TCP vs UDP: When to Use Which Protocol
TCP and UDP are the most widely-used communication protocols in the Internet protocol suite. One ensures the data you send is received accurately. The other transfers data quickly. Whether an application uses TCP vs. UDP depends on the relative importance of accuracy vs. speed.
This article will explain what these protocols do and their differences. We will also address why TCP is better for some applications and UDP for others. While they are core elements of IP networks, however, the two protocols can also increase your vulnerability to cyberattacks.
Transmission Control Protocol (TCP) provides reliable communications between two hosts. It transfers ordered data streams from the source and ensures accurate and complete data reconstruction at the destination. This approach compensates for the inherent unreliability of Internet Protocol (IP), the protocol that underlies a TCP connection.
On the sender’s side, TCP takes data from the application layer and creates an ordered stream of outbound segments. On the receiver’s side, TCP opens the incoming segments to reassemble the data for the application layer. Because the segments are ordered, TCP can reliably reconstruct the original file.
A TCP session begins with a three-way handshake between TCP endpoints at the source and destination:
- The source sends a message containing an Initial Sequence Number (ISN) to the destination.
- The destination increments the Sequence Number (SN) and sends it back to the source.
- The source increments the SN and sends it to the destination.
At the source, TCP divides data coming from the application layer. Each piece of data gets encapsulated with a header to create a TCP segment. Among the TCP header’s ten required fields is the segment’s Sequence Number. Each new segment gets an SN that is incremented by one over the previous segment’s SN.
An IP-based network layer makes a best effort to deliver packets to their destination. But there is no guarantee that packets arrive sequentially — or at all. Even if segments arrive at the destination jumbled up, the Sequence Numbers let TCP know how to reconstruct the original data. If a segment takes too long or fails to arrive, the destination TCP can send a retransmission request to the source.
Thanks to their two-way connection, the TCP endpoints can manage segment transmission to minimize congestion. The time it takes for one end to acknowledge a message is an indicator of network congestion. In response, TCP does things like adjusting transmission rates.
User Datagram Protocol (UDP) is an unreliable communications protocol that transmits data from a source to one or more destinations. Unlike TCP, UDP does not compensate for the way IP transfers data across networks.
At the source, UDP encapsulates each piece of data in a header to create a datagram. The header consists of fields for the source port, destination port, the datagram’s length, and a checksum.
UDP is a connectionless protocol so there is no handshake process with the destination. The source UDP simply hands each datagram to the network layer’s IP and moves on to creating the next datagram. The destination UDP port listens for incoming datagrams and passes the data to the application layer. UDP has no way to recover missing datagrams.
A key distinction between these protocols is their different approaches to reliability. Thanks to its two-way connection, TCP can reconstruct the original data even with sub-optimal network conditions. On the other hand, UDP has no way to guarantee that every datagram will arrive.
The reliability TCP offers has consequences. The data transfer takes time and is more resource-intensive than UDP. Among the things TCP must do at the source and the destination:
- Manage communications between the endpoints.
- Generate segments.
- Receive segments and detect errors.
- Retransmit segments.
- Manage congestion.
- Reassemble the completed data.
With no commitments to deliver the data or manage congestion, UDP consumes fewer resources.
Latency over UDP connections is much lower than over TCP connections. Any latency over UDP is primarily due to the network itself. TCP’s various functions add additional latency to the data transmission.
TCP can only transfer data from one point to another. UDP’s connectionless nature, on the other hand, allows its use for multicasting or broadcasting to multiple destinations.
When considering TCP vs UDP for transferring data, you have to consider your priorities.
- How important is data integrity?
- How important is latency?
- How performant are the endpoints?
- How many destinations need to receive the data?
When data integrity is your top priority, then TCP will always be the best choice. The protocol guarantees complete delivery and accurate reconstruction of the original data. Typically, applications that transfer data files will use TCP since the protocol’s latency and performance issues are not that critical.
UDP benefits applications that need to receive data quickly even if accuracy suffers. This is why real-time applications like audio and video streaming will often use UDP.
An easy way to understand the difference is to consider ways to distribute video. When downloading movies, a media app would use TCP. The priority here is delivering the file accurately to ensure correct playback. When streaming video, however, accuracy is less important than continuity. UDP ensures that data arrives at the streamer quickly. The media app uses error correction to handle missing data.
The Internet Protocol suite was not developed with security in mind. As a result, fundamental elements of the suite, including TCP and UDP, can create security vulnerabilities.
An unencrypted IP connection is susceptible to packet sniffing. Cybercriminals can read the fields in TCP segments and UDP datagrams. Using this information, they can launch Denial-of-Service (DoS) attacks.
Both protocols, for example, are susceptible to flood attacks. In a TCP SYN flood, the attacker targets an open TCP port by flooding it with SYN messages. The targeted device responds to each one with a SYN-ACK message and then waits for responses that never come. Legitimate connections get crowded out and the system crashes. With UDP floods, the attackers send datagrams to open non-UDP ports to generate so many ICMP responses that the targeted system fails.
TCP connections are vulnerable to attacks in other ways. When hackers inspect a TCP segment, they can get enough information to create fake segments. This spoofing lets them transmit commands to the receiving system to support a breach. Generating random SNs should prevent this attack. However, some TCP/IP stacks use predictable random number generators, which makes their communications vulnerable.
Another TCP and UDP vulnerability is not specific to the protocols themselves. Basic applications such as Telnet, FTP, DNS, and SSH depend on these protocols. But they also have known vulnerabilities that are exposed by open TCP or UDP ports.
TCP and UDP play a crucial role in Twingate’s Zero Trust security solution. The Zero Trust framework is a modern approach to network security that focuses on defending resources rather than networks. Each resource is surrounded by a software-defined perimeter that renders it invisible to anyone on the private network or the public internet. Only after successful authentication and authorization will a user gain access to a resource and, even then, that access will be temporary.
Zero Trust lets an organization apply a fine-grained segmentation of their networks and reduces their attack surface. However, some solutions implement Zero Trust at the application layer. They may not be compatible with every on-premises system or cloud-hosted application. When they are, they require the configuration of every user device and protected resource. This approach makes deployment and maintenance both difficult and expensive.
Twingate’s Zero Trust solution takes a more elegant approach. The Twingate Client running on a user’s device is protocol-agnostic and will transparently proxy TCP and UDP traffic. The same is true for the protected resource’s Twingate Connector. The two ends of the Zero Trust connection can also exchange ICMP messages (pings) to support network management.
With Twingate’s built-in protocol support, neither the client device nor the resource needs special configurations. Access to the resource may be browser-based, RDP, SSH, or VNC and it will work without any additional overhead.
The TCP and UDP transport protocols handle much of the data transferred over IP-based networks. TCP offers accurate delivery between two locations but requires more time and resources. UDP requires less overhead and lower latency but cannot guarantee that every datagram will be delivered.
Because Twingate’s approach to Zero Trust Network Access supports both TCP and UDP, you can seamlessly protect almost any on-premises or cloud-based resource with minimal overhead.
Contact Twingate to learn more about our modern approach to remote access and security.