| Property | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented (handshake first) | Connectionless — just send |
| Reliability | Guaranteed delivery, retransmits lost segments | Best-effort, no retransmission |
| Ordering | In-order delivery via sequence numbers | No ordering guarantee |
| Flow control | Sliding window, congestion control | None built in |
| Overhead | Higher — header + handshake + ACKs | Lower — minimal header |
| Header size | 20–60 bytes | 8 bytes |
| Typical use | Web (HTTPS), SSH, email, file transfer | DNS, VoIP, video streaming, DHCP |
0–1023 — reserved for standard services (HTTP, SSH, DNS). Require root/admin to bind on most systems.
1024–49151 — assigned to specific applications (e.g. 3306 MySQL, 8080 alt-HTTP), not reserved by the OS.
49152–65535 — assigned temporarily by the OS as the source port for outbound client connections.
| Port | Protocol | Transport |
|---|---|---|
| 20 / 21 | FTP (data / control) | TCP |
| 22 | SSH | TCP |
| 23 | Telnet | TCP |
| 25 | SMTP | TCP |
| 53 | DNS | TCP/UDP |
| 67 / 68 | DHCP (server / client) | UDP |
| 80 | HTTP | TCP |
| 123 | NTP | UDP |
| 161 / 162 | SNMP (poll / trap) | UDP |
| 179 | BGP | TCP |
| 443 | HTTPS | TCP |
| 3389 | RDP | TCP |
| Flag | Meaning |
|---|---|
| SYN | Synchronize — initiates a connection, proposes an initial sequence number |
| ACK | Acknowledges receipt of data or a SYN — set on almost every segment after the handshake |
| FIN | Finish — sender has no more data, begins graceful teardown |
| RST | Reset — abruptly terminates, usually because the port is closed or the connection is invalid |
| PSH | Push — tells the receiver to hand data to the application immediately, don't buffer |
| URG | Urgent — marks urgent data in the segment (rarely used today) |
Every byte sent is numbered. ACK confirms "received everything up to this byte" — missing bytes trigger retransmission.
Receiver advertises how many unacknowledged bytes it can buffer — sender throttles to match, preventing overload.
Maximum Segment Size — largest chunk of data per segment, negotiated during the handshake, tied to path MTU.
A single RST immediately kills the connection — no graceful exchange. Common when connecting to a closed port or after a crash/timeout.
A unique connection is identified by: protocol, source IP, source port, destination IP, destination port. This is what lets a server handle thousands of simultaneous clients on the same listening port.
The client application asks the OS to connect; the OS assigns a free source port from the dynamic range (e.g. 51402) to identify this specific connection.
Socket creationClient sends a segment with the SYN flag set and a random initial sequence number (ISN), proposing to open a connection to the server's listening port.
Handshake step 1If the port is open and listening, the server responds with its own SYN plus an ACK of the client's ISN+1. If the port is closed, it instead replies with RST.
Handshake step 2Client sends the final ACK. Both sides now have agreed sequence numbers and window sizes — the socket moves to ESTABLISHED state on both ends.
Handshake step 3Application data flows in both directions. Each segment increments the sequence number by the bytes sent; each ACK confirms bytes received, triggering retransmission of anything lost.
Reliable transferAs buffers fill or drain, each side updates its advertised window in every segment — this is how TCP self-throttles to match receiver capacity and network conditions.
Flow controlWhen done, either side initiates the 4-way FIN/ACK exchange (or a RST if something goes wrong) — the socket enters TIME_WAIT briefly on the initiator's side before fully closing.
TeardownSender just transmits — no setup, no session state maintained.
Lost packets stay lost — the application layer must handle retries if it cares (e.g. DNS retry logic).
Lower latency and overhead — ideal where speed matters more than perfect delivery (voice, video, real-time gaming).
| Symptom | Likely Cause |
|---|---|
| Immediate RST on connect | Port closed / nothing listening on that port |
| Connection hangs, then times out | Firewall silently dropping (filtered), not actively rejecting |
| Slow transfer, lots of retransmits | Packet loss on the path, MTU/MSS mismatch causing fragmentation |
| Works on LAN, fails externally | NAT/port-forwarding not mapping the port correctly |
| Many sockets stuck in TIME_WAIT | High connection churn — often normal, but can exhaust ports under load |
| Check | Command |
|---|---|
| Listening ports | netstat -an / ss -tuln |
| Active connections | netstat -ano |
| Quick port reachability | telnet host port / nc -zv host port |
| Full port scan | nmap host |
| Packet-level detail | tcpdump / Wireshark |