1.4 TCP vs. UDP
Key Takeaways
- TCP is connection-oriented with a three-way handshake (SYN, SYN-ACK, ACK).
- UDP is connectionless with no handshake, acknowledgments, or retransmission.
- TCP provides reliable, ordered delivery; UDP provides best-effort, faster delivery.
- TCP uses flow control (windowing) and congestion control; UDP does not.
- Common TCP ports: HTTP (80), HTTPS (443), SSH (22), FTP (20/21), Telnet (23), SMTP (25).
TCP vs. UDP
The Transport Layer (Layer 4) of the OSI model provides end-to-end communication between applications. The two primary transport protocols are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). Understanding their differences is critical for the CCNA exam.
TCP (Transmission Control Protocol)
TCP is a connection-oriented protocol that provides reliable, ordered delivery of data. Before any data is sent, TCP establishes a connection using a three-way handshake.
The TCP Three-Way Handshake
The handshake establishes a connection between two hosts:
- SYN — Client sends a SYN (synchronize) segment to the server
- SYN-ACK — Server responds with SYN-ACK (synchronize-acknowledge)
- ACK — Client sends a final ACK (acknowledge) to complete the connection
After the three-way handshake, data transfer begins. When communication is complete, a four-way teardown (FIN, ACK, FIN, ACK) closes the connection.
TCP Reliability Mechanisms
| Mechanism | Function |
|---|---|
| Acknowledgments (ACKs) | Receiver confirms receipt of data segments |
| Sequence numbers | Each byte is numbered, enabling ordered reassembly |
| Retransmission | Unacknowledged segments are resent after a timeout |
| Windowing (flow control) | Receiver advertises how much data it can accept |
| Checksum | Detects data corruption in transit |
| Congestion control | Adjusts sending rate to avoid network congestion |
TCP Windowing
Windowing is TCP's flow control mechanism. The receiver advertises a window size indicating how many bytes it can accept before requiring an acknowledgment.
- Small window → slower but more reliable on lossy links
- Large window → faster throughput on reliable links
- Window size adjusts dynamically based on network conditions
TCP Header
The TCP header is 20 bytes minimum (without options) and includes:
- Source port (16 bits)
- Destination port (16 bits)
- Sequence number (32 bits)
- Acknowledgment number (32 bits)
- Flags: SYN, ACK, FIN, RST, PSH, URG
- Window size (16 bits)
- Checksum (16 bits)
UDP (User Datagram Protocol)
UDP is a connectionless protocol that provides best-effort delivery with minimal overhead. There is no handshake, no acknowledgments, and no retransmission.
UDP Characteristics
| Characteristic | Detail |
|---|---|
| Connection | Connectionless (no handshake) |
| Reliability | Best-effort (no guaranteed delivery) |
| Ordering | No sequence numbers (no ordered delivery) |
| Flow control | None |
| Overhead | 8-byte header (minimal) |
| Speed | Faster than TCP (less processing) |
| Retransmission | None (if a packet is lost, it's lost) |
UDP Header
The UDP header is only 8 bytes:
- Source port (16 bits)
- Destination port (16 bits)
- Length (16 bits)
- Checksum (16 bits)
TCP vs. UDP Comparison
| Feature | TCP | UDP |
|---|---|---|
| Connection type | Connection-oriented | Connectionless |
| Reliability | Guaranteed delivery | Best-effort delivery |
| Ordering | Ordered (sequence numbers) | Unordered |
| Handshake | Three-way handshake | None |
| Flow control | Windowing | None |
| Congestion control | Yes | No |
| Header size | 20+ bytes | 8 bytes |
| Speed | Slower (more overhead) | Faster (less overhead) |
| Retransmission | Yes (automatic) | No |
| Use cases | Web, email, file transfer | Streaming, VoIP, DNS lookups, gaming |
Common Port Numbers
Well-Known TCP Ports
| Port | Protocol | Description |
|---|---|---|
| 20 | FTP Data | File Transfer Protocol data channel |
| 21 | FTP Control | File Transfer Protocol control channel |
| 22 | SSH | Secure Shell (encrypted remote access) |
| 23 | Telnet | Unencrypted remote access (avoid) |
| 25 | SMTP | Simple Mail Transfer Protocol (email sending) |
| 53 | DNS | Domain Name System (also uses UDP) |
| 80 | HTTP | Hypertext Transfer Protocol |
| 110 | POP3 | Post Office Protocol v3 |
| 143 | IMAP | Internet Message Access Protocol |
| 443 | HTTPS | HTTP Secure (TLS/SSL encrypted) |
| 993 | IMAPS | IMAP over TLS |
| 995 | POP3S | POP3 over TLS |
Well-Known UDP Ports
| Port | Protocol | Description |
|---|---|---|
| 53 | DNS | Domain Name System (queries) |
| 67 | DHCP Server | Dynamic Host Configuration Protocol |
| 68 | DHCP Client | DHCP client port |
| 69 | TFTP | Trivial File Transfer Protocol |
| 123 | NTP | Network Time Protocol |
| 161 | SNMP | Simple Network Management Protocol |
| 162 | SNMP Trap | SNMP notifications |
| 514 | Syslog | System logging |
Protocols Using Both TCP and UDP
| Port | Protocol | Why Both? |
|---|---|---|
| 53 | DNS | UDP for standard queries; TCP for zone transfers and large responses |
On the Exam: Memorize the common port numbers listed above. Questions like "Which port does HTTPS use?" or "Which transport protocol does TFTP use?" are among the easiest points on the exam.
When to Use TCP vs. UDP
Use TCP when:
- Data integrity is critical (file transfers, web browsing, email)
- You need guaranteed, ordered delivery
- The application cannot handle missing data
Use UDP when:
- Speed is more important than reliability (real-time voice/video)
- Small, quick requests (DNS lookups, NTP queries)
- The application handles its own error correction
- Multicast or broadcast communication is needed (DHCP)
- A lost packet is better than a delayed packet (VoIP, gaming)
What are the three steps of the TCP three-way handshake in the correct order?
Which port number is used by HTTPS?
Which transport protocol would be most appropriate for real-time voice communication (VoIP)?