Network administrator interview questions

  1. What is the difference between layer 2 and layer 3 in the OSI model?
  2. What is the difference between a hub, switch, and router?
  3. What is a VLAN?
  4. What is the difference between TCP and UDP?
  5. How do you distinguish a DNS problem from a network problem?
  6. What is a runt, Giant, and collision?
  7. What is a broadcast storm?
  8. What is the purpose of VRRP?
  9. What is a VPN?
  10. What information about a peer would I need to establish a VPN?
  11. What is a full-class C in CIDR notation?
  12. What is a default route?
  13. What is a metric?
  14. What is a MAC address?
  15. What is ARP/RARP?
  16. Describe a TCP connection sequence
  17. What is MTU?
  18. What other TCP setting can you modify besides MTU to shorten packets?
This entry was posted in Networking, Unix/Linux. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

50 Comments on Network administrator interview questions

  1. Srinivas
    Posted 8/21/2005 at 10:34 pm | Permalink

    What is the difference between TCP and UDP

    TCP is a connection oriented protocol, which means that everytime a packet is sent say from host A to B, we will get an acknowledgement. Whereas UDP on the other hand, is a connection less protocol.

    Where will it be used : TCP -> Say you have a file transfer and you need to ensure that the file reaches intact, and time is not a factor, in such a case we can use TCP.

    UDP-> Media Streaming, question is say you are watching a movie…would you prefer that your movie comes..perfectly….but u need to wait a long time before you see the next frame ?..or would you prefer the movie to keep streaming…Yes…The second option is definely better….This is when we need UDP

  2. Srinivas Rajagopalan
    Posted 8/21/2005 at 10:38 pm | Permalink

    What is a MAC address?

    MAC is a machines Physical address, The internet is addressed based on a logical addressing approach. Say,when the packet reaches say the bridge connection a LAN, the question does it identify, which computer it needs to send the packet to. For this it uses the concept of ARP, Address Resolution Protocol, which it uses over time to build up a table mapping from the Logical addresses to the Physical addresses. Each computer is identified using its MAC/Physical address ( u can use the ipconfig -all option to get ur MAC address).

  3. Posted 11/14/2005 at 4:20 pm | Permalink

    What is MTU

    The MTU is the “Maximum Transmission Unit” used by the TCP protocol. TCP stands for Transmission Control Prototcol. The MTU determines the size of packets used by TCP for each transmission of data. Too large of an MTU size may mean retransmissions if the packet encounters a router along its route that can’t handle that large a packet. Too small of an MTU size means relatively more overhead and more acknowledgements that have to be sent and handled. The MTU is rated in “octets” or groups of 8 bits. The so-called “official” internet standard MTU is 576, but the standard rating for ethernet is an MTU of 1500.

  4. Vivek Kumar
    Posted 11/28/2005 at 4:57 am | Permalink

    Ques 2: Diffrence Betw. Switch , Hub, Router..
    Hub: is a layer1 device..used to connect various machine on Lan.
    2.It forwards broadcast by default.
    3.It supports one collision domain and one broadcast domain. works on Bus topolog resulting less speed.
    Switch: 1. A layer2 device.
    2. Forward broadcast first time only.
    3. one broadcast domain & colliosion domains depends on no. of ports.
    4.It is based on Star Topology giving 100mbps to every pc on Lan.
    Router: 1. Does not Broadcast by default.
    2. breaks up Broadcast domain.
    3. Also called Layer3 switch.

  5. Vivek Kumar
    Posted 11/28/2005 at 5:08 am | Permalink

    Ques 9: VPN’s
    VPN(Virtual Private Network )… these are bascially the logical networks on the physical line… you can have many VPN oveer same line..
    Need of VPN arises when your company need to increase the network but don’t want to buy any more switches.. take an eg. your dept. your room is packed with employees and ur company need to add 4 more persons to ur deptt. what will they do.. the solution is to create VPN’s…you can configure the switch ports in other deptts. and create a specific VLAN of ur that the persons can sit there and access to the required pcs.

  6. Vivek Kumar
    Posted 11/28/2005 at 5:22 am | Permalink

    Ques 12: Default Route…
    While configuring the Routers we need to give the specific routes if we are configuring a Static route..and for Default..we need not give the single route,, we just have to set the default route command on the router and we set this command on the router of last resort…that is it discovers the near by routes itself..

