TCP and UDP are the two transport-layer protocols that application traffic rides over. Choosing between them (or understanding why a protocol chose one) is a recurring topic in cloud architecture and security.
TCP: Transmission Control Protocol
TCP provides reliable, ordered, error-checked delivery of data between applications. It's the foundation of most internet protocols: HTTP/HTTPS, SSH, SMTP, FTP, database connections.
TCP Features
- Connection-oriented: A connection is established before data flows (3-way handshake)
- Reliable delivery: Every segment is acknowledged; lost segments are retransmitted
- Ordered: Segments are reassembled in order, even if they arrive out of order
- Flow control: Receiver advertises its receive window; sender doesn't overwhelm it
- Congestion control: Sender slows down when the network is congested
The TCP 3-Way Handshake
Client Server
| ------ SYN --------> | Client says "I want to connect, my seq = 1000"
| <-- SYN-ACK --------- | Server says "OK, my seq = 5000, ACK 1001"
| ------ ACK --------> | Client says "Confirmed, ACK 5001"
| |
| (data flows both ways)
| |
| ------ FIN --------> | 4-way close (FIN → FIN-ACK → FIN → FIN-ACK)TCP Connection States
Common states you'll see in netstat or ss output:
- LISTEN: Server is waiting for incoming connections
- ESTABLISHED: Active connection, data can flow
- TIME_WAIT: Connection closed, waiting for delayed packets (up to 2 minutes)
- CLOSE_WAIT: Remote side closed, local side hasn't yet
- SYN_SENT: Client sent SYN, waiting for SYN-ACK
UDP: User Datagram Protocol
UDP is connectionless — it sends datagrams without establishing a connection, without acknowledgements, and without guaranteed delivery. What you get in return: low overhead and low latency.
When to Use UDP
- DNS: Single small query/response; retransmission handled by the application
- DHCP: Broadcasts on local network
- Video streaming / VoIP: A dropped frame is better than pausing to retransmit
- Online gaming: Latency matters more than every packet arriving
- QUIC / HTTP/3: UDP-based but adds reliability at the application layer
- NTP: Time synchronisation
- SNMP: Network monitoring
Well-Known Port Numbers
| Port | Protocol | Service |
|---|---|---|
| 22 | TCP | SSH |
| 25 | TCP | SMTP (email relay) |
| 53 | TCP/UDP | DNS |
| 80 | TCP | HTTP |
| 443 | TCP | HTTPS |
| 3306 | TCP | MySQL / MariaDB |
| 5432 | TCP | PostgreSQL |
| 6379 | TCP | Redis |
| 27017 | TCP | MongoDB |
| 2181 | TCP | ZooKeeper |
| 9092 | TCP | Kafka |
| 2379/2380 | TCP | etcd (Kubernetes) |
| 6443 | TCP | Kubernetes API Server |
| 10250 | TCP | Kubernetes kubelet API |
| 8080/8443 | TCP | HTTP/HTTPS alternates (dev/proxy) |
| 123 | UDP | NTP |
| 161 | UDP | SNMP |
TCP vs UDP Summary
| TCP | UDP | |
|---|---|---|
| Connection | Yes (handshake) | No |
| Reliability | Guaranteed delivery | Best-effort |
| Order | Ordered | Not guaranteed |
| Overhead | Higher | Lower |
| Speed | Slower | Faster |
| Use cases | HTTP, SSH, databases | DNS, video, gaming, QUIC |
Next: Firewalls — how traffic is filtered at the network and host level, and the AWS security primitives you'll use daily.