Master the TCP/IP Stack: 10 Essential Interview Questions Explained

This article compiles ten must‑know TCP/IP interview questions, covering essential fundamentals for programmers.

1. TCP/IP Model

The TCP/IP protocol model forms the foundation of the Internet, consisting of four layers: link, network, transport, and application. It maps to the OSI model and defines how data is encapsulated and decapsulated as it traverses the stack.

The topmost application layer includes protocols such as HTTP and FTP. The transport layer hosts TCP and UDP. The network layer contains IP, responsible for addressing and routing. The data‑link layer adds Ethernet headers and performs CRC encoding.

2. Data Link Layer

The physical layer converts binary streams to electrical signals or light pulses, while the data‑link layer frames the bit sequence, assigns MAC addresses, and ensures reliable transmission through error detection (CRC) and optional reliability mechanisms.

Encapsulation into frames with source and destination MAC addresses.

Transparent transmission with bit stuffing and escape characters.

Reliability (rarely used on low‑error links, more common on wireless).

CRC error detection; corrupted frames are discarded.

3. Network Layer

1. IP Protocol

IP is the core of the TCP/IP suite; it carries TCP, UDP, ICMP, and IGMP payloads. IP is unreliable—it does not guarantee delivery, leaving reliability to upper‑layer protocols.

1.1 IP Address

IP addresses are 32‑bit identifiers divided into network and host portions, enabling routers to aggregate routes and reduce routing table size. Classes A, B, and C define address ranges.

1.2 IP Header

The TTL field (8 bits) limits a packet’s lifespan; each router decrements TTL, and the packet is discarded when TTL reaches zero, typically after 32‑64 hops.

2. ARP and RARP

ARP resolves an IP address to a MAC address by broadcasting a request; the host owning the IP replies with its MAC. RARP performs the reverse operation.

3. ICMP

ICMP provides network‑level error reporting (e.g., host unreachable) and is used by tools like ping.

4. Ping

Ping uses ICMP echo request/reply messages to test reachability and measure round‑trip time, displaying TTL and latency information.

5. Traceroute

Traceroute discovers the path to a destination by sending UDP packets with incrementally increasing TTL values, eliciting ICMP “time‑exceeded” messages from each hop.

6. TCP vs UDP

Both operate at the transport layer. TCP provides reliable, ordered, byte‑stream delivery with flow and congestion control. UDP offers connectionless, best‑effort delivery of discrete datagrams, suitable for low‑latency applications.

When to use TCP?

When reliable delivery is required, such as HTTP, FTP, email protocols, etc.

When to use UDP?

When speed is prioritized over reliability, e.g., DNS queries, video streaming, online gaming.

7. DNS

Domain Name System maps human‑readable hostnames to IP addresses. DNS operates over UDP port 53.

8. TCP Connection Establishment and Termination

Three‑Way Handshake

Client sends SYN, server replies with SYN‑ACK, client responds with ACK, establishing a reliable connection.

Four‑Way Handshake

Finishing a TCP session requires four steps: FIN from the initiator, ACK, FIN from the responder, and final ACK, followed by a TIME_WAIT period to ensure all packets are cleared.

9. TCP Flow Control

Flow control prevents the sender from overwhelming the receiver by using a sliding window; the receiver advertises its available buffer size (rwnd) to the sender.

10. TCP Congestion Control

Slow Start and Congestion Avoidance

TCP starts with a congestion window (cwnd) of one MSS and doubles each round‑trip time (RTT) until a loss is detected, then switches to congestion avoidance, increasing cwnd linearly.

Fast Retransmit and Fast Recovery

Upon receiving three duplicate ACKs, the sender immediately retransmits the missing segment (fast retransmit) and reduces ssthresh, then continues with congestion avoidance (fast recovery) without resetting cwnd to one.