1. What is the Difference Between IPv4 and IPv6?
| Feature | IPv4 | IPv6 |
|---|---|---|
| Address size | 32-bit | 128-bit |
| Format | Decimal (e.g., 192.168.1.1) | Hexadecimal (e.g., 2001:db8::1) |
| Address space | ~4.3 billion | Practically unlimited |
| NAT required | Yes | Not required |
| Security | Optional | Built-in (IPsec support) |
| Header complexity | Simpler | More efficient and structured |
Explanation:
- IPv4 was designed for early internet scale but ran out of addresses
- IPv6 solves this with a vastly larger address space and improved routing efficiency
Example:
- A home network uses private IPv4 + NAT
- A modern ISP can assign unique IPv6 addresses to every device
2. What is CIDR (Classless Inter-Domain Routing)?
CIDR is a method of allocating IP addresses and routing that replaces class-based addressing.
Key idea:
- Uses variable-length subnet masks (VLSM)
- Represented as:
192.168.1.0/24
Benefits:
- Efficient IP utilization
- Reduces routing table size
- Enables route aggregation
Example:
Instead of multiple Class C networks:
- CIDR allows grouping into one block like
/22
3. What is BGP and How Does It Work?
BGP (Border Gateway Protocol) is an exterior gateway protocol used to exchange routing information between different autonomous systems (AS).
Type:
- Path vector protocol
How it works:
- Routers share route information (AS paths)
- Select best path based on policies and attributes
Key features:
- Scalable
- Policy-based routing
- Loop prevention using AS path
Example:
- Internet routing between ISPs is handled by BGP
4. What are Interior and Exterior Routing Protocols?
Interior Gateway Protocols (IGP)
- Used within a single autonomous system
Examples:
- OSPF
- RIP
Exterior Gateway Protocols (EGP)
- Used between different autonomous systems
Example:
- BGP
Difference:
| Feature | IGP | EGP |
|---|---|---|
| Scope | Within network | Between networks |
| Speed | Faster | Slower |
| Complexity | Lower | Higher |
5. What is OSPF and How Does It Work?
OSPF (Open Shortest Path First) is a link-state routing protocol used within an autonomous system.
How it works:
- Routers exchange link-state information
- Build a complete network topology map
- Use Dijkstra’s algorithm to calculate shortest path
Key features:
- Fast convergence
- Supports large networks
- Uses cost metric
Example:
Enterprise networks use OSPF for efficient internal routing
6. What is RIP and Its Limitations?
RIP (Routing Information Protocol) is a distance vector routing protocol.
How it works:
- Uses hop count as metric
- Maximum hop count = 15
Limitations:
- Slow convergence
- Limited scalability
- Periodic updates increase traffic
- Not suitable for large networks
Example:
Small networks may still use RIP due to simplicity
7. What is MPLS?
MPLS (Multiprotocol Label Switching) is a technique that forwards data based on labels instead of IP addresses.
How it works:
- Packets are assigned labels
- Routers forward based on labels (faster than IP lookup)
Benefits:
- Faster forwarding
- Traffic engineering
- Supports QoS
Example:
Used by ISPs to efficiently route traffic across backbone networks
8. What is QoS (Quality of Service)?
QoS is a mechanism used to prioritize network traffic and ensure performance for critical applications.
Parameters:
- Bandwidth
- Latency
- Jitter
- Packet loss
Techniques:
- Traffic shaping
- Prioritization
- Queuing
Example:
- Video calls are prioritized over file downloads
9. What is SDN (Software Defined Networking)?
SDN is a networking approach that separates the control plane from the data plane, allowing centralized network management.
Key idea:
- Network is controlled via software (controller)
Benefits:
- Centralized control
- Programmability
- Flexibility
Example:
- Data centers dynamically managing traffic using SDN controllers
10. What is VXLAN?
VXLAN (Virtual Extensible LAN) is a network virtualization technology that extends Layer 2 networks over Layer 3 infrastructure.
