You are on page 1of 14

General Network Engineer Interview Questions

Describe the OSI model.

(pronounced as separate letters) Short for Open System Interconnection, an ISO standard for
worldwide communications that defines a networking framework for implementing protocols in
seven layers. Control is passed from one layer to the next, starting at the application layer in one
station, proceeding to the bottom layer, over the channel to the next station and back up the
At one time, most vendors agreed to support OSI in one form or another, but OSI was too loosely
defined and proprietary standards were too entrenched. Except for the OSI-compliant X.400 and
X.500 e-mail and directory standards, which are widely used, what was once thought to become
the universal communications standard now serves as the teaching model for all other protocols.
Most of the functionality in the OSI model exists in all communications systems, although two or
three OSI layers may be incorporated into one.
OSI is also referred to as the OSI Reference Model or just the OSI Model.
Open System Interconnection an ISO standard for worldwide communications that defines a
networking framework for implementing protocols in seven layers.The seven layers &
Functions are:
(Layer 7) This layer supports application and end-user processes. Communication partners are
identified, quality of service is identified, user authentication and privacy are considered, and any
constraints on data syntax are identified. Everything at this layer is application-specific. This
layer provides application services for file transfers, e-mail, and other network software services.
Telnet and FTP are applications that exist entirely in the application level. Tiered application
architectures are part of this layer.
(Layer 6) This layer provides independence from differences in data representation (e.g.,
encryption) by translating from application to network format, and vice versa. The presentation
layer works to transform data into the form that the application layer can accept. This layer
formats and encrypts data to be sent across a network, providing freedom from compatibility
problems. It is sometimes called the syntax layer.
(Layer 5) This layer establishes, manages and terminates connections between applications. The
session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues
between the applications at each end. It deals with session and connection coordination.
(Layer 4) This layer provides transparent transfer of data between end systems, or hosts, and is
responsible for end-to-end error recovery and flow control. It ensures complete data transfer.

(Layer 3) This layer provides switching and routing technologies, creating logical paths, known
as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions
of this layer, as well as addressing, internetworking, error handling, congestion control and
packet sequencing.
Data Link
(Layer 2) At this layer, data packets are encoded and decoded into bits. It furnishes transmission
protocol knowledge and management and handles errors in the physical layer, flow control and
frame synchronization. The data link layer is divided into two sub layers: The Media Access
Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls
how a computer on the network gains access to the data and permission to transmit it. The LLC
layer controls frame synchronization, flow control and error checking.
(Layer 1) This layer conveys the bit stream electrical impulse, light or radio signal through
the network at the electrical and mechanical level. It provides the hardware means of sending and
receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet,
RS232, and ATM are protocols with physical layer components.
Application Layers Usage Example :
7. Application Layer NNTP SIP SSI DNS FTP Gopher HTTP NFS NTP SMPP
SMTP SNMP Telnet (more)
6. Presentation Layer : MIME XDR
5. Session Layer : Named Pipes NetBIOS SAP
4. Transport Layer : TCP UDP PPTP SCTP SSL TLS
3. Network Layer : IP ICMP IPsec IGMP IPX AppleTalk
2. Data Link Layer ARP : CSLIP SLIP Ethernet Frame relay ITU-T DLL L2TP
1. Physical Layer : RS-232 V.35 V.34 I.430 I.431 T1 E1 POTS SONET/SDH OTN
DSL 802.11a/b/g/n PHY ITU-T PHY
What is the difference between a repeater, bridge, router? Relate this to the OSI model
(sometimes called Transparent bridges ) work at OSI model Layer 2. This means they dont
know anything about protocols, but just forward data depending on the destination address in the
data packet. This address is not the IP address, but the MAC (Media Access Control) address that