  7. Vivek Kumar
    Posted 11/28/2005 at 5:28 am | Permalink

    Ques 15:
    ARP: Stands for Address Resolution Protocol…whenever a request is sent by a node on one network to the node on another network the Physical address(MAC) is required and for this the IP address need to be flow over the network..whenver a router with that network (IP) gets the msg. the required MAC address is sent through the network this process of converting the IP address to MAC address is Called ARP..and the reverse thats the convertion of the Mac address to the IP address is called RARP ( Reverse Address Resolution Protocol)

  8. piyush
    Posted 2/28/2006 at 4:11 pm | Permalink

    What is the difference between layer 2 and layer 3 in the OSI model?

  9. piyush
    Posted 2/28/2006 at 4:12 pm | Permalink

    how to configure DNS in windows O/S with the command or stepes..

  10. Vijesh Chandran
    Posted 3/7/2006 at 5:23 am | Permalink

    What is the difference between layer 2 and layer 3 in the OSI model?

    Layer 2 is responsible for switching data whereas Layer 3 is responsible for routing the data.

    Layer3: With information gathered from user, Internet protocol make one IP packet with source IP and Destination IP and other relevant information. It can then route packet through router to the destination.

    Layer2: Soon after it receives IP packet from layer 3, it encapsulate it with frame header (ATM header in case of ATM technology) and send it out for switching. In case of ethernet it will send data to MAC address there by it can reach to exact destination.

  11. Aneesh
    Posted 3/30/2006 at 6:37 am | Permalink

    6)A RUNT is a packet that is too small to traverse the network. Network protocols such as Ethernet often require that packets be a minimum number of bytes in order to travel the network. Runts are often the result of packet collisions along a busy network or can result from faulty hardware that is forming the packets or from corrupted data being sent across the network.

    A giant is a packet that is too large to traverse the network. Network protocols such as Ethernet often require that packets can not be over a specific number of bytes in order to travel the network.

  12. Anjan Mitra
    Posted 6/22/2006 at 1:42 pm | Permalink

    VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network.

    VLANs provide segmentation based on broadcast domains.

    All workstations and servers used by a particular workgroup share the same VLAN, regardless of the physical connection or location.

    VLANs are created to provide segmentation services traditionally provided by physical routers in LAN configurations.

    VLANs address scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management.

    Posted 7/3/2006 at 3:57 am | Permalink

    can u tell me
    wot iz Default Mask and Subnet Mask?and there use
    wot iz PSTN,Broadband ,Baseband signalling
    4 Methods to convert digital data into analog signal
    also tell me the difference between SWITCH & HUB.
    give any example of DSL,ISDN,PSTN networks

  14. sujit singh
    Posted 10/18/2006 at 2:58 am | Permalink

    What is deffrence between broadcast domain and collision domain.

  15. Chris
    Posted 11/2/2006 at 12:25 am | Permalink

    What is a VPN?

    A VPN stands for Virtual Private Network. In english it is a direct tunnel into a remote network. It allows users to work with certain applications, printers, network drives and shares as if they where sitting in the office.

  16. Chris
    Posted 11/2/2006 at 12:36 am | Permalink

    How do you distinguish a DNS problem from a network problem?

    The first thing to do is to ping any switches, routers, or any other devices on the network. If your pings come back complete with 0% lost, then it will most likely be a DNS issue. If you can ping other devices but can not ping the switch that sits in front of the DNS, then it will be a network issue.

  17. Neha
    Posted 11/28/2006 at 5:00 am | Permalink

    7 Broadcast Storm

    A broadcast storm means that your network is overwhelmed with constant broadcast or multicast traffic. Broadcast storms can eventually lead to a complete loss of network connectivity as the packets proliferate.
    If a certain broadcast transmit threshold is reached, the port drops all broadcast traffic. Firewalls are one of the best ways to protect your network against broadcast storms.

    A state in which a message that has been broadcast across a network results in even more responses, and each response results in still more responses in a snowball effect. A severe broadcast storm can block all other network traffic, resulting in a network meltdown. Broadcast storms can usually be prevented by carefully configuring a network to block illegal broadcast messages.

  18. Neha
    Posted 11/28/2006 at 5:20 am | Permalink

    What is a metric?

    Routing tables contain information used by switching software to select the best route.
    Routing algorithms have used many different metrics to determine the best route. Sophisticated routing algorithms can base route selection on multiple metrics, combining them in a single (hybrid) metric. All the following metrics have been used:

    •Path length





    •Communication cost

  19. Ajay
    Posted 12/19/2006 at 5:32 am | Permalink

    What is the difference between layer 2 and layer 3 of OSI model?

    In the hirarchical design of the osi model , layer 3 is used fot the determinning the path of packet delivery and method of the packet to deliver. for that the routing and the routed protocol works .On the layer two , packets are segmented to data enclosed with the mac address to which the data needs to deliver . on layer 2 , ARP works to resolve the IP address to mac address .