How it works:
- Encapsulates Ethernet frames in UDP packets
- Uses VXLAN Network Identifier (VNI)
Purpose:
- Supports large-scale cloud environments
- Enables multi-tenant networks
Example:
Used in cloud data centers to connect virtual machines across different physical locations
GRE (Generic Routing Encapsulation) is a tunneling protocol used to encapsulate one network protocol inside another.
Purpose:
- Create virtual point-to-point links over an IP network
- Carry non-IP protocols over IP
How it works:
- Original packet is wrapped inside a GRE header
- Then transmitted over the network
Example:
Connecting two office networks securely over the internet using a GRE tunnel.
Use case:
- VPNs
- Site-to-site communication
12. What is IP Fragmentation?
IP fragmentation is the process of breaking a large IP packet into smaller fragments so it can pass through networks with smaller MTU limits.
Why needed:
- Different networks support different packet sizes
How it works:
- Packet is divided into fragments
- Each fragment is sent separately
- Reassembled at the destination
Example:
Sending a large file over a network with small MTU:
- Packet gets split into multiple fragments
13. What is MTU?
MTU (Maximum Transmission Unit) is the maximum size of a packet that can be transmitted over a network without fragmentation.
Common values:
- Ethernet: 1500 bytes
Why important:
- Larger MTU → better efficiency
- Smaller MTU → more fragmentation
Example:
If MTU = 1500 bytes:
- Any packet larger than this must be fragmented
14. What is Path MTU Discovery?
Path MTU Discovery is a technique used to determine the smallest MTU along the path between source and destination.
How it works:
- Sender sends packets with DF (Don't Fragment) flag
- If packet is too large:
- Router sends ICMP “Fragmentation Needed” message
- Sender reduces packet size accordingly
Benefit:
- Avoids fragmentation
- Improves performance
Example:
Optimizing packet size for long-distance communication
15. What is Packet Sniffing?
Packet sniffing is the process of capturing and analyzing network packets for monitoring or troubleshooting.
Uses:
- Network debugging
- Security analysis
- Traffic monitoring
Types:
- Passive sniffing
- Active sniffing
Example:
Monitoring network traffic to detect suspicious activity
16. What is tcpdump?
tcpdump is a command-line tool used in Linux/Unix systems to capture and analyze network packets.
Features:
- Real-time packet capture
- Filter-based capture
- Lightweight and powerful
Example command:
tcpdump -i eth0
This captures all traffic on interface eth0.
17. How Do You Capture Packets for a Specific Host or Port?
You can use filters in tcpdump to capture targeted traffic.
Capture for a specific host:
tcpdump host 192.168.1.1
Capture for a specific port:
tcpdump port 80
Combine filters:
tcpdump host 192.168.1.1 and port 80
Example:
Capture HTTP traffic from a specific server for debugging.
18. What is the Linux Routing Table?
The Linux routing table is a data structure that stores routes used to forward packets.
Contains:
- Destination network
- Gateway
- Interface
- Metric
Command to view:
ip route
Example output:
192.168.1.0/24 dev eth0
default via 192.168.1.1
19. How Do You Add a Static Route in Linux?
A static route can be added using the ip route command.
Syntax:
ip route add <destination> via <gateway>
Example:
ip route add 10.0.0.0/24 via 192.168.1.1
Meaning:
- Send traffic for 10.0.0.0/24 via gateway 192.168.1.1
20. What is Network Namespace in Linux?
A network namespace is a feature in Linux that provides isolated network environments within a single system.
Key idea:
- Each namespace has its own:
- Interfaces
- IP addresses
- Routing tables
Use cases:
- Containers (Docker)
- Testing network configurations
Example:
Creating a namespace:
ip netns add test_ns
Benefit:
- Multiple independent networks on one machine
21. What is Bridging vs Bonding vs VLAN?
These are three different techniques used in networking, each solving a different problem.
