop preferred; evaluates closest exit within the AS. |
Q34. What is ECMP and when would you use it?
Equal-Cost Multi-Path (ECMP) enables a router to install multiple best paths for the same cost and load-balance traffic across them on a per-flow or per-packet basis, depending on the platform. It is used when parallel links or paths exist with equal metrics to increase throughput, improve redundancy, and utilize bandwidth efficiently without relying on a single path.
Q35. What is a DDoS attack, and how do you mitigate it at the network level?
A Distributed Denial of Service (DDoS) attack overcomes a target with a massive flood of Internet traffic from multiple, compromised sources. Common types of DDoS include volumetric, protocol, and application-layer attacks. At the network layer, mitigation includes rate limiting, ACL filtering, traffic scrubbing/blackholing, Anycast distribution, and upstream ISP/CDN protection.
The following table presents DDoS types and mitigation methods.
| Attack Type | Example | Mitigation |
|---|---|---|
| Volumetric | UDP flood, DNS amplification | Traffic scrubbing centers, Anycast routing, rate limiting |
| Protocol | SYN flood, Ping of Death | SYN cookies, connection limiting, firewall/IPS filtering |
| Application layer | HTTP GET/POST flood | WAF, bot detection, request rate limiting |
Q36. What is zero-trust networking and how does it differ from perimeter-based security?
Zero-Trust Networking (ZTN) uses a “never trust, always verify” model, every user/device is continuously authenticated and authorized per request, with least-privilege access enforced at a granular level. Unlike perimeter-based security, ZTN assumes no trusted network zone and applies identity and context-based controls across all internal and external traffic.
A canonical implementation is software-defined access with identity-aware proxies or microsegmentation, such as BeyondCorp-style architecture, and connects users directly to specific applications rather than the network.
Q37. What is BFD, and why is it used?
Bidirectional Forwarding Detection (BFD) is a protocol that quickly detects forwarding path/link failures between two systems by sending frequent control packets. It has been used since native routing protocols like OSPF/BGP rely on slower timers, while BFD provides sub-second failure detection for faster convergence.
Q38. How would you design the network for a multi-region, high-availability application?
The steps are:
- Global traffic steering (GeoDNS / Anycast): Use GeoDNS with latency, geo-based routing, or Anycast IPs to direct clients to the nearest healthy region. Decrease latency and allow region-level failover at the DNS or routing edge.
- Region isolation with independent ingress: Each region has its own public ingress VIPs/load balancers, edge firewalls, and is fully self-sufficient; no hard dependency on another region for serving traffic to avoid cascading failures.
- Dynamic failover with BGP: Advertise region prefixes via BGP, e.g., through multiple edge locations/providers; on failure, withdraw routes so traffic automatically converges to healthy regions faster and more deterministically than DNS-only failover.
- Inter-region connectivity design: Use redundant, high-throughput private links e.g., cloud backbone, MPLS, or IPSec tunnels over the internet) In a partial/full mesh, depending on scale; ensure diverse physical paths to avoid single points of failure.
- Traffic engineering and health signaling: Combine health checks with routing policy, e.g., DNS health probes and BGP communities/AS-path prepending to control failover behavior and balance load across regions during normal and degraded states.
- Security and segmentation at the edge: Enforce consistent network security controls WAF, DDoS protection, ACLs, segmentation) per region; ensure policies are replicated and independently enforceable to maintain availability during partial outages.
Q39. What is the difference between MPLS and IP routing?
In IP routing, packets are forwarded hop-by-hop using destination IP lookups in routing tables at every router. MPLS forwards packets with pre-assigned labels, label switching, and avoiding repeated lookups. MPLS is preferred for predictable traffic engineering, QoS, and VPN services in large service provider networks.
Q40. How does anycast routing work, and where is it used?
Anycast routing gives an identical IP prefix to several geographically distributed nodes, and routing protocols such as BGP, and direct traffic to the nearest/lowest-cost instance based on network topology. It’s used in CDNs to serve content from the closest edge node, and in DNS root/recursive servers, route queries to the nearest resolver for low latency and resilience.
