Back to 1.0 Network Fundamentals

1.4 TCP vs. UDP

Layer 4 focuses on how data is delivered. This module contrasts the strict, reliable delivery of Transmission Control Protocol with the fast, reckless delivery of User Datagram Protocol.

Head-to-Head Comparison

FeatureTCP (Transmission Control Protocol)UDP (User Datagram Protocol)
Connection TypeConnection-Oriented (Requires Handshake)Connectionless (Fire-and-Forget)
ReliabilityHigh (Guaranteed Delivery)None (Best Effort)
SequencingYes (Reassembles packets in order)No (Arrives in any order)
Flow ControlYes (Windowing prevents overwhelming receiver)No (Sends as fast as possible)
Overhead / SpeedHigh Overhead / SlowerLow Overhead / Extremely Fast
Primary Use CasesWeb browsing, Emails, File transfers (HTTP, HTTPS, FTP, SSH)Voice over IP (VoIP), Video Streaming, DNS lookups
MSP Perspective: Why VoIP uses UDP

If a packet drops during a VoIP phone call, you want the conversation to keep moving forward (you might hear a slight skip in the audio). If VoIP used TCP, the protocol would halt the entire conversation to go back and retrieve the missing packet, causing massive lag and robotic audio. UDP's "recklessness" is actually a feature for real-time traffic.

Deep Dive: TCP Mechanics

Session Establishment

The 3-Way Handshake

Before TCP sends a single byte of data, it establishes a session. The client sends a SYN (Synchronize). The server replies with SYN-ACK (Synchronize-Acknowledge). The client confirms with an ACK (Acknowledge). Only then does data flow.

Dynamic Throttling

Windowing (Flow Control)

TCP dynamically adjusts how much data it sends before requiring an acknowledgement. If the network is healthy, the 'Window Size' increases, sending more packets at once. If packets drop, the window shrinks to prevent overwhelming the link.

Error Recovery

Sequencing & Acknowledgement

Every TCP segment is assigned a sequence number. When the receiver gets segments 1, 2, and 4, it uses the sequence numbers to reorder them, realizes segment 3 is missing, and explicitly asks the sender to retransmit segment 3.

Essential Layer 4 Ports

You must memorize these for the CCNA exam. In the real world, you will use these daily when building Access Control Lists (ACLs) or configuring NAT Port Forwarding rules on a client's firewall.

20 / 21TCP

FTP

File Transfer Protocol. Port 20 is for data, 21 is for control.

22TCP

SSH

Secure Shell. Encrypted CLI access to routers, switches, and Linux servers.

23TCP

Telnet

Insecure CLI access. Everything is sent in plaintext. Never use on the internet.

25TCP

SMTP

Simple Mail Transfer Protocol. Used for sending emails between servers.

53UDP / TCP

DNS

Domain Name System. Uses UDP for fast client queries. Uses TCP for zone transfers between servers.

67 / 68UDP

DHCP

Dynamic Host Configuration Protocol. 67 is the Server port, 68 is the Client port.

80 / 443TCP

HTTP / HTTPS

Unencrypted and encrypted web traffic.

161 / 162UDP

SNMP

Simple Network Management Protocol. Used by network monitoring tools (like PRTG or LogicMonitor).

3389TCP

RDP

Remote Desktop Protocol. Heavily targeted by ransomware. Never expose this directly to the WAN.

// Layer 3 vs Layer 4 DistinctionWhen you run a ping command, you are NOT using TCP or UDP. Ping uses ICMP (Internet Control Message Protocol), which operates at Layer 3. If you want to verify a specific port is open, you must use a Layer 4 tool like Test-NetConnection or nmap.