Bridging
Bridging connects multiple network segments at Layer 2, making them behave like a single network.
Purpose:
- Extend LAN
- Forward frames based on MAC addresses
Example:
Connecting two LAN segments so devices can communicate as if on the same network.
Bonding (Link Aggregation)
Bonding combines multiple network interfaces into one logical interface.
Purpose:
- Increase bandwidth
- Provide redundancy (failover)
Example:
Two Ethernet cables combined to act as one faster, fault-tolerant link.
VLAN (Virtual LAN)
A VLAN logically divides a physical network into multiple isolated broadcast domains.
Purpose:
- Network segmentation
- Security and performance
Example:
- HR and IT departments separated using VLANs on the same switch
Summary:
| Feature | Bridging | Bonding | VLAN |
|---|---|---|---|
| Layer | Layer 2 | Layer 2 | Layer 2 |
| Purpose | Connect networks | Combine links | Segment network |
| Benefit | Extended LAN | Speed + redundancy | Isolation |
22. What is the Difference Between iptables and nftables?
Both are Linux firewall frameworks used to filter and control network traffic.
iptables
- Older system
- Uses separate tables (filter, nat, mangle)
- Complex syntax
- Less efficient with large rule sets
nftables
- Modern replacement
- Unified rule set
- Better performance
- Simpler and more flexible
Key differences:
| Feature | iptables | nftables |
|---|---|---|
| Architecture | Separate tables | Unified |
| Performance | Lower | Higher |
| Syntax | Complex | Cleaner |
| Scalability | Limited | Better |
Example:
Modern Linux distributions prefer nftables for firewall management.
23. What is traceroute?
Traceroute is a tool used to track the path packets take from source to destination.
How it works:
- Sends packets with increasing TTL (Time To Live)
- Each router returns ICMP “time exceeded” message
- Displays each hop along the path
Example:
traceroute google.com
Output shows:
- Each router (hop)
- Time taken
24. What is mtr?
mtr (My Traceroute) is a tool that combines traceroute and ping, providing real-time network diagnostics.
Features:
- Continuous monitoring
- Shows latency and packet loss
- Dynamic updates
Example:
mtr google.com
Advantage:
- Better for diagnosing unstable networks compared to traceroute
25. What is the Difference Between netstat and ss?
Both are used to view network connections, but:
netstat
- Older tool
- Slower
- Deprecated in many systems
ss
- Modern replacement
- Faster and more efficient
- Uses kernel data structures directly
Example:
ss -tuln
Shows listening ports
26. What is the Difference Between ip and ifconfig?
ifconfig
- Older tool
- Limited functionality
- Mostly deprecated
ip
- Modern tool
- More powerful and versatile
- Supports advanced networking features
Example:
ip addr show
Capabilities of ip:
- Manage routes
- Configure interfaces
- Handle tunnels
27. How Do You Check Established Connections in Linux?
Use the ss command:
ss -t state established
Explanation:
-
-t→ TCP connections -
state established→ only active connections
Alternative:
netstat -an | grep ESTABLISHED
28. How Do You Identify Which Process is Using a Port?
Use the following commands:
Using lsof:
lsof -i :80
Using ss:
ss -tulnp
Using netstat:
netstat -tulnp
Example:
Find which process is using port 3000:
lsof -i :3000
29. What is DNS Resolution Process?
DNS resolution is the process of converting a domain name into an IP address.
Steps:
- User enters domain in browser
- Local cache is checked
- Request sent to DNS resolver
- Resolver queries:
- Root server
- TLD server (.com, .org)
- Authoritative server
- IP address returned
- Browser connects to server
Example:
Typing example.com:
- DNS returns IP →
93.184.216.34 - Browser loads website
Key concept:
- Hierarchical system
- Distributed globally
- Uses caching for performance
31. What is /etc/resolv.conf?
/etc/resolv.conf is a configuration file in Linux that defines how DNS resolution is performed.
