Alessio Minerva

Search

SearchSearch

Module 15: TCP and UDP

Mar 17, 20253 min read

Module 15: TCP and UDP

TCP and UDP Overview

Two primary transport layer protocols facilitate data transmission over networks: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

UDP: Best-Effort Delivery

UDP is a connectionless protocol that does not require acknowledgment of receipt. It is often used in applications where speed is prioritized over reliability, such as:

  • Streaming audio and video
  • Voice over IP (VoIP)

Since UDP does not require retransmissions, some packets may be lost, but the impact is usually minimal and unnoticeable to the end user.

TCP: Reliable Delivery

TCP ensures reliable, ordered, and error-checked delivery of data. It functions as follows:

  1. Message Segmentation: TCP breaks up messages into segments, each assigned a sequence number.
  2. Acknowledgment and Retransmission: The receiver sends acknowledgments (ACKs) for received segments. If an ACK is not received within a certain time frame, TCP assumes the segment was lost and retransmits it.
  3. Efficient Data Handling: Only the missing portion of the message is retransmitted rather than the entire message.

TCP is commonly used for:

  • Web browsing (HTTP/HTTPS)
  • File transfers (FTP)
  • Email communications (SMTP, IMAP, POP3)

Port Numbers

Each TCP or UDP message includes a port number that identifies the protocol and service being requested. A port is a numeric identifier used to track specific client-server conversations.

Types of Ports

Ports are assigned by ICANN (Internet Corporation for Assigned Names and Numbers) and are categorized as follows:

  1. Well-Known Ports (1-1023):

    • Assigned to commonly used network services.
    • Examples:
      • HTTP (80)
      • HTTPS (443)
      • FTP (21)
      • SSH (22)

  2. Registered Ports (1024-49151):

    • Used by applications registered by organizations.
    • Examples:
      • Microsoft SQL Server (1433)
      • Skype (23399)

  3. Private (Dynamic) Ports (49152-65535):

    • Often used as source ports for dynamically assigned connections.
    • Can be used by any application.

How Port Numbers Work

  • A source port is dynamically assigned by the client to identify a unique conversation.
  • A destination port is specified to indicate the service being requested on the server.
  • Example:
    • A web client sends an HTTP request to port 80 on a server.
    • The server responds to the source port assigned by the client.

Monitoring TCP Connections

Unexplained or unexpected TCP connections can indicate security threats, such as unauthorized access or malware activity.

Netstat Utility

The netstat command is a useful tool for monitoring active network connections. It provides information about:

  • Protocols in use (TCP/UDP)
  • Local and foreign addresses
  • Port numbers
  • Connection states

By using netstat, network administrators can verify active connections and identify any unusual activity on a networked device.

Graph View

Backlinks

  • No backlinks found