TCP & UDP

Once DNS gives you an IP address, your device can send packets to the correct destination. But IP only moves independent packets across networks — it does not track whether they arrive, whether they arrive in the correct order, or whether the network is congested.

If you split a web page into many packets, some may arrive out of order, some may be delayed, and some may be lost entirely. Without additional coordination, the receiving application would have no reliable way to reconstruct the original data correctly.

Transport protocols solve four fundamental problems: ordering (reassembling data correctly), reliability (detecting and retransmitting lost data), multiplexing (allowing multiple applications to share a single IP address), and congestion control (preventing the network from becoming overloaded).

In short, IP answers “Where should this packet go?”
Transport protocols answer “How should this conversation behave?”

When data reaches a server’s IP address, the operating system still needs to decide which program should handle it. A single machine can run a web server, a database server, an SSH service, and many other applications at the same time.

This is where port numbers come in. A port is a logical communication endpoint used by transport protocols like TCP and UDP. It allows the system to demultiplex incoming traffic and deliver it to the correct application process.

For example, port 80 is typically used for HTTP, port 443 for HTTPS, and port 22 for SSH. When you access a secure website, your browser connects to the server’s IP address on port 443, signaling that it wants to speak HTTPS.

Without ports, a machine could only run one network application at a time. Ports allow thousands of simultaneous conversations to occur on a single IP address.

Transmission Control Protocol (TCP) is designed for applications that require complete and accurate data delivery. Unlike raw IP, TCP treats communication as a continuous stream of bytes rather than independent packets.

Each segment of data is assigned a sequence number. The receiver uses these numbers to reorder data correctly before passing it to the application. If a segment is missing, TCP detects the gap and requests retransmission.

TCP also includes flow control, which prevents a fast sender from overwhelming a slower receiver. It does this by using a sliding window mechanism that limits how much unacknowledged data can be in flight.

Finally, TCP implements congestion control. It monitors network conditions and adjusts transmission speed to avoid flooding routers. This protects overall network stability while still maximizing throughput when conditions allow.

TCP is connection-oriented, meaning both sides must agree to communicate before data transfer begins. This process ensures that both the client and server are ready and able to exchange data.

First, the client sends a SYN (synchronize) packet. This packet proposes an initial sequence number and signals the desire to open a connection.

Second, the server responds with a SYN-ACK. This acknowledges the client’s request and provides the server’s own initial sequence number.

Finally, the client sends an ACK to confirm receipt of the server’s sequence number. At this point, both sides have synchronized sequence numbers and the connection is officially established.

Only after this handshake completes does TCP begin transferring application data.

TCP assigns a sequence number to each byte in the data stream. This allows the receiver to detect missing or out-of-order segments and correctly reconstruct the original message.

The receiver sends back ACK (acknowledgment) numbers indicating the next expected byte. If the sender does not receive an ACK within a certain time, it assumes the segment was lost.

When loss is detected, TCP performs a retransmission, sending the missing data again. This mechanism ensures reliability even when packets are dropped due to congestion or network instability.

TCP also uses a sliding window for flow control. Instead of waiting for an ACK after every packet, the sender can transmit multiple segments within an allowed window size. This improves efficiency while still maintaining strict delivery guarantees.

User Datagram Protocol (UDP) is connectionless. Unlike TCP, it does not perform a handshake before sending data. A sender simply transmits packets to the destination IP and port.

UDP does not track sequence numbers for reliability, does not wait for acknowledgments, and does not retransmit lost packets. If a packet is dropped, it is gone.

Because UDP removes these coordination mechanisms, it has significantly lower overhead and latency. This makes it suitable for use cases where speed matters more than perfect delivery, such as live streaming, online gaming, or DNS queries.

In short, UDP favors performance and simplicity over reliability.

TCP is ideal for applications where missing or corrupted data would break functionality. Web pages, APIs, file downloads, and email all require complete and correctly ordered data. Even a single missing byte could corrupt the result.

UDP is better suited for applications where occasional packet loss is acceptable. Real-time video, voice calls, gaming, and small stateless queries like DNS prioritize speed over perfection. Waiting for retransmissions would create noticeable delay.

The key decision is this:
If accuracy and completeness are mandatory, use TCP.
If responsiveness and low latency are critical, UDP may be the better fit.

If a destination port is closed or blocked by a firewall, the server may immediately respond with a connection refused message. This means the machine is reachable, but no application is listening on that port.

If a client sends a SYN but never receives a SYN-ACK, the connection attempt will eventually timeout. This often indicates that the server is down, unreachable, or filtered by a firewall along the path.

When packet loss is high, TCP detects missing acknowledgments and performs retransmissions. While reliability is preserved, performance degrades significantly.

Under heavy congestion, TCP reduces its sending rate through congestion control algorithms. The connection remains alive, but throughput drops and latency increases.