  20. Ajay Wankhede
    Posted 12/19/2006 at 5:37 am | Permalink

    What is the difference between a hub, switch, and router?

    Hub works on layer 1 of OSI model
    Swich works on layer 2 of OSI model
    Router works on layer 3 of OSI model

    Hub does not seperate collision and broadcost domain

    swich seperate collision domain but does not seperate broadcost domain.

    router does seperate collision and broadcost domain

  21. ashok
    Posted 2/23/2007 at 3:22 am | Permalink


    what is primary name server and their uses ?

    what is secondary name server and their uses ?

    how can we identify the port numbers eg:tcp,udp etc in redhat linux (EL4)

  22. khawaja M Jawad
    Posted 3/10/2007 at 2:41 am | Permalink

    What is the difference between Layer 3 Switch and a Router ????
    What elements are required to install Windows 2003 server???

  23. Bsingh
    Posted 3/11/2007 at 11:02 pm | Permalink


    Please give me an example of the critical situation where you have to decide yourself without any help provided and you made a excellent decision? How did it arise? What did you do to solve an issue?

  24. vijayalaxmi
    Posted 3/12/2007 at 1:59 am | Permalink

    can u please give me some interview questions on winrunner,loadrunner,manual,and qtp

  25. Ashish Arya
    Posted 3/23/2007 at 4:14 am | Permalink

    What is a full-class C in CIDR notation?
    Ans :
    For class A ..default subnet mask is so CIDR notation is /8
    For class B ..default subnet mask is so CIDR notation is /16
    For class C ..default subnet mask is so CIDR notation is /24

  26. Mubarak Pathanamthitta
    Posted 4/5/2007 at 12:05 am | Permalink

    Private(Reserved) And Public IP’s?
    A computer on the Internet is identified by its IP address. In order to avoid address conflicts, IP addresses are publicly registered with the Network Information Centre (NIC). Computers on private TCP/IP LANs however do not need public addresses, since they do not need to be accessed by the public. For this reason, the NIC has reserved certain addresses that will never be registered publicly. These are known as private IP addresses, and are found in the following ranges:
    From to
    From to
    From to

  27. Irfan
    Posted 4/22/2007 at 11:03 am | Permalink

    Q: When I ping an IP address the result comes out succesfull, but when I ping with host name no result comes, ping fails. why?

  28. mamatha
    Posted 4/24/2007 at 4:07 am | Permalink

    what is socket?

    Posted 5/2/2007 at 4:28 pm | Permalink

    The purpose of the VRRP packet is to communicate to all VRRP routers the priority and the state of the Master router associated with the Virtual Router ID.

    VRRP packets are sent encapsulated in IP packets. They are sent to the IPv4 multicast address assigned to VRRP.

    Posted 5/2/2007 at 4:32 pm | Permalink

    Describe a TCP connection sequence?

    The TCP three-way handshake describes the mechanism of message exchange that allows a pair of TCP devices to move from a closed state to a ready-to-use, established connection. Connection establishment is about more than just passing messages between devices to establish communication. The TCP layers on the devices must also exchange information about the sequence numbers each device wants to use for its first data transmission, as well as parameters that will control how the connection operates. The former of these two data exchange functions is usually called sequence number synchronization, and is such an important part of connection establishment that the messages that each device sends to start the connection are called SYN (synchronization) messages.

    You may recall from the TCP fundamentals section that TCP refers to each byte of data individually, and uses sequence numbers to keep track of which bytes have been sent and received. Since each byte has a sequence number, we can acknowledge each byte, or more efficiently, use a single number to acknowledge a range of bytes received

    Posted 5/2/2007 at 4:33 pm | Permalink

    What is Socket?

    When a computer program needs to connect to a local or wide area network such as the Internet, it uses a software component called a socket. The socket opens the network connection for the program, allowing data to be read and written over the network. It is important to note that these sockets are software, not hardware, like a wall socket. So, yes, you have a much greater chance of being shocked by a wall socket than by a networking socket.

    Sockets are a key part of Unix and Windows-based operating systems. They make it easy for software developers to create network-enabled programs. Instead of constructing network connections from scratch for each program they write, developers can just include sockets in their programs. The sockets allow the programs to use the operating system’s built-in commands to handle networking functions. Because they are used for a number of different network protocols (i.e. HTTP, FTP, telnet, and e-mail), many sockets can be open at one time.