is unique to each network adapter card. Bridges are very useful for joining networks made of
different media types together into larger networks, and keeping network segments free of data
that doesnt belong in a particular segment.
Switches are the same thing as Bridges, but usually have multiple ports with the same flavor
connection (Example: 10/100/10000BaseT).
Switches can be used in heavily loaded networks to isolate data flow and improve performance.
In a switch, data between two lightly used computers will be isolated from data intended for a
heavily used server, for example. Or in the opposite case, in auto sensing switches that allow
mixing of 10 and 100Mbps connections, the slower 10Mbps transfer wont slow down the faster
100Mbps flow.
Forwards every frame it receives
it is a generator,not an amplifier(i.e it removes noise & regenerates signal )
Bi-directional in nature
Useful in increasing ethernet size/length
Maximum of 5 Repeaters in an Ethernet
Links dissimilar n/ws
not transparent to end stations
acts on a network layer frame
isolates LAN to subnets to manage & control traffic

Describe an Ethernet switch and where it fits into the OSI model.

A switch is a hardware device that works at Layer 2 of the OSI model data link. The data link
layer is where the Ethernet protocol works.
A switch switches Ethernet frames by keeping a table of what MAC addresses have been seen on
what switch port. The switch uses this table to determine where to send all future frames that it
receives. In Cisco terminology, this table is called the CAM table (content addressable memory).
In general, the proper term for this table is the bridge forwarding table. If a switch receives a
frame with a destination MAC address that it does not have in its table, it floods that frame to all
switch ports. When it receives a response, it puts that MAC address in the table so that it wont
have to flood next time.
A switch is a high-speed multiport bridge. This is why bridges are no longer needed or
manufactured. Switches do what bridges did faster and cheaper. Most routers can also function as

You might be asking how a hub fits into this mix of devices. A hub is a multiport repeater. In
other words, anything that comes in one port of a hub is duplicated and sent out all other ports of
the hub that have devices attached. There is no intelligence to how a hub functions. A switch is a
vast improvement over a hub in terms of intelligence, for many reasons. The most important of
those reasons is how the bridge forwarding table works. Intelligent (smart) switches have made
hubs obsolete because they can do more at the same cost of a dumb hub. For this reason, hubs
are rarely used or sold any longer.

v What is a VLAN? What is an ELAN? What is the difference?

Short for virtual LAN, a network of computers that behave as if they are connected to the same
wire even though they may actually be physically located on different segments of a LAN.
VLANs are configured through software rather than hardware, which makes them extremely
flexible. One of the biggest advantages of VLANs is that when a computer is physically moved
to another location, it can stay on the same VLAN without any hardware reconfiguration.
A VLAN is a logical local area network (or LAN) that extends beyond a single traditional LAN
to a group of LAN segments, given specific configurations. Because a VLAN is a logical entity,
its creation and configuration is done completely in software.
VLAN Virtual Local Area Network
ELAN Emulated Local Area Network
Difference between these two are as follows:Without going into the mechanics of ELANs and how they are configured, an ELAN (Emulated
LAN) connects VLANs over a WAN.
A VLAN (Virtual LAN) is a grouping of ports on switches which is considered as one broadcast
domain. All the ports on a VLAN act as if they were all on the same wire. Therefore, broadcasts
are propagated across a VLAN ,and anything communication outside that VLAN must be routed
or bridged.
The ELAN is a mechanism used to link VLANs across a wide area network. ATM is a good
candidate for ELANs. With ELANs, you could have 2 VLANs at different
sites which are
linked together via an ELAN. The ELAN links the two VLANs
Together, forming one big broadcast domain. The advantage of ELANs over straight bridging is
that membership into ELANs is dynamic, and that multiple ELANs can be handled by one single
WAN link.
v Describe Ethernet packet contents: min./max. size, header.
Ethernet frame consists of:

7 bytes Preamble
1 byte SOF Delimiter
6 bytes DA
6 bytes SA
2 bytes Type\Length
46-1500 bytes Data \ 802.2 Header + Data
4 bytes FCS
Min amount of bytes is 72. Ethernet frame minimal size is 64 = 72 bytes of frame 7 bytes of
preamble 1 byte of SOF.
The ethernet frame size upper limit of 1500 bytes goes up to the history of DIX Ethernet
physical limit of memory size used in NICs because of its cost. Actually there is no strict
requirements by used algorythms or standarts.
Lower limit of frame size has the following reasons:
1. To make transmission error detection more easy smaller size of binary sequence leads to
lower reliability of error detection.
2. The most important reason: If frame size is less than 64 bytes (512 bits), host may finish
transmission before receiving noise signal and can think that frame transmitted successfully,
while another host sent collision notification.
For 10 Mbps rate min frame size should be at least 500 bits thats the only guarantee that
collision can be detected anywhere in the cable. For reliability min size was increased up to 512
(power of 2) and became 512 bits = 64 bytes.
the min size was to make sure that it contains enough ethernet headers.
the max size also has something to do with the data written in the headers.

v Describe TCP/IP and its protocols.

The TCP/IP suite of protocols is the set of protocols used to communicate across the internet. It
is also widely used on many organizational networks due to its flexibility and wide array of
functionality provided. Microsoft who had originally developed their own set of protocols now is
more widely using TCP/IP, at first for transport and now to support other services.
IP Internet Protocol. Except for ARP and RARP all protocols data packets will be packaged
into an IP data packet. IP provides the mechanism to use software to address and manage data
packets being sent to computers.
TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the
assembling of a message or file into smaller packets that are transmitted over the Internet and
received by a TCP layer that reassembles the packets into the original message. The lower layer,
Internet Protocol, handles the address part of each packet so that it gets to the right destination.
Each gateway computer on the network checks this address to see where to forward the message.

Even though some packets from the same message are routed differently than others, theyll be
reassembled at the destination.

TCP A reliable connection oriented protocol used to control the management of

application level services between computers. It is used for transport by some

UDP An unreliable connection less protocol used to control the management of

application level services between computers. It is used for transport by some
applications which must provide their own reliability.

Many Internet users are familiar with the even higher layer application protocols that use TCP/IP
to get to the Internet. These include the World Wide Webs Hypertext Transfer Protocol (HTTP),
the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and
the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged
together with TCP/IP as a suite.
v Describe ATM and what are its current advantages and disadvantages.
Describe SONET
ATM (asynchronous transfer mode) is a dedicated-connection switching technology that
organizes digital data into 53-byte cell units and transmits them over a physical medium using
digital signal technology. Individually, a cell is processed asynchronously relative to other related
cells and is queued before being multiplexed over the transmission path.
Because ATM is designed to be easily implemented by hardware (rather than software), faster
processing and switch speeds are possible. The prespecified bit rates are either 155.520 Mbps or
622.080 Mbps. Speeds on ATM networks can reach 10 Gbps. Along with Synchronous Optical
Network (SONET) and several other technologies, ATM is a key component of broadband ISDN
ATM also stands for automated teller machine, a machine that bank customers use to make
transactions without a human teller.
Advantages and Disadvantages of ATM

ATM Advantages

ATM supports voice, video and data allowing multimedia and mixed services over a

single network.

High evolution potential, works with existing, legacy technologies

Provides the best multiple service support

Supports delay close to that of dedicated services

Supports the broadest range of burstiness, delay tolerance and loss performance through
the implementation of multiple QoS classes

Provides the capability to support both connection-oriented and connectionless traffic

using AALs

Able to use all common physical transmission paths like SONET.

Cable can be twisted-pair, coaxial or fiber-optic

Ability to connect LAN to WAN

Legacy LAN emulation

Efficient bandwidth use by statistical multiplexing


Higher aggregate bandwidth

High speed Mbps and possibly Gbps

ATM disadvantages

Flexible to efficiencys expense, at present, for any one application it is usually possible
to find a more optimized technology

Cost, although it will decrease with time

New customer premises hardware and software are requiredCompetition from other
technologies -100 Mbps FDDI, 100 Mbps Ethernet and fast Ethernet

Presently the applications that can benefit from ATM such as multimedia are rareThe
wait, with all the promise of ATMs capabilities many details are still in the standards

What are the maximum distances for CAT5 cabling?

