Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
What Are TCP and UDP?
What Are TCP and UDP?
TCP and UDP are two of the most fundamental protocols in networking. Yet, most explanations stop at “one is reliable, the other is fast.” After spending time truly understanding them — how they work, when to use them, how they behave under attack — I decided to share what I’ve learned in depth.
This post isn’t just theory. It includes hands-on practice plans, real-world examples, and security perspectives. If you’re building networked systems, apps, or just learning cybersecurity, this is for you.
What is TCP? (Transmission Control Protocol)
Definition
TCP is a connection-oriented, reliable, and ordered transport protocol. It ensures that data sent between two systems arrives completely, in order, and without duplication.
You’re using TCP every time you load a web page, send an email, or SSH into a server. It’s the backbone of most reliable internet communication.
Connection Process: 3-Way Handshake
Before any data transfer, TCP establishes a session between client and server:
- SYN: Client requests a connection
- SYN-ACK: Server acknowledges the request
- ACK: Client confirms and connection is established
Client Server
|------ SYN -------->|
|<----- SYN+ACK -----|
|------ ACK -------->|
Key Features of TCP
- Reliability: Lost packets are retransmitted
- Ordering: Packets arrive in the order they were sent
- Flow Control: Sender respects receiver’s capacity (sliding window)
- Congestion Control: Adapts to network conditions to avoid overload
- Error Checking: Built-in checksum to detect corrupted data
TCP Segment Structure (Header)
| Field | Description |
|---|---|
| Source/Dest Port | Identifies endpoints |
| Sequence Number | Tracks the order of packets |
| ACK Number | Confirms received packets |
| Flags | SYN, ACK, FIN, RST |
| Window Size | Buffer capacity info |
| Checksum | Error detection |
What is UDP? (User Datagram Protocol)
Definition
UDP is a connectionless, unreliable, but very fast transport protocol. It sends packets (datagrams) without establishing a connection and without guaranteeing delivery, order, or integrity.
It follows a fire-and-forget model. No acknowledgments, no retries — just raw speed.
Key Features of UDP
- No connection: Just send and go
- Minimal overhead: Very small headers (8 bytes)
- No retransmission or ordering
- Perfect for real-time data where speed matters more than perfection
Used in things like DNS, VoIP, video streaming, multiplayer gaming.
UDP Header Fields
- Source Port
- Destination Port
- Length
- Checksum (optional)
TCP vs UDP – Technical Comparison
| Feature | TCP | UDP |
|---|---|---|
| Connection | Yes (3-way handshake) | No |
| Reliability | Yes | No |
| Packet Ordering | Yes | No |
| Error Checking | Robust | Basic or none |
| Flow/Congestion Ctrl | Yes | No |
| Speed | Slower | Faster |
| Typical Usage | Web, SSH, Email | DNS, VoIP, Online Games |
When Should You Use TCP vs UDP?
Use TCP When:
- You need reliable communication (e.g., file transfer, web requests)
- Packet order and delivery must be guaranteed
- Applications like SSH, HTTPS, FTP
Use UDP When:
- Speed is critical (e.g., voice/video)
- Real-time communication with some loss is acceptable
- You need broadcast or multicast
- Applications like DNS, VoIP, online games, IPTV
TCP and UDP from a Security Perspective
TCP Security Risks
- SYN Flood: Overwhelms server with incomplete connections
- TCP Hijacking: Intercepts session and injects data
- RST Injection: Forces connections to close
UDP Security Risks
- UDP Flooding: Saturates bandwidth with fake requests
- Spoofing: Easily forged source IP addresses
- Amplification Attacks: Especially via DNS due to lack of session tracking
My Practice Plan to Master TCP & UDP
Now that I’ve learned the theory, I’m building a hands-on practice routine to solidify everything:
- Capture TCP/UDP packets with Wireshark
Analyze how TCP does sequencing, retransmission, and how UDP just pushes data out raw. - Simulate connections using Netcat
Usencto test TCP and UDP ports, send manual packets, and observe differences. - Write TCP/UDP servers in Python
- TCP:
import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(('0.0.0.0', 1234)) s.listen(1) conn, addr = s.accept() data = conn.recv(1024) print("TCP received:", data.decode())
UDP:import socket s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.bind(('0.0.0.0', 1234)) data, addr = s.recvfrom(1024) print("UDP received:", data.decode()) - Test DNS traffic
Usingdigandnslookup, observe how UDP handles DNS and when it falls back to TCP. - Analyze simple DoS attacks in test environments
Study how SYN flood affects TCP servers, and how UDP services can be abused in flood/amplification attacks.
In Summary: Reliability vs Speed
- TCP gives you reliability, ordering, and control — perfect for critical communication.
- UDP gives you raw speed and low latency — ideal for real-time apps where “close enough” is good enough.
Neither is better in every case. Use the right tool for the job.