    Posted 5/2/2007 at 4:37 pm | Permalink

    When I ping an IP address the result comes out succesfull, but when I ping with host name no result comes, ping fails. why?

    Because the denied permission had been assigned to ping command (HOST NAME). Check the Firewall( windows and firewall software)

    Posted 5/2/2007 at 4:45 pm | Permalink

    how to configure DNS in windows O/S with the command or stepes….?

    Netsh commands for Interface IP. You can use commands in the Netsh Interface IP context to configure the TCP/IP protocol (including addresses, default gateways, DNS servers, and WINS servers) and to display configuration and statistical information.


  34. Edwin C
    Posted 5/17/2007 at 8:43 am | Permalink

    The socket offer 5 functions that could be used to receive data. That is read, readv,recv, recvfrom, and recvmsg. Determine which among the 5 functions support connection oriented and which support connectionless oriented. Find reasons why support different connection orientation as well as the format of every function and meaning of their arguments

  35. Neel
    Posted 8/3/2007 at 11:15 am | Permalink

    RARP is a TCP/ IP protocol term similar to ARP. RARP is the method that some machines use to determine their own IP address. Essentially, a machine sends out a packet that includes a machine hardware address. A server on the same network receives the packet and looks up the hardware address. The server then sends back the associated IP address of that machine. It is used for machines that do not have the capability to store their own IP addresses locally.

    Address Resolution Protocol. ARP is the protocol used by IP (as in TCP/IP) for address resolution. Address resolution refers to the ability of a station to resolve another station’s MAC (hardware) address given its IP address.

  36. S.BHanerjee
    Posted 9/13/2007 at 3:54 am | Permalink

    What the Purpose of VLAN?
    What is OSPF?
    What is Spanning Tree protocol?

  37. surya prakash MR
    Posted 9/13/2007 at 6:49 am | Permalink

    When I ping an IP address the result comes out succesfull, but when I ping with host name no result comes, ping fails. why?

    On the network when you ping an IP address if ping request completed with 0% of loss that mean you are able to reach that Device(ip address)
    But when u ping hostname if u get the result as RTO that means Ping is been disabled for hostname in firewall or router
    If u get ping could not find the host address that means DNS issue.Mean Name resolution is not happening.

  38. Sanket Naik
    Posted 9/26/2007 at 10:15 am | Permalink

    what is ospf?

    – Open Sortest Path First(ospf) is an interior gatway routing protocol(IGP). developed by Internet Engineering Task Force(IETF) in 1988.

    OSPF is universal routing protocol. can be used by anybody. Its a link state protocol. many advantages over distance vector protocols like fast convergance,etc.

  39. Sameer
    Posted 9/28/2007 at 9:32 pm | Permalink

    Question 11
    What is a full-class C in CIDR notation

    CIDR specifies an IP address range using a combination of an IP address and its associated network mask. CIDR notation uses the following format -

    Full Class C in CIDR notation can be represented by
    This is a 256 class C = FIRST CLASS B
    Now they here are a few more is a 128 class C is a 64 class C and so on.

    Any comments are welcome

  40. sunil
    Posted 10/12/2007 at 9:29 am | Permalink

    Every network adapter has what’s called a Media Access Control address (usually shortened to MAC address). It’s a six-byte identifying number permanently embedded in the firmware of the adapter, and is readable by the network and the operating system of the device on which the adapter is installed. All modems have a MAC address; so do all Ethernet cards. The address must follow the standards set by the Institute of Electrical and Electronics Engineers (IEEE), which sets computer networking standards. Basically, the address is a six-pair set of hexadecimal numbers, for example, a1-c2-e3-44-5f-6d

  41. Neelam
    Posted 11/20/2007 at 1:30 am | Permalink

    What the Purpose of VLAN?

    VLANs can enhance network security.
    VLANs increase the number of broadcast domains while decreasing their size.
    Network adds, moves, and changes are achieved by configuring a port into the appropriate VLAN.
    A group of users needing high security can be put into a VLAN so that no users outside of the VLAN can communicate with them.
    As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations.

    What is OSPF?

