TCP stands for Transmission Control Protocol. In a TCP connection, before any data is sent, a three way handshake happens between the client and the server. The completion of this three way handshake indicates that the TCP connection has been established.
The Three-Way Handshake
The TCP Three-Way Handshake establishes the connection between the client and the server.
- The client first sends a packet to the server with a SYN flag.
- If the server is open to accepting requests, it will respond with a packet with SYN - ACK flag. The ACK flag is used to acknowledge the earlier packet was received by the server.
- Now, the client sends a ACK flag back to the server, and as they both have acknowledged the packets, they create a connection which will begin the actual data transfer process.
- A FIN flag is sent to end the connection.
- SYN - Synchronize ; used to initiate a connection
- ACK - Acknowledgement ; used to acknowledge or confirm that the previous message was received
- FIN - Finish ; used to terminate the connection
- Every packet you send will get delivered and you'll get an acknowledgement that it has been received
- It is connection based
- The packets are ordered
- Congestion control ; it controls the traffic, allows only a few packets at a time so that packets are sent only when the network can handle it
- The packets are larger and as a result usually it requires more bandwidth
- It is slower than UDP
- It is stateful and having too many connections can occupy the server's memory and might DoS (Denial of Service) it
Before we do this, I recommend you to spin up Wireshark and observe the packet flow. You can set a filter to look for TCP connection to 0.0.0.0 on port 4444. To do this, open Wireshark, choose your loopback interface, and then in the filter, type
tcp.port == 4444 and start the packet capture.
# start a netcat listener, -l means listen nc -l 0.0.0.0 4444 # open another terminal and connect to it via netcat nc 0.0.0.0 4444 # send any message and you will see it in your listener as well tcp message # go to your listener terminal and send a reply tcp reply <CTRL+C> # end the connection
You should see the above listing as soon as you establish a TCP connection there. The first 2 lines indicate three-way handshake.
When, you close the connection, you should see a packet with a FIN flag.
If you right click it any of the packets there and hit Follow > TCP Stream you should be able to see the messages there.
Now, you can stop the packet capture or play around with it futher if you want to.
UDP stands for User Datagram Protocol. In UDP, packets are sent without previously establishing a connection. The packet may or may not reach the other party. This is why, UDP is often referred to as unreliable. However, nowadays, usually the packet loss isn't as high as it used to be back in the day. And that's why we are seeing the rise of protocols such as QUIC.
- It has smaller packets as there's no extra headers like in TCP and because of that, the bandwidth required is usually less
- It is usually faster than TCP
- It is stateless
- There is no acknowledgement that a packet has been delivered, all we know if that we have sent it, it may or may not reach the other party
- It is connectionless
- There is no congestion control
- The packets aren't usually ordered
Again, before we do this, I recommend you to spin up Wireshark and observe the packet flow. You can set a filter to look for UDP connection to 0.0.0.0 on port 4444. To do this, open Wireshark, choose your loopback interface and in the filter, type
udp.port == 4444 and start the packet capture.
# start a netcat listener, -u means, udp and -l means, listen nc -ul 0.0.0.0 4444 # open another terminal and connect to it via netcat nc 0.0.0.0 4444 # send any message and you will see it in your listener as well tcp message # go to your listener terminal and send a reply tcp response <CTRL+C> # end the connection
Notice that when you "connect" to the UDP server, via your netcat client, no packet has been sent.
Now, try sending a message. And you should see one packet being sent.
When you send a reply from the server, you should see another packet being sent.
Also, when you close the "connection" no packet is being sent to the server.
If you right click any of the two packets there and hit Follow > UDP Stream, you should see the messages that were sent.
That's all, now you know the difference between a TCP connection and a UDP connection. Play around with it and let me know if you have any doubts!