Q41. What is network segmentation, and what are its security benefits?
Network segmentation divides a network into isolated segments through VLANs, subnets, or microsegmentation, and enforces traffic control between them using routing policies and ACLs/firewalls. It limits lateral movement, contains breaches to a segment, reduces attack surface, and allows tighter, least-privilege access control between workloads.
Q42. What are the trade-offs between TCP and QUIC?
QUIC is used by HTTP/3 and runs over UDP and integrates TLS and transport, giving 0-RTT/1-RTT handshakes, no head-of-line blocking across streams, and better performance on lossy/mobile networks compared to TCP.
The trade-offs are higher CPU/complexity in user space, harder middlebox visibility/debugging, and less mature tooling vs TCP’s long-established ecosystem. It also risks UDP blocking/rate-limiting on some networks, whereas TCP is universally supported and more predictable across legacy infrastructure.
Networking Troubleshooting Questions
The figure illustrates the network troubleshooting flowchart. The five layers are given along with the network issues detected and the possible solutions. This section presents scenario-based questions from senior-level and infra/DevOps screens.
Q43. You are seeing intermittent packet loss on a production link. How do you diagnose it?
The following steps help to diagnose the problem of intermittent packet loss on a production link.
- Application (L7): You need to check the service health and logs of curl, HTTP logs, and APM tools to confirm if the loss is app-visible.
- Transport (L4): Next, validate TCP/UDP pattern using netstat, ss, or tcpdump and detect retransmissions, drops, or resets.
- Network (L3): Use ping, traceroute/mtr, and ip route to identify latency, hop-wise loss, or routing issues.
- Data Link (L2): Inspect interface stats with ethtool, ifconfig/ip -s link, and switch counters for CRC errors, drops, or duplex mismatches.
- Physical (L1): Check cables, optics, and hardware using ethtool, link LEDs, and device logs for signal loss or flaps.
Q44. A service is suddenly unreachable. DNS resolves correctly. What do you check next?
When a service suddebly becomes unreachable, but the DNS resolves correctly, you should follow the below steps:
- Connectivity: Verify basic reachability with ping and path with traceroute/mtr to confirm where traffic stops.
- Transport/Port: Check if the service port is open using nc (netcat), telnet, or ss/netstat for listening sockets.
- Firewall/Security: Inspect host/network filtering via iptables/nftables, ufw, or cloud security groups for blocked traffic.
- Service Health: Validate the application is running and bound correctly using systemctl, docker ps, or service logs.
- Packet Inspection: Capture traffic with tcpdump or Wireshark to see SYN/SYN-ACK flow and pinpoint drops or resets.
Q45. Your application has high latency between two data centers. Walk me through your investigation.
The steps in the investigation are:
- Baseline latency and path: Measure RTT and path stability with ping and mtr/traceroute to see where delay increases.
- Routing analysis: Check route asymmetry or suboptimal paths using traceroute (both directions), IP route, and (if available) BGP looking glass.
- Transport behavior: Inspect retransmissions, windowing, and RTT variance with ss -i and tcpdump/Wireshark.
- Link/interface health: Review errors, drops, and utilization via ifconfig/ip -s link, ethtool, and interface counters on routers/switches.
- Capacity & shaping: Verify congestion or QoS limits using iperf for throughput tests and check traffic shaping/policing configs.
Q46. A firewall change was deployed, and traffic is now being dropped. How do you approach this?
The steps are:
- Verify the traffic that is failing from source/destination/port, and reproduce using tools like ping, curl, or telnet to confirm the drop.
- Check firewall logs and counters such as iptables -L -v, show access-list to see which rule is denying the traffic.
- Compare the recent change with the previous config (diff) to pinpoint the exact rule/order causing the block.
- Validate rule logic, ACL order, implicit deny, NAT/policy interactions, and test a fix in a controlled manner.
- If required, roll back to the last known good configuration, restore traffic, then reapply the change safely.
