Understanding TCP vs UDP: A Detailed Comparison

Sithranjan SureshSithranjan Suresh
5 min read

When you use the internet—whether you’re watching YouTube, sending a message, or just refreshing Google—your data is traveling. But how does it know where to go, how to get there, and what to do once it arrives?

The answer lies in a set of rules and structures called the OSI model, and today, we’re diving into Layer 4: The Transport Layer.

This is where two important players come in: TCP and UDP. By the end of this post, you’ll know what these are, how they work, and why they matter—especially if you’re learning cybersecurity or ethical hacking.

A Quick Refresher: What is the OSI Model?

The OSI Model (Open Systems Interconnection model) is a framework used to understand how different parts of a network communicate. It’s made up of seven layers, each with a specific job.

Layer 4 – The Transport Layer is responsible for delivering data from one computer to another reliably and efficiently.

At this layer, we find two protocols that do most of the work: TCP and UDP.

Meet TCP and UDP

Let’s break down what these two do and how they’re different.

TCP (Transmission Control Protocol)

  • Type: Connection-oriented

  • Purpose: Makes sure data gets delivered completely and in the right order

  • Reliability: Very reliable

  • Used For:

    • Loading websites (HTTP, HTTPS)

    • Secure connections (SSH)

    • File transfers (FTP)

Think of TCP like mailing a registered letter—the sender and receiver both sign off at each step, and if anything gets lost, it’s sent again.

UDP (User Datagram Protocol)

  • Type: Connectionless

  • Purpose: Sends data without checking if it arrived

  • Reliability: Less reliable, but faster

  • Used For:

    • Video and audio streaming

    • Online games

    • DNS (Domain Name System)

    • VoIP (Voice calls over the internet)

UDP is like dropping a note in someone’s mailbox—you send it and move on, hoping it gets there. No tracking, no checking.

So Which One Should Be Used?

  • Use TCP when you need accuracy and data integrity.

    • Examples: loading a webpage, logging into a server, downloading files.

  • Use UDP when you need speed and can handle a few missed packets.

    • Examples: video calls, live streams, or gaming where speed matters more than perfection.

How TCP Establishes a Connection – The 3-Way Handshake

Before two computers can communicate using TCP, they need to form a connection. This happens through a process called the Three-Way Handshake:

  1. SYN – The client says, “Hey, I want to talk!”

  2. SYN-ACK – The server replies, “I hear you. Let’s talk.”

  3. ACK – The client confirms, “Great, I’m ready!”

Real-Life Analogy:

Imagine knocking on your neighbor’s door.

  • You knock (SYN).

  • They wave back and say hello (SYN-ACK).

  • You say “Hi, how are you?” and start the chat (ACK).

Once this handshake happens, the connection is established, and data can safely travel between the devices.

Ports – Where Data Arrives

Every service on a computer uses a port number. Think of ports like apartment numbers in a building. The building is your computer, and each port routes traffic to the right service.

Here are some common examples:

  • Port 80 → HTTP (web browsing)

  • Port 443 → HTTPS (secure web browsing)

  • Port 22 → SSH (secure shell access)

  • Port 53 → DNS (domain name resolution)

There are 65,535 ports in total, and TCP/UDP services can use any of them.

Why TCP and UDP Matter for Cybersecurity

If you’re getting into cybersecurity or penetration testing, understanding these protocols is crucial. Why?

Because when you're scanning a system or a network:

  • You’ll often look for open TCP and UDP ports.

  • Each open port could mean a service running that can be investigated or exploited.

  • Most scanning tools (like Nmap) will check TCP by default because it’s more common.

Later, you’ll learn about stealth scanning, which plays with the TCP handshake to check for open ports without alerting the system being scanned.

Seeing TCP in Action with Wireshark

Want to see all this live? Here's how it looks using a tool called Wireshark:

  1. Open Wireshark on your system (commonly installed on Kali Linux).

  2. Start a packet capture.

  3. Open your browser and refresh a website like Google.

  4. Stop the capture.

You’ll see a flood of traffic! Look for these:

  • SYN packets from your computer to the server.

  • SYN-ACK responses from the server.

  • ACK packets from your system.

This is the 3-way handshake happening in real time!

Summary – Everything You Need to Know

FeatureTCPUDP
Connection TypeConnection-orientedConnectionless
ReliabilityHigh – guarantees delivery & orderLow – no guarantee
SpeedSlower (more checks)Faster (less overhead)
Use CaseWeb pages, file transfers, secure loginsStreaming, gaming, voice calls
Handshake?Yes – uses 3-way handshakeNo handshake

Final Thoughts

As you continue learning about networking and security, keep TCP and UDP in the back of your mind. These protocols are like the language your devices use to talk to each other, and understanding them is key to everything from browsing safely to scanning systems like a pro.

Next up, we’ll dive deeper into network scanning and see how TCP and UDP play a role there.

Got questions? Leave a comment or message me—I’d love to help you out!

0
Subscribe to my newsletter

Read articles from Sithranjan Suresh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecurityTCPUDPportshacking

Written by

Sithranjan Suresh
Sithranjan Suresh

I’m Sithranjan, a high school senior with a passion for cybersecurity, system administration, and leading teams to tackle real-world challenges. As co-captain of my school’s CyberPatriot team, I’ve led our group through national cybersecurity defense competitions, focusing on system hardening, vulnerability mitigation, and strategic planning. I’m committed to enhancing my technical expertise in ethical hacking and cybersecurity, while mentoring others and driving team success. Alongside my work in cybersecurity, I’m exploring the intersection of technology, leadership, and innovation. Whether it’s through competitions, courses, or personal projects, I’m constantly pushing myself to grow and develop the skills needed to build secure systems and lead with impact. Let’s connect, share knowledge, and work toward a safer, more secure digital future.