Curated questions covering OSI model, TCP/IP, DNS, HTTP/HTTPS, subnetting, routing protocols, security, and modern web networking concepts.
Client --> SYN (seq=x) --> Server
Client <-- SYN-ACK (seq=y,ack=x+1) <-- Server
Client --> ACK (ack=y+1) --> Server
# Connection establishedSubnetting divides a network into smaller sub-networks. Uses a subnet mask (e.g., /24 = 255.255.255.0) to separate network and host portions of an IP address. Benefits: reduces broadcast traffic, improves security, and efficient IP allocation.
Network: 192.168.1.0/24
Subnet mask: 255.255.255.0
Hosts: 192.168.1.1 - 192.168.1.254 (254 usable)
Broadcast: 192.168.1.255NAT translates private IP addresses to a public IP address (and vice versa). Allows multiple devices on a private network to share one public IP. Types: Static NAT (1:1), Dynamic NAT (pool), PAT/Masquerade (many:1 using ports).
A CDN is a distributed network of servers (edge nodes) that cache and serve content from locations geographically close to users. Reduces latency, improves load times, and offloads traffic from origin servers. Examples: Cloudflare, AWS CloudFront, Akamai.
A VPN creates an encrypted tunnel between a client and a VPN server, routing traffic through it. Provides privacy, security on public networks, and access to private networks remotely. Protocols: OpenVPN, WireGuard, IPsec, L2TP.
DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses, subnet masks, gateways, and DNS servers to devices on a network. Process: DORA - Discover, Offer, Request, Acknowledge. Reduces manual configuration.
ARP maps IP addresses to MAC addresses on a local network. When a device wants to communicate with an IP, it broadcasts an ARP request. The device with that IP replies with its MAC address. ARP cache stores recent mappings.
# View ARP cache
arp -a
# ARP request: "Who has 192.168.1.1? Tell 192.168.1.100"
# ARP reply: "192.168.1.1 is at aa:bb:cc:dd:ee:ff"ICMP (Internet Control Message Protocol) is used for network diagnostics and error reporting. Not for data transfer. Used by ping (echo request/reply) and traceroute. Common messages: echo request/reply, destination unreachable, time exceeded.
A socket is an endpoint for network communication identified by IP address + port number. Types: TCP socket (stream), UDP socket (datagram), Unix domain socket (local IPC). Socket API: socket(), bind(), listen(), accept(), connect(), send(), recv().
# Python TCP server
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("0.0.0.0", 8080))
s.listen(5)
conn, addr = s.accept()A Distributed Denial of Service (DDoS) attack floods a target with traffic from many sources (botnet) to exhaust resources and make it unavailable. Types: volumetric (bandwidth flood), protocol (SYN flood), application layer (HTTP flood). Mitigated by rate limiting, CDN, and traffic scrubbing.
// WebSocket client
const ws = new WebSocket("wss://example.com/ws");
ws.onmessage = (event) => console.log(event.data);
ws.send("Hello server");An API gateway is a server that acts as the single entry point for all client requests to backend services. Handles: routing, authentication, rate limiting, SSL termination, load balancing, request/response transformation, and monitoring.
A reverse proxy sits in front of backend servers and forwards client requests to them. Benefits: load balancing, SSL termination, caching, compression, and hiding backend topology. Examples: Nginx, HAProxy, Traefik.
CORS is a browser security mechanism that restricts web pages from making requests to a different domain than the one that served the page. Server must include CORS headers (Access-Control-Allow-Origin) to allow cross-origin requests. Preflight OPTIONS request checks permissions.
Rate limiting restricts the number of requests a client can make in a time window. Prevents abuse, DDoS, and API overuse. Algorithms: Token Bucket, Leaky Bucket, Fixed Window, Sliding Window. Returns HTTP 429 Too Many Requests when exceeded.
BGP is the routing protocol of the internet. It manages how packets are routed between autonomous systems (AS) - large networks like ISPs. BGP is a path-vector protocol that selects routes based on policies, not just shortest path. BGP hijacking is a major security concern.
OSPF is a link-state interior gateway routing protocol. Each router builds a complete map of the network topology using LSAs (Link State Advertisements). Uses Dijkstra's algorithm to find shortest paths. Used within an autonomous system. Faster convergence than RIP.
After a TCP connection closes, the initiating side enters TIME_WAIT for 2*MSL (Maximum Segment Lifetime, typically 60-120 seconds). Purpose: ensures delayed packets from old connection are discarded, and allows remote side to retransmit FIN if ACK was lost. Can cause port exhaustion under high connection rates.
A VLAN logically segments a physical network into separate broadcast domains without requiring separate physical infrastructure. Configured on managed switches using 802.1Q tagging. Benefits: security isolation, reduced broadcast traffic, and flexible network design.
QoS mechanisms prioritize certain types of network traffic to ensure performance for critical applications. Techniques: traffic classification, queuing (priority queuing, WFQ), traffic shaping, and policing. Used to prioritize VoIP and video over bulk file transfers.
ping google.com
traceroute google.com # Linux/Mac
tracert google.com # WindowsHSTS is a web security policy that forces browsers to use HTTPS for a domain. Server sends Strict-Transport-Security header with max-age. Browser remembers and refuses HTTP connections for that domain. Prevents SSL stripping attacks. HSTS preload list is built into browsers.
Explore 500+ free tutorials across 20+ languages and frameworks.