A good standard answer is 100 meters (300 feet) with patch cords,90 meters (270 feet) without patch
cords. That goes pretty much for everything up to and including CAT 7/Class Fa UTP.

Maximum cable lengh for ethernet depends on what kind of ethernet you are talking
about! Here are some details on the most popular kinds of ethernet. (UTP = unshielded
twisted pair)Gigabit Ethernet (over copper), 1000baseT
1000 Mbps
Max Len:
100 Meters
UTP, RJ-45 connectors
Fast Ethernet, 100baseT
Max Len:

100 Mbps
100 Meters
UTP, RJ-45 connectors

Twisted Pair Ethernet, 10baseT

Max Len:

10 Mbps
100 Meters
UTP, RJ-45 connectors

Thin Ethernet , 10 base 2

Max Len:

10 Mbps
185 Meters
RG-58 type coax, 50 ohm impedance

Thick Ethernet, 10 base 5

Max Len:

10 Mbps
500 Meters
RG-58 type coax, 50 ohm impedance

Describe UDP and TCP and the differences between the two.

TCP A reliable connection oriented protocol used to control the management of application
level services between computers. It is used for transport by some applications.
UDP An unreliable connection less protocol used to control the management of application
level services between computers. It is used for transport by some applications which must
provide their own reliability.

Describe what a broadcast storm is.

A state in which a message that has been broadcast across a network results in even more
responses, and each response results in still more responses in a snowball effect. A severe
broadcast storm can block all other network traffic, resulting in a network meltdown. Broadcast

storms can usually be prevented by carefully configuring a network to block illegal broadcast

Describe what a runt, a giant, and a late collision are and what causes each of them.

A runt is a packet that fails to meet the minimum size standard. Ussually below 64 bytes.
Occurs as a result of a collision.
A giant is a packet that exceeds the size standard for the medium ussually grater then 1518
bytes . Caused by malfunctioning equipment on your network.
Late collisions are packet collisions that occur after the window
for a network collision closes.

How do you distinguish a DNS problem from a network problem?

If youre able to ping but you are NOT able to ping , Then youre
having a DNS problem.
[If you are NOT able to ping EITHER, then there are network problems and you have NO
problems if you CAN ping BOTH]
You can then use nslookup to locate an alternate internal or external dns server that correctly
resolves to its ip address and configure your workstations NIC for this static dns
server until the problems with the DHCP assigned DNS server are fixed.
When u are able to ping the default gateway and the website address there is no problem in the
network and DNS
When u are able to ping the the gateway and the WEBsite IP, but not the WEBsite address then it
is a problem with the DNS
When u are not able to ping anything its network problem
v Describe the principle of multi-layer switching.
Multilayer switching is simply the combination of traditional Layer 2 switching with Layer 3
routing in a single product. Multilayer switching is new, and there is no industry standard yet on
nomenclature. Vendors, analysts, and editors dont agree about the specific meaning of terms
such as multilayer switch, Layer 2 router, Layer 3 switch, IP switch, routing switch, switching
router, and wirespeed router. The term multilayer switch seems to be the best and most widely
used description of this class of product that performs both Layer 3 routing and Layer 2
switching functions.
Multilayer switching is usually implemented through a fast hardware such as a higher-density
ASICs (Application-Specific Integrated Circuits), which allow real-time switching and