Q47. Users on one VLAN cannot reach resources on another VLAN that they previously could. What is the likely cause?
The likely causes are:
- Firewall/ACL change blocking inter-VLAN traffic. This is common, especially after recent policy updates.
- Routing issue on the Layer 3 device with missing/incorrect SVI, route, or inter-VLAN routing disabled.
- VLAN misconfiguration from wrong VLAN assignment, trunk port not carrying the VLAN, or tagging mismatch.
- NAT or security policy change affecting traffic between subnets (less common but possible in segmented networks).
Q48. BGP peering between the two routers dropped. Walk me through troubleshooting. (network engineering role)
You can answer this question by mentioning the following steps:
- Verify basic reachability to the peer loopback/update-source using ping/traceroute and confirm TCP 179 is reachable with no firewall drops.
- Check BGP session state to show IP BGP summary or vendor equivalent to see if it is Idle/Active/Established, and note the last error.
- Validate configuration on both sides, correct neighbor IP, remote-as, update-source, TTL eBGP multihop, and authentication MD5/password.
- Inspect logs and debug output to show log, debug BGP events for resets, hold timer expiry, or capability/AFI-SAFI mismatches.
- Confirm routing to peer loopbacks and underlying IGP stability; if needed, clear session, clear IP BGP after fixing issues.
Also Read: CI/CD Interview Questions Answers for Freshers and Experienced
Quick Reference – Protocols, Ports, and Concepts
Cheat-sheet block for the night before an interview.
| Protocol | Port | Layer | Use |
| HTTP | 80 | 7 | Web traffic |
| HTTPS | 443 | 7 | Encrypted web |
| DNS | 53 | 7 | Domain resolution |
| SSH | 22 | 7 | Secure remote access |
| FTP | 20/21 | 7 | File transfer |
| SMTP | 25 | 7 | Email (outbound) |
| DHCP | 67/68 | 7 | IP assignment |
| RDP | 3389 | 7 | Remote desktop |
| BGP | 179 | 7 (TCP) | Inter-AS routing |
| ICMP | none | 3 | Ping / error reporting |
| ARP | none | 2 | IP to MAC resolution |
The following table represents important concepts of networking and gives their one-line definitions:
| Concept | One-line definition |
|---|---|
| NAT (Network Address Translation) | Translates private IP addresses to public IPs (and vice versa) to enable internet access and conserve IPv4 space. |
| Subnetting | Divides a network into smaller logical segments to improve routing efficiency and isolation. |
| CIDR (Classless Inter-Domain Routing) | IP addressing scheme that uses variable-length prefixes (e.g., /24) for flexible and efficient route aggregation. |
| VLAN (Virtual LAN) | Logically segments a Layer 2 network into isolated broadcast domains on the same physical infrastructure. |
| VPN (Virtual Private Network) | Creates an encrypted tunnel over a public network to securely connect remote users or sites. |
| CDN (Content Delivery Network) | Distributed edge servers that cache and deliver content from locations closest to users to reduce latency. |
| Load Balancer | Distributes incoming traffic across multiple servers to improve availability, scalability, and performance. |
| Reverse Proxy | Intermediary server that sits in front of backend servers to handle requests, often for security, caching, or load balancing. |
| TLS (Transport Layer Security) | Cryptographic protocol that encrypts data in transit to ensure confidentiality and integrity. |
| Anycast | Routing technique where multiple nodes share the same IP and traffic is directed to the nearest/optimal one. |
| QoS (Quality of Service) | Mechanisms that prioritize and manage network traffic to ensure performance for critical applications. |
Conclusion
The networking interview questions guide 2026 presented key networking questions and answers for beginner, intermediate, and expert networking engineers. Several commonly asked networking interview questions and answers on important topics were presented.
To crack the network engineer interview question, read extensively on networking topics. Use Cisco Packet Tracer, GNS3, or EVE-NG to build scenarios and practice configuration commands.
References
- National estimates for Computer Network Architects
- Network engineer demographics and statistics in the US
Recommended Reads:
