Skip to content

TCP/UDP

Ever wondered how your computer actually sends stuff over the internet? That’s where TCP and UDP come in. They’re the main ways (called protocols) that devices use to send and receive data—like web pages, videos, or game info—across networks. Think of them as the rules for how data “packets” travel from one place to another.

TCP (Transmission Control Protocol) is like sending a registered package. It makes sure your data gets there, in the right order, and asks for a signature (acknowledgement) at the other end. If something goes missing, it tries again. This makes it reliable, but a bit slower.

UDP (User Datagram Protocol) is more like dropping postcards in the mail. It just sends data and doesn't check if it arrives. No guarantees, but it's fast and simple. Great for things like streaming or online games where speed matters more than perfection.

TCP (Connection setup, reliable transfer, teardown) 
sequenceDiagram
    participant Client
    participant Server
    Note over Client,Server: Connection setup
    Client->>Server: SYN
    Server->>Client: SYN-ACK
    Client->>Server: ACK
    Note over Client,Server: Data transfer (reliable, ordered)
    Client->>Server: Data packet 1
    Server->>Client: ACK
    Client->>Server: Data packet 2
    Server->>Client: ACK
    Note over Client,Server: Connection close
    Client->>Server: FIN
    Server->>Client: ACK
    Server->>Client: FIN
    Client->>Server: ACK
UDP (Just sends data, no handshake, faster) 
sequenceDiagram
    participant Client
    participant Server
    Note over Client,Server: No handshake, no connection
    Client-->>Server: Data packet (no setup)
    Client-->>Server: Data packet (may arrive out of order)
    Note over Client,Server: No connection setup or teardown
UDP just sends data—no setup, no guarantees, just fast and simple.
No SYN, no ACK, no FIN. Less overhead, doesn't care about it.
SYN (synchronize), ACK (acknowledge), and FIN (finish) are special messages used by TCP to set up, confirm, and close a connection.
There's also RST (reset), PSH (push), URG (urgent), and ECN-related flags like ECE (ECN‑Echo) and CWR (Congestion Window Reduced).
This is why TCP is called "connection-oriented"—it makes sure both sides are ready before sending real data, and says goodbye at the end.

tcpdump

You can use tcpdump to watch TCP and UDP traffic, either just the protocol workings (like handshakes and flags) or including the actual data packets.

To see all TCP or UDP packets (including data): 

sudo tcpdump tcp
sudo tcpdump udp

To focus on just the protocol workings (like SYN, ACK, FIN, RST for TCP, or UDP headers), and skip the payload: 

sudo tcpdump -v tcp
sudo tcpdump -v udp
Or, to see even less data (headers only): 
sudo tcpdump -vvv -s 0 tcp
sudo tcpdump -vvv -s 0 udp

  • The basic command shows everything, including payloads.
  • Adding -v/-vvv increases detail about the protocol flags and headers.
  • Adjusting the -s (snaplen) option controls how much of each packet is captured (e.g., -s 0 for the whole packet, or -s 64 for just headers).

This lets you observe both the protocol mechanics (handshakes, flags) and the actual data being sent.

Bottom line: TCP is for when you need your data to arrive safely and in order. UDP is for when you just need it there fast and can live with a few missing pieces.

The text on the page was 90% written by LLM based on strong instructions, but moved around a lot to make it usable.