Subtitles of the Movie

During this session, I want to talk to you about the basics of TCP and UDP protocols. Now, we're going to cover several characteristics of each protocol during this particular session, but understand that we're not going to go in depth on these just yet. We're going to go in depth on these a little bit more as we progress through the course. But I just want to give you a few general characteristics of TCP and UDP protocols. These are two very important protocols to understand simply because a lot of our packet analysis and traffic analysis is going to involve TCP and UDP, so it's important that you know how they react on the network. Now, as you may remember from our discussion on the TCP/IP Model or the OSI Model, TCP and UDP protocols are both found at the transport layer. Now, they have several things in common but they differ in several ways also. First of all, let's talk about TCP. TCP is a connection-based protocol. Now, what that means is that TCP has to establish a formal connection to another computer before the communications process takes place. It establishes this formal connection in a certain way and it maintains a formal connection throughout the duration of the communication session. What we call this formal way of establishing a connection is called the Three-Way Handshake. And we'll talk more about this in a later session. Now, TCP has several characteristics that you should know about. It is able to keep track of its communications by using several different mechanisms, such as sequence numbers and flags. TCP also performs error correction. What that means is that it has the ability to resend segments if it determines that they didn't get to the destination computer. There is a mechanism for this in TCP. TCP also uses something called Windowing to regulate the amount of traffic that's sent to the destination computer. That way it doesn't overload the other computer's TCP/IP Stack's buffers. Now TCP is used for a wide variety of protocols that we see every day. In fact, probably most of the protocols you'll use in your normal computer lives involve TCP, such as HTTP, the World-Wide Web Protocol; FTP, the File Transfer Protocol and SMTP, the Simple Mail Transfer Protocol. And there are others as well that use TCP. Now let's talk about UDP for a moment. UDP just about is the opposite of TCP on every count so far we've talked about. First of all, it's connectionless. It does not require an established connection nor does it keep track of the connection during the communications process. It does not worry about traffic flow at all. It doesn't care how fast or how much traffic it sends to the destination computer. UDP also does not worry about error correction, but it allows other layers to take care of error correction if it's needed. It may rely on other programs, it may rely on TCP/IP protocols to do that if necessary. Now, where do we see UDP most often used? Well, we see it where reply coming back to the source computer may or may not come back. We may see it used on an unreliable connection. Some protocols are designed specifically so that they don't require a reply back or maybe used over an unreliable connection. UDP also has very little overhead, so a lot of programs and applications that require little overhead can be used over UDP. A good example is streaming media. Let's say you're watching a video come across the Internet to your computer. Streaming media normally uses UDP. The reason is if it used TCP, then TCP every time it dropped a packet would try to correct that and resend it. A packet may not be much in terms of a video. It may be a split second of video, so would you want TCP to try to resend that segment of video back and forth over and over again or would you just want the video to continue going? That's why UDP is used; because it doesn't do that. Now, some examples of protocols that use UDP are DNS, the Domain Name System, DHCP and pretty much other kinds of broadcast traffic. There are many other different protocols that use UDP. There's even a couple of protocols out there that use both TCP and UDP. DNS is probably the best example of those. Now, another characteristic that TCP and UDP actually have in common is that they both use ports to determine what kind of traffic is destined for higher-layer protocols; application layer protocols on the destination computer. We're going to talk about all these characteristics a little bit more in depth as we go through the next few sessions.