TCP vs UDP

This blog post discusses the differences between Transmission Control Protocol and User Datagram Protocol.

TCP vs UDP

TCP

TCP stands for Transmission Control Protocol. In a TCP connection, before any data is sent, a three way handshake happens between the client and the server. The completion of this three way handshake indicates that the TCP connection has been established.

The Three-Way Handshake

The TCP Three-Way Handshake establishes the connection between the client and the server.

  • The client first sends a packet to the server with a SYN flag.
  • If the server is open to accepting requests, it will respond with a packet with SYN - ACK flag. The ACK flag is used to acknowledge the earlier packet was received by the server.
  • Now, the client sends a ACK flag back to the server, and as they both have acknowledged the packets, they create a connection which will begin the actual data transfer process.
  • A FIN flag is sent to end the connection.

Note:

  • SYN - Synchronize ; used to initiate a connection
  • ACK - Acknowledgement ; used to acknowledge or confirm that the previous message was received
  • FIN - Finish ; used to terminate the connection

Pros

  • Every packet you send will get delivered and you'll get an acknowledgement that it has been received
  • It is connection based
  • The packets are ordered
  • Congestion control ; it controls the traffic, allows only a few packets at a time so that packets are sent only when the network can handle it

Cons

  • The packets are larger and as a result usually it requires more bandwidth
  • It is slower than UDP
  • It is stateful and having too many connections can occupy the server's memory and might DoS (Denial of Service) it

Demo

Before we do this, I recommend you to spin up Wireshark and observe the packet flow. You can set a filter to look for TCP connection to 0.0.0.0 on port 4444. To do this, open Wireshark, choose your loopback interface, and then in the filter, type tcp.port == 4444 and start the packet capture.

Wireshark TCP Packet Capture
# start a netcat listener, -l means listen
nc -l 0.0.0.0 4444
# open another terminal and connect to it via netcat
nc 0.0.0.0 4444
# send any message and you will see it in your listener as well
tcp message
# go to your listener terminal and send a reply
tcp reply 
<CTRL+C> # end the connection 

You should see the above listing as soon as you establish a TCP connection there. The first 2 lines indicate three-way handshake.  

When, you close the connection, you should see a packet with a FIN flag.

If you right click it any of the packets there and hit Follow > TCP Stream you should be able to see the messages there.

TCP Stream

Now, you can stop the packet capture or play around with it futher if you want to.

UDP

UDP stands for User Datagram Protocol. In UDP, packets are sent without previously establishing a connection. The packet may or may not reach the other party. This is why, UDP is often referred to as unreliable. However, nowadays, usually the packet loss isn't as high as it used to be back in the day. And that's why we are seeing the rise of protocols such as QUIC.

Pros

  • It has smaller packets as there's no extra headers like in TCP and because of that, the bandwidth required is usually less
  • It is usually faster than TCP
  • It is stateless

Cons

  • There is no acknowledgement that a packet has been delivered, all we know if that we have sent it, it may or may not reach the other party
  • It is connectionless
  • There is no congestion control
  • The packets aren't usually ordered

Demo

Again, before we do this, I recommend you to spin up Wireshark and observe the packet flow. You can set a filter to look for UDP connection to 0.0.0.0 on port 4444. To do this, open Wireshark, choose your loopback interface and in the filter, type udp.port == 4444 and start the packet capture.

# start a netcat listener, -u means, udp and -l means, listen  
nc -ul 0.0.0.0 4444
# open another terminal and connect to it via netcat
nc 0.0.0.0 4444
# send any message and you will see it in your listener as well
tcp message
# go to your listener terminal and send a reply
tcp response 
<CTRL+C> # end the connection 

Notice that when you "connect" to the UDP server, via your netcat client, no packet has been sent.

No Packet Sent when "connected" to UDP server

Now, try sending a message. And you should see one packet being sent.

One Message, One Packet, No Handshake

When you send a reply from the server, you should see another packet being sent.

Two Messages, Two Packets

Also, when you close the "connection" no packet is being sent to the server.

If you right click any of the two packets there and hit Follow > UDP Stream, you should see the messages that were sent.

That's all, now you know the difference between a TCP connection and a UDP connection. Play around with it and let me know if you have any doubts!