UDP (User Datagram Protocol)

UDP (User Datagram Protocol) is an alternative communications protocol to

Transmission Control Protocol (TCP) used primarily for establishing low-latency
and loss tolerating connections between applications on the Internet. Both UDP and
TCP run on top of the Internet Protocol (IP) and are sometimes referred to as UDP/IP
or TCP/IP. Both protocols send short packets of data, called datagrams.

UDP provides two services not provided by the IP layer. It provides port numbers to
help distinguish different user requests and, optionally, a checksum capability to
verify that the data arrived intact.

TCP has emerged as the dominant protocolused for the bulk of Internet connectivity
owing to services for breaking large data sets into individual packets, checking for
and resending lost packets and reassembling packets into the correct sequence. But
these additional services come at a cost in terms of additional data overhead, and
delays called latency.

In contrast, UDP just sends the packets, which means that it has much
lower bandwidthoverhead and latency. But packets can be lost or received out of
order as a result, owing to the different paths individual packets traverse between
sender and receiver.

UDP is an ideal protocol for network applications in which perceived latency is

critical such as gaming, voice and video communications, which can suffer some
data loss without adversely affecting perceived quality. In some cases, forward error
correction techniques are used to improve audio and video quality in spite of some
loss.

UDP can also be used in applications that require lossless data transmission when
the application is configured to manage the process of retransmitting lost packets
and correctly arranging received packets. This approach can help to improve the data
transfer rate of large files compared with TCP.

In the Open Systems Interconnection (OSI) communication model, UDP, like TCP,
is in layer 4, the Transport Layer. UDP works in conjunction with higher level
protocols to help manage data transmission services including Trivial File Transfer
Protocol (TFTP), Real Time Streaming Protocol (RTSP), Simple Network Protocol
(SNP) and Domain Name System (DNS) lookups.

User Datagram Protocol (UDP) is part of the Internet Protocol suite used by programs running on
different computers on a network. UDP is used to send short messages called datagrams but overall, it
is an unreliable, connectionless protocol. UDP is officially defined in RFC 768 and was formulated by
David P. Reed.

User datagram protocol is an open systems interconnection (OSI) transport layer protocol for
client- server network applications. UDP uses a simple transmission model but does not employ
handshaking dialogs for reliability, ordering and data integrity. The protocol assumes that
error-checking and correction is not required, thus avoiding processing at the network interface
level.
UDP is widely used in video conferencing and real-time computer games. The protocol permits
individual packets to be dropped and UDP packets to be received in a different order than that
in which they were sent, allowing for better performance.
UDP network traffic is organized in the form of datagrams, which comprise one message units.
The first eight bytes of a datagram contain header information, while the remaining bytes
contain message data. A UDP datagram header contains four fields of two bytes each:

 Source port number

 Destination port number
 Datagram size
 Checksum

Stands for "User Datagram Protocol." It is part of the TCP/IP suite of protocols used
for data transferring. UDP is a known as a "stateless" protocol, meaning it doesn't
acknowledge that the packets being sent have been received. For this reason, the
UDP protocol is typically used for streaming media. While you might see skips in
video or hear some fuzz in audio clips, UDP transmission prevents the playback
from stopping completely.

In this tutorial we will discuss the concept of Ports and how they work with IP
addresses. If you have not read our article on IP addresses and need a brush up, you
can find the article here. If you understand the concepts of IP addresses, then lets
move on to TCP and UDP ports and how they work.

The devices and comptuers connected to the Internet use a protocol called TCP/IP to
communicate with each other. When a computer in New York wants to send a piece
of data to a computer in England, it must know the destination IP address that it woud
like to send the information to. That information is sent most often via two methods,
UDP and TCP.
UDP? TCP? I know you are getting confused, but I promise I will explain this in very
basic terms so that you can understand this concept.

TCP stands for Transmission Control Protocol. Using this method, the computer
sending the data connects directly to the computer it is sending the data it to, and
stays connected for the duration of the transfer. With this method, the two computers
can guarantee that the data has arrived safely and correctly, and then they disconnect
the connection. This method of transferring data tends to be quicker and more reliable,
but puts a higher load on the computer as it has to monitor the connection and the
data going across it. A real life comparison to this method would be to pick up the
phone and call a friend. You have a conversation and when it is over, you both hang
up, releasing the connection.

UDP stands for User Datagram Protocol. Using this method, the computer sending the
data packages the information into a nice little package and releases it into the network
with the hopes that it will get to the right place. What this means is that UDP does not
connect directly to the receiving computer like TCP does, but rather sends the data
out and relies on the devices in between the sending computer and the receiving
computer to get the data where it is supposed to go properly. This method of
transmission does not provide any guarantee that the data you send will ever reach
its destination. On the other hand, this method of transmission has a very low overhead
and is therefore very popular to use for services that are not that important to work on
the first try. A comparison you can use for this method is the plain old US Postal
Service. You place your mail in the mailbox and hope the Postal Service will get it to
the proper location. Most of the time they do, but sometimes it gets lost along the way.

Now that you understand what TCP and UDP are, we can start discussing TCP and
UDP ports in detail. Lets move on to the next section where we can describe the
concept of ports better.

As you know every computer or device on the Internet must have a unique number
assigned to it called the IP address. This IP address is used to recognize your
particular computer out of the millions of other computers connected to the Internet.
When information is sent over the Internet to your computer how does your computer
accept that information? It accepts that information by using TCP or UDP ports.

An easy way to understand ports is to imagine your IP address is a cable box and the
ports are the different channels on that cable box. The cable company knows how to
send cable to your cable box based upon a unique serial number associated with that
box (IP Address), and then you receive the individual shows on different channels
(Ports).

Ports work the same way. You have an IP address, and then many ports on that IP
address. When I say many, I mean many. You can have a total of 65,535 TCP Ports
and another 65,535 UDP ports. When a program on your computer sends or receives
data over the Internet it sends that data to an ip address and a specific port on the
remote computer, and receives the data on a usually random port on its own computer.
If it uses the TCP protocol to send and receive the data then it will connect and bind
itself to a TCP port. If it uses the UDP protocol to send and receive data, it will use a
UDP port. Figure 1, below, is a represenation of an IP address split into its many TCP
and UDP ports. Note that once an application binds itself to a particular port, that port
can not be used by any other application. It is first come, first served.

<-------------------- 192.168.1.10 -------------------->

0 1 2 3 4 5 .. .. .. .. .. .. .. .. 65531 65532 65533 65534 65535

Figure 1. IP address with Ports

This all probably still feels confusing to you, and there is nothing wrong with that, as
this is a complicated concept to grasp. Therefore, I will give you an example of how
this works in real life so you can have a better understanding. We will use web servers
in our example as you all know that a web server is a computer running an application
that allows other computers to connect to it and retrieve the web pages stored there.

In order for a web server to accept connections from remote computers, such as
yourself, it must bind the web server application to a local port. It will then use this port
to listen for and accept connections from remote computers. Web servers typically
bind to the TCP port 80, which is what the http protocol uses by default, and then will
wait and listen for connections from remote devices. Once a device is connected, it
will send the requested web pages to the remote device, and when done disconnect
the connection.

On the other hand, if you are the remote user connecting to a web server it would work
in reverse. Your web browser would pick a random TCP port from a certain range of
port numbers, and attempt to connect to port 80 on the IP address of the web server.
When the connection is established, the web browser will send the request for a
particular web page and receive it from the web server. Then both computers will
disconnect the connection.

Now, what if you wanted to run an FTP server, which is a server that allows you to
transfer and receive files from remote computers, on the same web server. FTP
servers use TCP ports 20 and 21 to send and receive information, so you won't have
any conflicts with the web server running on TCP port 80. Therefore, the FTP server
application when it starts will bind itself to TCP ports 20 and 21, and wait for
connections in order to send and receive data.
Most major applications have a specific port that they listen on and they register this
information with an organization called IANA. You can see a list of applications and
the ports they use at the IANA Registry. With developers registering the ports their
applications use with IANA, the chances of two programs attempting to use the same
port, and therefore causing a conflict, will be diminished.

he User Datagram Protocol (UDP) is a transport layer protocol defined for use with
the IP network layer protocol. It is defined by RFC 768 written by John Postel. It
provides a best-effort datagram service to an End System (IP host).

The service provided by UDP is an unreliable service that provides no guarantees

for delivery and no protection from duplication (e.g. if this arises due to software
errors within an Intermediate System (IS)). The simplicity of UDP reduces the
overhead from using the protocol and the services may be adequate in many cases.

