TCP vs UDP - What's the Difference?
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two dominant transport-layer protocols that applications use to send data over IP networks. They represent a fundamental trade-off between reliability and speed - Understanding this trade-off explains why your web browser and your online game feel completely different under the hood.
TCP vs UDP Comparison
| Property | TCP | UDP |
|---|---|---|
| Connection model | Connection-oriented - 3-way handshake before data transfer | Connectionless - Data sent immediately, no setup |
| Reliability | Guaranteed delivery - Lost packets are retransmitted | Best-effort - Lost packets are not retransmitted |
| Ordering | Packets delivered in order; out-of-order packets buffered | No ordering guarantee - Application handles if needed |
| Error checking | Checksum + acknowledgement + retransmission | Checksum only - No retransmission |
| Flow control | Yes - Sliding window adjusts send rate to receiver capacity | No |
| Congestion control | Yes - CUBIC, BBR, Reno algorithms | No - Application must implement if needed |
| Header size | 20–60 bytes | 8 bytes |
| Speed | Slower - Overhead from reliability mechanisms | Faster - Minimal overhead |
| Typical use cases | HTTP/HTTPS, email (SMTP/IMAP), file transfer (FTP), SSH | DNS, video/audio streaming, VoIP, online gaming, QUIC |
The TCP 3-Way Handshake
Before any data is exchanged over TCP, a connection is established through the TCP three-way handshake: (1) the client sends a SYN packet with a random initial sequence number; (2) the server responds with SYN-ACK, acknowledging the client's sequence number and sending its own; (3) the client sends ACK, acknowledging the server's sequence number. Only after this handshake does application data begin to flow. This adds one round-trip time (RTT) of latency before the first byte of data - A significant overhead for short-lived connections like DNS queries.
When to Use Each Protocol
- Use TCP (or protocols built on TCP) when data integrity is critical: web browsing, file downloads, email, database queries. See HTTP vs HTTPS for how TCP underpins web traffic.
- Use UDP when low latency is more important than guaranteed delivery: live video streaming, VoIP calls, DNS lookups, online games.
- QUIC (used in HTTP/3) runs over UDP but re-implements reliability, ordering, and congestion control at the application layer - Getting the best of both worlds.
- WireGuard VPN uses UDP, which makes it faster and more resilient to network interruptions than OpenVPN (which can use TCP or UDP).
- DNS uses UDP for standard queries (faster) but falls back to TCP for responses larger than 512 bytes.
The Handshake in Detail - And How Connections End
| Phase | Client Sends | Server Sends | Purpose |
|---|---|---|---|
| Open (1) | SYN, seq=x | - | Client proposes a connection and its starting sequence number |
| Open (2) | - | SYN-ACK, seq=y, ack=x+1 | Server accepts and proposes its own sequence number |
| Open (3) | ACK, ack=y+1 | - | Client confirms - Both sides now agree on numbering; data flows |
| Close | FIN → ACK | FIN → ACK | Each direction is shut down independently with its own FIN/ACK pair |
| Abort | RST from either side | Immediate teardown - Also what a closed port replies to a stray connection attempt | |
Those sequence numbers are TCP's whole magic: every byte is numbered, so the receiver can detect gaps, request what is missing, and reassemble everything in order. UDP (defined in RFC 768 - The entire protocol fits in a few pages, versus RFC 9293 for TCP) numbers nothing, which is precisely why it is fast and precisely why it guarantees nothing.
Seeing TCP and UDP in Real Life
On your own machine
Run netstat -an (Windows) or netstat -an | head -40 (macOS/Linux) to list active connections: TCP entries show states like ESTABLISHED, LISTEN, and TIME_WAIT, while UDP entries show no state at all - There is no connection to have a state. This is the theory of this article made visible in one command.
From the outside
Port scanning leans on the handshake too: a TCP scan learns a port is open when it receives SYN-ACK, and closed when it receives RST. UDP scanning is slower and vaguer because closed UDP ports answer (if at all) with an ICMP error. Try the port scanner against your own IP to see which TCP services your network exposes - And read what is port scanning for how to interpret the results.
What This Means for You
You never choose between TCP and UDP directly - Applications choose for you - But the choice explains everyday behaviour. Downloads arrive bit-perfect however bad the Wi-Fi, because TCP retransmits; a video call glitches instead of pausing, because UDP discards what arrives too late rather than delaying everything behind it. It also explains tuning options you do control: switching a VPN from OpenVPN-TCP to WireGuard or OpenVPN-UDP often fixes sluggishness, because reliable-over-reliable tunnelling compounds retransmissions. When diagnosing, measure both dimensions of your connection - Raw throughput and latency - With the speed test, since TCP cares about loss and UDP applications care about delay.
Frequently Asked Questions
Is UDP less secure than TCP?
Neither protocol is encrypted or authenticated by itself - Security comes from layers above, like TLS over TCP or QUIC and WireGuard over UDP. UDP's spoofability makes it a favourite for reflection DDoS attacks, but for your own traffic, a UDP-based VPN is exactly as secure as its encryption.
Why do games and video calls use UDP instead of TCP?
Because late data is worse than lost data in real time. TCP would stall everything to retransmit a missing packet, turning a 50-millisecond glitch into a multi-second freeze. UDP lets the application skip the gap - A brief artefact - And carry on at full speed.
Do TCP and UDP use the same ports?
They have separate, independent port spaces - TCP port 53 and UDP port 53 are different sockets that just share a number. DNS famously uses both. Firewall rules therefore specify protocol plus port, and a service can listen on one without the other.