    Open Shortest Path First
    OSPF) is a non-proprietary link-state routing protocol limited to use with the TCP/IP stack. Open Shortest Path First (OSPF) is an open standards routing protocol that’s been implemented by a wide variety of network vendors, including Cisco. If you have multiple routers and not all of them are Cisco, So your remaining options are basically RIPv1, RIPv2, or OSPF. If it’s a large network, then, really, your only options are OSPF

    OSPF provides the following features:
    Consists of areas and autonomous systems
    Minimizes routing update traffic
    Allows scalability
    Supports VLSM/CIDR
    Has unlimited hop count
    Allows multi-vendor deployment (open standard)

    Characteristic of OSPF
    Type of protocol - Link-state
    Classless support - Yes
    VLSM support - Yes
    Auto summarization - No
    Manual summarization - Yes
    Discontiguous support - Yes
    Route propagation - Multicast on change
    Path metric - Bandwidth
    Hop count limit - None
    Convergence - Fast
    Peer authentication - Yes
    Hierarchical network - Yes (using areas)
    Updates Event - Triggered

    What is Spanning Tree protocol?

    In a Layer 2 environment (switching or bridging), however, no routing protocols are used, and active redundant paths are neither allowed nor desirable. Instead, some form of bridging provides data transport between networks or switch ports. The Spanning Tree Protocol (STP) provides network link redundancy so that a Layer 2 switched network can recover from failures without intervention in a timely manner. It vigilantly monitors the network to find all links, making sure that no loops occur by shutting down any redundant links. STP uses the spanning-tree algorithm (STA) to first create a topology database, then search out and destroy redundant links.

  42. Harry
    Posted 12/17/2007 at 4:29 am | Permalink


    Possibly the DNS entry of the server with host name) you are accessing successfully through IP address is not done. You need to ask your System administrator to do that. Once done, then ur server can be accessed using IP as well as its host name.

  43. M.Rizwan shah
    Posted 4/27/2008 at 11:38 pm | Permalink

    Yes Its very nice to get these important points here.Actually I want to correct some thing, you mention in switch question that it broadcast first time only, Actually this is not the case, The correct statement is, Swithch boradcast every time,whenever it detects a new machine is attatched with it,in order to build its table.

  44. rashid
    Posted 8/20/2008 at 10:48 pm | Permalink

    well switch broadcast everytime when new machine is added into a Network after getting a mac address it add this address into its cam table along with its associated port , switch is a layer 2 device i.e Data link layer ,switch also broadcast when it can’t find any mac address in its cam table , also switch each port is a seperate Collision Domain , for a switch of 100MBPS it mean switch each port is working on 100MBPS , 10/100MBPS means switch can work on 10MBPS and 100MBPS
    it can also auto detect the 10/100MBPS

  45. rashid
    Posted 8/20/2008 at 11:00 pm | Permalink

    transport layer TCP & UDP
    data is segmented in this layer
    we have segments
    TCP — acknowledgments , sequence numbers
    concept of windowing , error recovery
    Concept of sockets and port numbers

    UDP — fast transmission without error recovery , no sequence no’s , no windowing
    lower over head

    Network layer or layer 3 : we have packets in network layer , logical addresses ,
    router work on this layer
    protocol for this layer is IP
    router breaks broadcast domains
    by default routers do not forward

    Data link or layer 2
    Frames are form in this layer
    physical addresses or MAC addresses
    Ethernet is the main protocol
    for this layer
    Switch work on data link layer
    switch breaks collision domains
    switch each port is a seperate
    collision domain
    features of data link
    mac address
    error discovery ,error recovery is performed by TCP in Transport layer
    switch builds cam tables
    if u want more detail how switch build cam table etc or how routers make routing decisions etc plz ask thank you

  46. Sabeesh Chorode
    Posted 9/3/2008 at 1:48 am | Permalink

    Answer to Qtn No.1
    The layer2 ,datalink layer is responsible for moving frames
    from one hop(node)to the next.Whereas in layer3 i,e network
    layer is responsible for the delivery of individual packets
    from source host to destination host.

  47. Rimkick
    Posted 10/15/2008 at 11:31 am | Permalink

    A default route is the path used by the device when no other routes have been created. Generally it is the next hop out of a device to a router, out to the LAN or out to the WAN. Each hop along the way will have a default route. A router must have a default created and if having multiple ports, it must have one port set up as the default port with the route. Routes have 3 parts, network, gateway, cost with a port being an option. A default route days that all traffic will use this route if no other routes have been created,

  48. Fahad
    Posted 10/29/2008 at 9:09 am | Permalink

    What is the best disaster recovery plan of a company?

  49. siva
    Posted 12/9/2008 at 5:27 am | Permalink

    Difference between layer2 and layer3

    Layer2:- It is used to send data using mac address and by frames.

    Layer3:- It is used to send data using ip address and by packets

  50. kishore
    Posted 2/4/2009 at 3:15 am | Permalink

    dear sir

    why do we use c range of ip address(192 range) in organizations .

    plse let me know

    thanking you sir

Post a Comment

Your email is never published nor shared. Required fields are marked *