Contains:
- DNS server IP addresses
- Search domains
- Resolver options
Example:
nameserver 8.8.8.8
nameserver 1.1.1.1
search example.com
Explanation:
- When a system needs to resolve a domain name, it queries the listed DNS servers
Use case:
- Configuring custom DNS (e.g., Google DNS, Cloudflare DNS)
32. What is /etc/hosts?
/etc/hosts is a local file used to map domain names to IP addresses manually, without using DNS.
Example:
127.0.0.1 localhost
192.168.1.10 myserver.local
How it works:
- System checks
/etc/hostsbefore querying DNS
Use cases:
- Local development
- Blocking domains
- Testing without DNS
33. What is TLS Handshake?
The TLS handshake is the process used to establish a secure connection between client and server before data transmission.
Steps:
- Client Hello → supported protocols, cipher suites
- Server Hello → selects cipher, sends certificate
- Key exchange → shared secret established
- Secure connection established
Outcome:
- Both parties agree on encryption method
- Session keys are generated
Example:
When you open a secure website (https://), TLS handshake happens first
34. What is SSL/TLS Encryption?
SSL/TLS encryption is used to secure communication over a network by encrypting data between client and server.
Key features:
- Confidentiality → data is encrypted
- Integrity → data cannot be altered
- Authentication → verifies server identity
How it works:
- Uses asymmetric encryption for key exchange
- Uses symmetric encryption for data transfer
Example:
Online banking websites use TLS to protect sensitive data
35. What is Diffie-Hellman Key Exchange?
Diffie-Hellman is a cryptographic method used to securely exchange keys over an insecure channel.
Key idea:
- Two parties generate a shared secret without directly sending it
Steps (simplified):
- Agree on public values
- Each generates private key
- Exchange computed values
- Derive shared secret
Example:
Used during TLS handshake to establish secure session keys
36. Which Diffie-Hellman Groups are Secure?
Security depends on the size and type of the group (prime/modulus).
Secure groups:
- 2048-bit or higher (Group 14 and above)
- Elliptic Curve Diffie-Hellman (ECDHE) preferred
Examples:
- Group 14 (2048-bit)
- Group 16+ (larger sizes)
Best practice:
- Use ECDHE for better security and performance
37. What is Load Balancing in Networking?
Load balancing is the technique of distributing incoming traffic across multiple servers to ensure efficiency and reliability.
Goals:
- Prevent overload
- Improve availability
- Reduce latency
Types:
- Hardware load balancer
- Software load balancer
Example:
A high-traffic website distributes requests across multiple backend servers
38. What is L4 vs L7 Load Balancing?
L4 (Transport Layer)
- Works based on IP and port
- Faster and simpler
- Does not inspect content
Example:
Routes traffic based on TCP/UDP ports
L7 (Application Layer)
- Works based on content (URL, headers)
- More intelligent routing
- Slightly slower
Example:
-
/api→ backend A -
/images→ backend B
Difference:
| Feature | L4 | L7 |
|---|---|---|
| Layer | Transport | Application |
| Speed | Faster | Slightly slower |
| Intelligence | Basic | Advanced |
| Use case | Simple routing | Smart routing |
39. What is NAT Traversal?
NAT traversal is a technique that allows devices behind NAT to establish direct communication over the internet.
Problem:
- NAT hides internal IP addresses
- External devices cannot directly reach internal devices
Solution techniques:
- STUN
- TURN
- ICE
Example:
Video calling apps (like Zoom, WebRTC) use NAT traversal to connect peers
40. What is Multicast Routing?
Multicast routing is the process of efficiently delivering data from one source to multiple receivers using multicast groups.