forwarding with wirespeed performance, and at lower cost than traditional software-based
routers built around general-purpose CPUs.
The following are some basic architecture approaches for the multiplayer switches:
Generic Cut-Through Routing:
In the multi-layer switching architecture Layer 3 routing calculations are done on the first packet
in a data flow. Following packets belonging to the same flow are switched at Layer 2 along the
same route. In other words, route calculation and frame forwarding are handled very differently
ATM-Based Cut-Through Routing:
This is a variation of generic cut-through routing which is based on ATM cells rather than
frames. ATM-based cut-through routing offers several advantages such as improved support of
LAN emulation and multi-vendor support in the form of the Multiprotocol Over ATM (MPOA)
standard. Products referred to as IP switches and tag switches generally fall into this category.
Layer 3 Learning Bridging CIn this architecture, routing is not provided. Instead, it uses IP
snooping techniques to learn the MAC/IP address relationships of endstations from true routers
that must exist elsewhere in the network. Then it redirects traffic away from the routers and
switches it based on its Layer 2 addresses.
Wirespeed Routing:
Wirespeed architecture routes every packet individually. It is often referred to as packet-bypacket Layer 3 switching. Using advanced ASICs to perform Layer 3 routing in hardware, it
implements dynamic routing protocols such as OSPF and RIP. In addition to basic IP routing, it
supports IP multicast routing, VLAN segregation, and multiple priority levels to assist in quality
of service.
Network Troubleshooting
v Explain how traceroute, ping, and tcpdump work and what they are used for?
Traceroute works by increasing the time-to-live value of each successive batch of packets sent.
The first three packets sent have a time-to-live (TTL) value of one (implying that they are not
forwarded by the next router and make only a single hop). The next three packets have a TTL
value of 2, and so on. When a packet passes through a host, normally the host decrements the
TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one
reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to
the sender. The traceroute utility uses these returning packets to produce a list of hosts that the
packets have traversed en route to the destination. The three timestamp values returned for each
host along the path are the delay (aka latency) values typically in milliseconds (ms) for each
packet in the batch. If a packet does not return within the expected timeout window, a star
(asterisk) is traditionally printed. Traceroute may not list the real hosts. It indicates that the first

host is at one hop, the second host at two hops, etc. IP does not guarantee that all the packets take
the same route. Also note that if the host at hop number N does not reply, the hop will be skipped
in the output.
It works by sending ICMP echo request packets to the target host and listening for ICMP echo
response replies. Ping estimates the round-trip time, generally in milliseconds, and records any
packet loss, and prints a statistical summary when finished.
traceroute and ping work on the ICMP protocol and are used for network connectivity testing.
but TCPDUMP is different its a NETWORK PACKET ANALYZER. tcpdump uses libpacp /
winpcap to capture data and uses it extensive protocol definitions build inside to analyze the
captured packets. Its mainly used to debug the protocol of the captured packet which in turn
reveals the network traffic charachterstics.

What is a metric?

Metrics is a property of a route in computer networking, consisting of any value used by routing
algorithms to determine whether one route should perform better than another (the route with the
lowest metric is the preferred route). The routing table stores only the best possible routes, while
link-state or topological databases may store all other information as well. For example, Routing
Information Protocol uses hopcount (number of hops) to determine the best possible route.
A Metric can include:

measuring link utilisation (using SNMP)

number of hops (hop count)

speed of the path

packet loss (router congestion/conditions)

latency (delay)

path reliability

path bandwidth

throughput [SNMP query routers]



What is a network management system?

A Network Management System (NMS) is a combination of hardware and software used to

monitor and administer a network
Effective planning for a network management system requires that a number of network
management tasks be folded in a single software solution. The network management system
should automate the processes of expense management auditing, asset lifecycle management,
inventory deployment tracking, cost allocation and invoice processing.

Describe how SNMP works.

The simple network management protocol (SNMP) use for monitoring of network-attached
devices for any conditions that warrant administrative attention. It is use to manage IP network
devices such as servers, routers, switches etc. Administrator can find or manage network
performance, solve problem or even optimize it further. It works at TCP/IP Application layer 5

