TCP vs. UDP Protocols - UnicMinds

TCP vs. UDP – Packet Analysis in Wireshark

As we’ve seen earlier, TCP/IP is the protocol used widely for any communication between a host and a server on the internet. Before starting to exchange data, the client and server engage in a TCP 3-way handshake. The handshake is to primarily establish a connection. TCP/IP can only work between a client and a server by only establishing a connection between them. You can learn more about how the TCP connection is established and disconnected here.


On the other hand, UDP is also another protocol but there are key differences between TCP and UDP. To start with, UDP doesn’t need an established connection to the server system. So, UDP is a connectionless protocol whereas TCP is a connection-based protocol. The other key difference is: UDP doesn’t identify IP addresses as Server and Client. It only identifies them as Sender and Receiver. Whereas in the TCP, the IP addresses are classified very clearly as Server IP and Client IP and both can send and receive. There is no Server and Client in UDP, they are just peers. The third major difference between TCP and UDP is: Because TCP is connection-based, every message is acknowledged and it is very reliable. In UDP, the receiver may or may not reply back to the message. So, the application has a lot more responsibility to complete in UDP whereas in TCP a lot of stuff is inculcated in the protocol itself. Even within UDP you can make things as Server and Client but it requires more work from the application. Because UDP doesn’t need an acknowledgement, a sender can flood a receiver with a barrage of UDP packets and make the server unable to serve any clients. So, UDP is very vulnerable to Denial-of-Service attacks.

Both TCP and UDP are network communication protocols between two nodes. Because of the above mentioned advantages, TCP is far more reliable. But, UDP is faster. So, applications such as VoIP can use UDP because they need to optimize for speed. Whereas applications that need reliable data communication use TCP.

TCP based Protocols and UDP based Protocols

So, there are a range of protocols that are based on TCP. For example, below are the popular protocols that are based on connection-based TCP communication.

  • HTTP, HTTPS – for Web Browsing
  • FTP – for file transfer
  • SMTP – for sending emails
  • POP3 – for receiving emails
  • Telnet – for accessing remote computers
  • SNMP – for network management

Obviously, there are also protocols based on UDP communications. For example, below are the popular protocols based on UDP.

  • Quic ( UDPs alternative to HTTP but not reliable)
  • NTP (Network Time Protocol)
  • DNS (Domain Name Service)
  • TFTP (File Transfer)
  • NNP (Network News Protocol)

Applications such as traceroute use the UDP.  But, the major disadvantages with UDP are reliability, vulnerability to DoS attacks, and limited use cases. UDP cannot be used by applications that require 100% reliable data delivery like web pages. It is better suited for applications that can tolerate some data loss such as VoIP, streaming, and online gaming.

Wireshark View

Below is a snapshot of WIreshark live traffic showing various packets going to and fro from applications using various TCP and UDP protocols. 

In our Computer Networks and Ethical Hacking classes, we go deeper into understanding the finer facets and the fundamental basics of computer networking and data transfers.

Hope this is useful, thank you.

You may like to read: A Robot that can Smell, How the Internet runs on Under-Sea Cables?, & Encryption Explained to Kids & Teens