Key idea:
- Instead of sending multiple copies, network sends one stream and replicates where needed
Protocols used:
- IGMP (group membership)
- PIM (routing protocol)
Example:
Live video streaming to multiple users simultaneously
41. What is ECMP?
ECMP (Equal-Cost Multi-Path) is a routing technique that allows multiple paths with the same cost to be used simultaneously for forwarding traffic.
How it works:
- If multiple routes to a destination have equal cost, traffic is distributed across them
- Load sharing is typically based on hashing (e.g., source/destination IP)
Benefits:
- Better bandwidth utilization
- Redundancy and fault tolerance
Example:
A data center has two equal paths to a server cluster:
- Traffic is split across both paths instead of using only one
42. What is Anycast Routing?
Anycast routing is a method where multiple servers share the same IP address, and traffic is routed to the nearest or best-performing server.
How it works:
- Routing protocols direct traffic to the closest node (based on routing metrics)
Benefits:
- Low latency
- High availability
- Automatic failover
Example:
Global DNS services use anycast:
- User request goes to the nearest DNS server
43. What is STP (Spanning Tree Protocol)?
STP is a Layer 2 protocol used to prevent loops in network topologies with redundant paths.
Problem it solves:
- Loops can cause broadcast storms and network failure
How it works:
- Selects a root bridge
- Disables redundant paths
- Ensures a loop-free topology
Example:
In a network with multiple switches:
- STP blocks one path to prevent loops
44. What is RSTP?
RSTP (Rapid Spanning Tree Protocol) is an improved version of STP that provides faster convergence and quicker recovery from topology changes.
Key improvements:
- Faster transition to forwarding state
- Reduced downtime
Example:
When a link fails:
- RSTP reconfigures the network much faster than STP
46. What is Link Aggregation (LACP)?
Link Aggregation combines multiple physical network links into a single logical link.
LACP (Link Aggregation Control Protocol) is used to manage this process.
Benefits:
- Increased bandwidth
- Redundancy
- Load balancing
Example:
Two 1 Gbps links combined:
- Act as one 2 Gbps logical connection
47. What is VLAN Tagging (802.1Q)?
802.1Q is a standard used for tagging Ethernet frames to identify VLAN membership.
How it works:
- Adds a VLAN tag to the frame header
- Allows multiple VLANs on a single physical link (trunk)
Example:
A trunk port carries traffic for VLAN 10 and VLAN 20:
- Each frame includes a VLAN ID
48. What is Network Segmentation?
Network segmentation is the practice of dividing a network into smaller, isolated segments.
Purpose:
- Improve security
- Reduce broadcast traffic
- Enhance performance
Methods:
- VLANs
- Subnets
- Firewalls
Example:
Separating finance and HR networks:
- Prevents unauthorized access
49. What is Packet Loss?
Packet loss occurs when data packets fail to reach their destination.
Causes:
- Network congestion
- Hardware failure
- Signal interference
Impact:
- Poor call quality
- Slow applications
- Data retransmissions
Example:
In video calls:
- Missing packets cause freezing or distortion
50. What is Jitter Buffering?
Jitter buffering is a technique used to smooth out variations in packet arrival times (jitter).
How it works:
- Temporarily stores incoming packets
- Delivers them at a consistent rate
Use case:
- VoIP
- Video streaming
Example:
During a voice call:
- Buffer ensures smooth audio despite network delays
51. What is Network Congestion?
Network congestion occurs when network demand exceeds available bandwidth, causing delays and packet loss.
Symptoms:
- High latency
- Packet drops
- Reduced throughput
Causes:
- Too many users
- Limited bandwidth
- Inefficient routing
Example:
Internet slows down during peak hours due to congestion
52. What is Zero-Trust Networking?
Zero-trust networking is a security model that assumes no device or user is trusted by default, even inside the network.
Principles:
- Verify every request
- Least privilege access
- Continuous monitoring
Key idea:
- “Never trust, always verify”
Example:
Even internal employees must authenticate and be authorized before accessing systems