Describe how WEP works and its strengths and weaknesses

As you probably already know Wired Equivalent Privacy (WEP) is used by companies to secure
their wireless connections from sniffing attacks. Youve probably also heard that its not very
secure. In the first part of this 2 part series Ill explain the inner workings of WEP and follow it
up next month with why its insecure.
Do i need WEP at all?
An authentic user, Bob uses his laptop to check his Gmail account everyday. He has a wireless
card in his laptop which automatically detects his ISPs wireless access point (WAP) just across
the street. Once hes connected to the WAP he can go ahead and check his Email. Alice is a
sneaky user who doesnt want to pay the ISP for access to the Internet. She however knows that
the ISP across the street has an access point which anyone can connect to and access the Internet.
She plugs in her laptop and is soon downloading music from the Internet. WEP was designed to
ensure that users authenticate themselves before using resources, to block out Alice, and allow
Bob. Lets see how it does this.
How WEP works
WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the
access point or wireless network card. As soon as the access point receives the packets sent by
the users network card it decrypts them.

Each byte of data will be encrypted using a different packet key. This ensures that if a hacker
does manage to crack this packet key the only information that is leaked is that which is
contained in that packet.
The actual encryption logic in RC4 is very simple. The plain text is XOR-ed with an infinitely
long keystream. The security of RC4 comes from the secrecy of the packet key thats derived
from the keystream.

Describe what a VPN is and how it works.

A VPN connection is the extension of a private network that includes links across shared or
public networks, such as the Internet. VPN connections (VPNs) enable organizations to send data
between two computers across the Internet in a manner that emulates the properties of a point-topoint private link.
Basically, a VPN is a private network that uses a public network (usually the Internet) to connect
remote sites or users together. Instead of using a dedicated, real-world connection such as leased
line, a VPN uses virtual connections routed through the Internet from the companys private
network to the remote site or employee.

Describe how VoIP works.
Voice over Internet Protocol (VoIP), is a technology that allows you to make voice calls using a
broadband Internet connection instead of a regular (or analog) phone line. Some VoIP services
may only allow you to call other people using the same service, but others may allow you to call
anyone who has a telephone number including local, long distance, mobile, and international
numbers. Also, while some VoIP services only work over your computer or a special VoIP phone,
other services allow you to use a traditional phone connected to a VoIP adapter.
Describe methods of QoS.
Quality of service is the ability to provide different priority to different applications, users, or
data flows, or to guarantee a certain level of performance to a data flow.
QOS is Quality of Service: A set of metrics used to measure the quality of transmission and
service available of any given transmission system
Are you familiar with IPv6? If so, what are the major differences between IPv4 and IPv6?
IPv6 is based on IPv4, it is an evolution of IPv4. So many things that we find with IPv6 are
familiar to us. The main differences are:

1.Simplified header format. IPv6 has a fixed length header, which does not include most of the
options an IPv4 header can include. Even though the IPv6 header contains two 128 bit addresses
(source and destination IP address) the whole header has a fixed length of 40 bytes only. This
allows for faster processing.
Options are dealt with in extension headers, which are only inserted after the IPv6 header if
needed. So for instance if a packet needs to be fragmented, the fragmentation header is inserted
after the IPv6 header. The basic set of extension headers is defined in RFC 2460.
2.Address extended to 128 bits. This allows for hierarchical structure of the address space and
provides enough addresses for almost every grain of sand on the earth. Important for security
and new services/devices that will need multiple IP addresses and/or permanent connectivity.
3.A lot of the new IPv6 functionality is built into ICMPv6 such as Neighbor Discovery,
Autoconfiguration, Multicast Listener Discovery, Path MTU Discovery.
4.Enhanced Security and QoS Features.
IPv4 means Internet Protocol version 4, whereas IPv6 means Internet Protocol version 6.
IPv4 is 32 bits IP address that we use commonly, it can be, or other 32 bits
IP addresses. IPv4 can support up to 232 addresses, however the 32 bits IPv4 addresses are
finishing to be used in near future, so IPv6 is developed as a replacement.
IPv6 is 128 bits, can support up to 2128 addresses to fulfill future needs with better security and
network related features. Here are some examples of IPv6 address:
What authentication, authorization ad accounting (AAA) mechanisms are you familiar
with? Which ones have you implemented??
RADIUS Server (Remote Access Dialin User Service)
MS IAS (Internet Authenticaion Service)