TCP vs UDP — when to use which
9 min
The Transport layer offers two main protocols. TCP gives you a reliable, ordered, error-checked byte stream — and pays for it with overhead and latency. UDP gives you fire-and-forget datagrams — fast, cheap, but the application has to deal with loss, ordering, and duplication itself.
Side by side
| Property | TCP | UDP | |---|---|---| | Connection | Yes (3-way handshake) | None (just send) | | Reliability | Acks + retransmits | None | | Ordering | Yes | No | | Flow control | Yes (windowing) | No | | Congestion control | Yes | No | | Header size | 20 bytes minimum (often 32) | 8 bytes | | Per-packet overhead | More | Less | | Latency to first byte | RTT × 1 (handshake) | 0 |
When TCP wins
- HTTP / HTTPS (file transfer, web pages)
- SSH
- SMTP / IMAP
- Database connections (SQL)
- Any time you need every byte to arrive intact and in order
When UDP wins
- DNS queries (UDP for speed; falls back to TCP if response > 512 bytes)
- VoIP (RTP rides UDP — late packets are useless, no point retransmitting)
- Video streaming (similar — recover via FEC, don't retransmit)
- Online games (latency over reliability)
- DHCP (no connection state yet by definition)
- SNMP (small queries, tolerable to lose occasionally)
The TCP 3-way handshake
Client Server
| -- SYN(seq=X) ---------> |
| <----- SYN-ACK(seq=Y, ack=X+1) |
| -- ACK(ack=Y+1) -------> |
| connection established |
Three round trips of state are required before any data flows. For a 200 ms RTT that's 600 ms just to set up — which is why QUIC exists.
QUIC — the modern third option
QUIC (RFC 9000) is "TCP + TLS, redesigned for the modern internet" — it rides on UDP, multiplexes independent streams over one connection (no head-of-line blocking), encrypts everything including most of the header, and merges the TLS and TCP handshakes (0-RTT for repeat connections). HTTP/3 is HTTP over QUIC.
For the CCNA you only need to know UDP/TCP. For the real world: every browser is increasingly using QUIC, and you should know it exists.
TCP ports you should know
| Port | Service | |---|---| | 20 / 21 | FTP data / control | | 22 | SSH | | 23 | Telnet | | 25 | SMTP | | 53 | DNS (also UDP) | | 80 | HTTP | | 110 | POP3 | | 143 | IMAP | | 443 | HTTPS | | 3306 | MySQL | | 5432 | PostgreSQL | | 6379 | Redis |
UDP ports you should know
| Port | Service | |---|---| | 53 | DNS | | 67 / 68 | DHCP server / client | | 69 | TFTP | | 123 | NTP | | 161 / 162 | SNMP / SNMP traps | | 500 / 4500 | IPsec IKE / NAT-T | | 514 | syslog |
What to remember
- TCP = reliable, ordered, slower. UDP = fast, unreliable, app handles errors.
- Use TCP for files and remote shells; UDP for real-time and DNS.
- Memorise the common ports — at minimum 22, 53, 80, 443, 123, 161.
- QUIC exists and is increasingly dominant for HTTP traffic.