10 cards, each one idea: what it is, a worked example, and the trap to dodge.
OSI vs TCP/IP model?
OSI is a 7-layer teaching model: physical, data link, network, transport, session, presentation, application. TCP/IP is the practical 4-layer stack: link, internet, transport, application. Map them: OSI's top three collapse into TCP/IP's application layer.
Ethernet at data link, IP at network, TCP at transport, HTTP at application.
Trap: Interviewers ask for a protocol AT a layer; have one ready for each.
TCP vs UDP?
TCP is connection-oriented: handshake first, then reliable, ordered, error-checked delivery with flow and congestion control. UDP is connectionless: it just sends datagrams, no ordering or delivery guarantee, which makes it faster and lighter.
TCP: web pages, email, file transfer. UDP: video calls, gaming, DNS queries.
Trap: Why does DNS use UDP? Tiny request-response, retry is cheaper than a handshake. Zone transfers use TCP.
The 3-way handshake?
Client sends SYN with its sequence number. Server replies SYN-ACK, acknowledging and sending its own. Client sends ACK. Both sides now agree on sequence numbers and the connection is established.
Trap: Follow-up: why not 2 packets? The server needs proof the client received ITS sequence number too.
What happens when you type a URL?
The browser checks caches, then resolves the name via DNS. It opens a TCP connection to the server's IP on port 443, negotiates TLS, and sends an HTTP request. The server responds, and the browser parses HTML, fetches assets, and renders. Say it in this order, offering depth at each step.
Trap: This is THE question. Interviewers pick one step and dig; know DNS and TLS one level deeper than the rest.
HTTP, HTTPS and status codes?
HTTP is the stateless request-response protocol of the web; HTTPS is HTTP inside a TLS tunnel, giving encryption, integrity and server authentication. Status classes: 2xx success, 3xx redirection, 4xx client errors, 5xx server errors.
200 OK, 301 moved permanently, 404 not found, 401 vs 403, 500 internal error.
Trap: 401 means unauthenticated, 403 means authenticated but forbidden; swapping them is a classic slip.
How does DNS work?
DNS translates names to IP addresses. The resolver checks local cache, then asks a recursive resolver, which walks root, TLD and authoritative servers, caches the answer per its TTL, and returns the IP.
Record types worth naming: A, AAAA, CNAME, MX, NS.
IP addressing, subnets, NAT?
An IPv4 address is 32 bits, split by a subnet mask into network and host parts; subnetting slices a network into smaller ones. NAT lets many private addresses share one public IP by rewriting addresses and ports at the router, which is how home networks work and how IPv4 survived so long.
192.168.1.0/24 has 254 usable host addresses.
Trap: Expect: why /24 gives 254 hosts, not 256? Network and broadcast addresses are reserved.
ARP, DHCP, ICMP?
ARP maps an IP address to a MAC address on the local network. DHCP hands devices their IP configuration automatically (address, mask, gateway, DNS). ICMP carries network diagnostics and errors; ping and traceroute are built on it.
DHCP's DORA flow: Discover, Offer, Request, Acknowledge.
Router vs switch vs hub?
A hub blindly repeats bits to every port (layer 1). A switch learns MAC addresses and forwards frames only to the right port (layer 2). A router connects different networks and forwards packets by IP (layer 3).
Trap: Follow-up: which one splits collision domains? The switch. Broadcast domains? The router.
TLS and firewalls in one minute?
TLS gives an encrypted channel: certificate-based server authentication, key exchange, then symmetric encryption of traffic. A firewall filters traffic by rules on ports, addresses and protocols; stateful firewalls track connections and only admit expected replies.
The padlock in the browser means the certificate chain validated and the channel is encrypted.