Analyzing the behavior of TCP/UDP packets


In this article, we will analyze the difference between TCP and UDP protocols. We are going to see the usage of these protocols in detail with some examples to clear up how they actually function in a network. TCP and UDP are two protocols that offer two different methods of sending data across a computer network.

TCP is the short name for Transmission Control Protocol which checks our if each packet has been delivered successfully or not by waiting to get a confirmation back form the receiver. A confirmation message is a way of making sure that the receiver has received the data intact. In this way, the TCP protocols offers some security in sending the data.

UDP is the short name for Datagram Protocol which tries to just send the packet (data) without waiting for an acknowledgement from the receiver. Thus, this protocols doesn’t offers any security because there’s no way to be assured if the integrity of the data has been maintained during the transmission.

We will read a more detailed explanation about these two protocols in the next paragraphs.

Transmission Control Protocol (TCP)

TCP protocol works on layer 4 in the OSI model and is a connection oriented protocol. This means that the sender and the receiver start by building a private communication channel. This channel serves the sender as a way of knowing that ALL of the packets being transmitted, are actually reaching the other end.

When the receiver gets a packet, it analyzes the content and sends a confirmation message for each successfully transmitted packet. This protocol establishes a connection through a mechanism called Three-Way Handshake and maintains the connection until the application at one of the ends closes the program.

TCP protocol divides the packet to smaller sections and gives each packet a specific sequence number. So, in case that any packet is dropped or is lost during the transmission, both ends will know that a certain packet with a certain sequence number is missing. The sender then will re-transmit the missing packet once more by referring to its sequence number.

Now let’s dive into how TCP flow control mechanism work

TCP three way handshake

Before the sender starts to send data, they will check the path and then they will start a three-way connection wich has been illustrated below:

  1. The sender (Computer A) starts to send a SYNC message to the receiver (Computer B). This message means that a certain amount of data is going to be transferred. This makes the receiver to get ready to receive.
  2. When computer B receives the SYNC massage, it replies with another packet called SYN-ACK message. This let’s the receiver know that the SYNC message has been received.
  3. After computer A receives the SYN-ACK message, it sends a new ACK message to inform host B that the SYNC-ACK message has been received.
TCP three way handshake

These three sequential messages establish a private connection or channel that assures both computers are in sync now and the data flow starts afterwards. We will go through that next.

TCP flow control

When three-way handshake completed, TCP starts to send data. As described before, the sending computer will break the data into smaller packages first. Imagine the sender wants to send a file with a volume of 100MB and it breaks it into 100 packets, 1 MB each. Now every packet has a unique sequence number (1 to 100) attached to it.

In the illustration below, you can see a TCP connection trying to send a piece of data. Every step shows what is going on in that particular stage. Notice another factor called Flow Size and it is the number of packets (with a unique sequence number assigned to each them) that are going to be passed over the media every.

We will go through the flow size in another article later.

An exact TCP scenario

  1. Sender (A) starts to send the first packet with sequence number 1.
  2. Receiver (B) replies with ACK message for that sequence number to inform A that packet the packet is arrived and also it means it’s waiting for A to send the remaining packets.
  3. Computer (A) increases the flow size and sends packets with sequence number 2,3,4 and 5. (The Flow size is now 4).
  4. Computer (B) sends four ACK message to (A) to confirm it has receive the four packets.
TCP Flow control

5. Since A received all the packets, the ACK message increases The flow size again and packet numbers 6 to 20 will transmitted over to Computer (B). (Flow size is 15).            

6. Computer (B) finds that a packet with sequence number 10 is missing. So in this case, it doesn’t send ACK message for sequence number of 10.

7. Computer (A) finds that one packet is dropped and decreases the Flow Size while re-sending packet number 10.(Flow Size <15)                 

These steps will continue until all of the packets are delivered to Computer (B) successfully and an ACK message has been received for every sequence number.

Back to description above, now you can understand why the TCP delivers lower transmission speed than UDP. A bit of general information; when you are downloading a file from the internet, you are actually using TCP protocol.

If you see your send/receive speed fluctuating, it means some of the packets are lost during the download and it’s the duty of TCP protocol to reduce the Flow Size in order to re-transmit it.

User Datagram Protocol (UDP)

The UDP protocol is less reliable because the sender machine is not going to wait for receiving any acknowledgment form the receiver. When using this protocol to send data, the sender is going to just send out the packets continuously without watching if the other end has received the data or not.

the drawback is that If packet get lost during transmission, there’s no way to know how many of them or which one was lost. There’s practically no mechanism to check the integrity of received data. Although this is the downside of using the UDP protocol to transmit data, but it works faster than TCP because there’s no time or delay spend to go through three-way handshake process.

This protocol is particularly useful to use when sending with higher speed is desired and also when an error detection is not necessary. For example, UDP is frequently used for live broadcasts, voice/video traffic and online games. If a couple of packets get lost during a video conference, surely there won’t a big issue because a packet or two won’t make any noticeable delay in the video stream.

In general, keep in mind that TCP is used when it’s critical for the end unit to receive every single piece of data. While UDP is used when insensitive data is being transmitted.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.