Some background you may or may not care about#
I took a networking class in college. It wasn’t a great experience, as the professor was at the school really just to pursue research, leaving us peasant students to 5-question long exams, each 25% of our grade and with .05% of the content from 200+ long slide decks. Needless to say, it wasn’t a very useful class.
So here I am, some number of years into my cybersecurity career, able to recognize and speak about different network protcols at fluctuating levels depending on the day. It’s time to change that. I want to understand, like really understand what’s going on.
This blog post is going to cover some of the most fundamental concepts in the networking world: UDP and TCP, two transport-level protocols.
UDP (User Datagram Protocol)#
UDP is a connectionless, message-oriented protocol. It functions through the sending and receiving of packets without having to establish a connection between a client and server. As a result, once a message has been sent, there is no further communication with the message receiver. Additionally, the packets are not numbered. This means that packets are not guaranteed to arrive in order, or even to arrive at all. UDP does not wait for acklowedgement of message receipt, it simply yeets the message and moves on.
Due to its connectionless nature, UDP is good for real-time information delivery. As messages are told to be transmitted, they are transmitted. Packets may be dropped due to lack of congestion control. Because the sender isn’t waiting for an ack, nor is the receiver going to send an ack, dropped packets will go unnoticed by both the client and server. This is okay in certain real-time examples, such as streaming. A momentary glitch will not deter a viewer. This also means that UDP is able to support broadcasting.
Error checking in UDP occurs through a 16-bit checksum. The checksum is used as follows: the sender computes the checksum corresponding to the data being sent and stores it in the header; upon receipt, the receiver computes the checksum using the received data and compares it to the checksum in the header. It’s important to note that the checksum is mandatory in IPv6 but not IPv4.
The UDP segment, or the data portion, of an IP packet includes an 8-byte header followed by variable length data. The header is composed as follows:
- The first 4 bytes of the header store the port numbers of the source and destination.
- The next 2 bytes of the header store the length of the UDP segment.
- The last 2 bytes of the header store the checksum.
TCP/IP (Transmission Control Protocol)#
TCP is a handshake-based, connection-oriented protocol. TCP provides a continuous flow of data through a manner of sending numbered packets which ensure correct receipt order. While this takes more time than UDP, which sends as instructed and receives as is, it makes TCP the more reliable transport protocol of the two. If packets are dropped, they can be recognized as missing and then retransmitted. The reliability provided by TCP makes it a choice protocol in situations requiring packet receipt acknowledgement and/or ensured packet delivery.
However, this reliability and congestion control behavior comes at a cost of overhead. TCP is slower than UDP due to the latency created by establishing and maintaining connections.
Checksum use is required by TCP, for both IPv4 and IPv6. This ensures error detection despite IP version.
A TCP header is between 20 and 60 bytes. Like the UDP header, there are reserved bytes for the source and destination port numbers, there is also a field to store the amount of data to be transmitted during the session, and the checksum is included towards the end. The large quantity of additional header space, compared to UDP, is used to store information required to establish connections, maintain connections, and support the acknowledgements required for the reliability aspects (i.e. syn/ack behavior) of the protocol.
UDP is the less reliable protocol, but can be used for real-time data delivery, including broadcasting, due to its constant stream of packet transmission.
TCP is a more reliable but slower data transport protocol used for data transmission between two endpoints. It uses acknowledgements to confirm packet receipt.
Both protocols support checksums, which should be utilized for error detection.