LearnNetwork
OSI and TCP/IP layers

TCP vs UDP — when to use which

9 min

The Transport layer offers two main protocols. TCP gives you a reliable, ordered, error-checked byte stream — and pays for it with overhead and latency. UDP gives you fire-and-forget datagrams — fast, cheap, but the application has to deal with loss, ordering, and duplication itself.

Side by side

| Property | TCP | UDP | |---|---|---| | Connection | Yes (3-way handshake) | None (just send) | | Reliability | Acks + retransmits | None | | Ordering | Yes | No | | Flow control | Yes (windowing) | No | | Congestion control | Yes | No | | Header size | 20 bytes minimum (often 32) | 8 bytes | | Per-packet overhead | More | Less | | Latency to first byte | RTT × 1 (handshake) | 0 |

When TCP wins

  • HTTP / HTTPS (file transfer, web pages)
  • SSH
  • SMTP / IMAP
  • Database connections (SQL)
  • Any time you need every byte to arrive intact and in order

When UDP wins

  • DNS queries (UDP for speed; falls back to TCP if response > 512 bytes)
  • VoIP (RTP rides UDP — late packets are useless, no point retransmitting)
  • Video streaming (similar — recover via FEC, don't retransmit)
  • Online games (latency over reliability)
  • DHCP (no connection state yet by definition)
  • SNMP (small queries, tolerable to lose occasionally)

The TCP 3-way handshake

Client                      Server
  | -- SYN(seq=X) --------->  |
  | <----- SYN-ACK(seq=Y, ack=X+1) |
  | -- ACK(ack=Y+1) ------->  |
  |        connection established   |

Three round trips of state are required before any data flows. For a 200 ms RTT that's 600 ms just to set up — which is why QUIC exists.

QUIC — the modern third option

QUIC (RFC 9000) is "TCP + TLS, redesigned for the modern internet" — it rides on UDP, multiplexes independent streams over one connection (no head-of-line blocking), encrypts everything including most of the header, and merges the TLS and TCP handshakes (0-RTT for repeat connections). HTTP/3 is HTTP over QUIC.

For the CCNA you only need to know UDP/TCP. For the real world: every browser is increasingly using QUIC, and you should know it exists.

TCP ports you should know

| Port | Service | |---|---| | 20 / 21 | FTP data / control | | 22 | SSH | | 23 | Telnet | | 25 | SMTP | | 53 | DNS (also UDP) | | 80 | HTTP | | 110 | POP3 | | 143 | IMAP | | 443 | HTTPS | | 3306 | MySQL | | 5432 | PostgreSQL | | 6379 | Redis |

UDP ports you should know

| Port | Service | |---|---| | 53 | DNS | | 67 / 68 | DHCP server / client | | 69 | TFTP | | 123 | NTP | | 161 / 162 | SNMP / SNMP traps | | 500 / 4500 | IPsec IKE / NAT-T | | 514 | syslog |

What to remember

  • TCP = reliable, ordered, slower. UDP = fast, unreliable, app handles errors.
  • Use TCP for files and remote shells; UDP for real-time and DNS.
  • Memorise the common ports — at minimum 22, 53, 80, 443, 123, 161.
  • QUIC exists and is increasingly dominant for HTTP traffic.