All guides

TCP vs UDP: What's the Difference?

If you're studying for CompTIA Network+ or Security+, TCP vs UDP is one of the first things you have to get straight — and it comes back constantly in ports, protocols and attack questions.

The short answer

TCP (Transmission Control Protocol) is the reliable one: it opens a connection, guarantees every byte arrives in order, and re-sends anything that gets lost. UDP (User Datagram Protocol) is the fast one: no setup, no guarantees — it just sends and hopes for the best.

Think of TCP as a phone call (you both agree to talk, and you notice if the line drops) and UDP as a postcard (you send it and never know for sure it arrived).

What is TCP?

TCP is connection-oriented. Before any data flows, the two hosts complete a 3-way handshake (SYNSYN-ACKACK). After that, TCP numbers every segment so the receiver can put them back in order, acknowledges what it receives, and retransmits anything missing. It also handles flow control and congestion control so it doesn't overwhelm the network.

That reliability costs overhead: a larger 20-byte header and extra round-trips. You want TCP whenever every byte matters — web pages, email, file transfers, SSH.

What is UDP?

UDP is connectionless. There's no handshake and no acknowledgements — it sends independent datagrams with a tiny 8-byte header and moves on. If a packet is lost, UDP doesn't care; it's up to the application to cope (or not).

That makes UDP fast and low-latency, which is exactly what you want for real-time traffic where a late packet is useless anyway: voice/video (VoIP), live streaming, online gaming, and lightweight lookups like DNS and DHCP.

TCP vs UDP, side by side

TCPUDP
ConnectionConnection-oriented (3-way handshake)Connectionless
ReliabilityGuaranteed, with retransmissionBest-effort, no retransmission
OrderingSegments reordered correctlyNo ordering
Speed / latencySlower, more overheadFaster, minimal overhead
Header size20 bytes8 bytes
Flow / congestion controlYesNo
Typical useWeb, email, file transfer, SSHDNS, DHCP, VoIP, streaming, TFTP

Ports you should memorize

Exam questions love mapping a protocol to its transport and port:

  • TCP: 22 (SSH), 25 (SMTP), 80 (HTTP), 443 (HTTPS), 3389 (RDP)
  • UDP: 67/68 (DHCP), 69 (TFTP), 123 (NTP), 161 (SNMP)
  • Both: 53 (DNS — UDP for queries, TCP for zone transfers)

Which one shows up on the exam?

On Network+ you'll match protocols to TCP/UDP and ports, and explain why real-time services prefer UDP. On Security+, the angle is attacks and hardening: TCP's handshake enables things like SYN floods, while UDP's spoofability fuels amplification DDoS (DNS, NTP). Remember that neither protocol encrypts on its own — confidentiality comes from a layer on top (TLS over TCP, DTLS over UDP).

Common exam gotchas

A few traps that catch people out:

  • "Connectionless" doesn't mean "insecure." UDP just skips the handshake — security still comes from a layer on top (DTLS, IPsec).
  • DNS uses both. UDP 53 for normal lookups, TCP 53 for zone transfers and oversized replies — a question often hinges on exactly this.
  • Same service, different transport. FTP is TCP; TFTP is UDP. SNMP and syslog ride UDP. Don't assume a protocol is TCP just because it sounds important.
  • The modern web is shifting to UDP. HTTP/3 runs over QUIC, which is built on UDP and rebuilds reliability in software for lower latency — proof that "UDP = unreliable" is a simplification, not a law.

Lock it in

TCP vs UDP only sticks once you've recalled it a few times under exam pressure — not after reading it once. Drill the transport protocols, ports and the acronyms around them with active recall, and the comparison becomes automatic on test day.

Get the App