UDP provides a minimal, unreliable, best-effort, message-passing transport to

applications and upper-layer protocols. Compared to other transport protocols, UDP
and its UDP-Lite variant are unique in that they do not establish end-to-end
connections between communicating end systems. UDP communication
consequently does not incur connection establishment and teardown overheads and
there is minimal associated end system state. Because of these characteristics, UDP
can offer a very efficient communication transport to some applications, but has no
inherent congestion control or reliability. A second unique characteristic of UDP is
that it provides no inherent On many platforms, applications can send UDP
datagrams at the line rate of the link interface, which is often much greater than the
available path capacity, and doing so would contribute to congestion along the path,
applications therefore need to be designed responsibly [RFC 4505].

One increasingly popular use of UDP is as a tunneling protocol, where a tunnel

endpoint encapsulates the packets of another protocol inside UDP datagrams and
transmits them to another tunnel endpoint, which decapsulates the UDP datagrams
and forwards the original packets contained in the payload. Tunnels establish virtual
links that appear to directly connect locations that are distant in the physical Internet
topology, and can be used to create virtual (private) networks. Using UDP as a
tunneling protocol is attractive when the payload protocol is not supported by
middleboxes that may exist along the path, because many middleboxes support UDP
transmissions.

UDP does not provide any communications security. Applications that need to
protect their communications against eavesdropping, tampering, or message forgery
therefore need to separately provide security services using additional protocol
mechanisms.
Protocol Header

A computer may send UDP packets without first establishing a connection to the
recipient. A UDP datagram is carried in a single IP packet and is hence limited to a
maximum payload of 65,507 bytes for IPv4 and 65,527 bytes for IPv6. The
transmission of large IP packets usually requires IP fragmentation. Fragmentation
decreases communication reliability and efficiency and should theerfore be avoided.

To transmit a UDP datagram, a computer completes the appropriate fields in the

UDP header (PCI) and forwards the data together with the header for transmission
by the IP network layer.

The UDP protocol header consists of 8 bytes of Protocol Control Information (PCI)

The UDP header consists of four fields each of 2 bytes in length:

 Source Port (UDP packets from a client use this as a service access point
(SAP) to indicate the session on the local client that originated the packet.
UDP packets from a server carry the server SAP in this field)
 Destination Port (UDP packets from a client use this as a service access point
(SAP) to indicate the service required from the remote server. UDP packets
from a server carry the client SAP in this field)
 UDP length (The number of bytes comprising the combined UDP header
information and payload data)
 UDP Checksum (A checksum to verify that the end to end data has not been
corrupted by routers or bridges in the network or by the processing in an
end system. The algorithm to compute the checksum is the Standard
Internet Checksum algorithm. This allows the receiver to verify that it was
the intended destination of the packet, because it covers the IP addresses,
port numbers and protocol number, and it verifies that the packet is not
truncated or padded, because it covers the size field. Therefore, this protects
an application against receiving corrupted payload data in place of, or in
addition to, the data that was sent. In the cases where this check is not
required, the value of 0x0000 is placed in this field, in which case the data is
not checked by the receiver.

Like for other transport protocols, the UDP header and data are not processed
by Intermediate Systems (IS) in the network, and are delivered to the final
destination in the same form as originally transmitted.
 At the final destination, the UDP protocol layer receives packets from
the IP network layer. These are checked using the checksum (when >0, this
checks correct end-to-end operation of the network service) and all invalid PDUs
are discarded. UDP does not make any provision for error reporting if the packets
are not delivered. Valid data are passed to the appropriate session layer protocol
identified by the source and destination port numbers (i.e. the session service
access points).

UDP and UDP-Lite also may be used for multicast and broadcast, allowing
senders to transmit to multiple receivers.

Using UDP

Application designers are generally aware that UDP does not provide any
reliability, e.g., it does not retransmit any lost packets. Often, this is a main reason
to consider UDP as a transport. Applications that do require reliable message
delivery therefore need to implement appropriate protocol mechanisms in their
applications (e.g. tftp).

UDP's best effort service does not protect against datagram duplication, i.e., an
application may receive multiple copies of the same UDP datagram. Application
designers therefore need to verify that their application gracefully handles
datagram duplication and may need to implement mechanisms to detect
duplicates.

The Internet may also significantly delay some packets with respect to others,
e.g., due to routing transients, intermittent connectivity, or mobility. This can
cause reordering, where UDP datagrams arrive at the receiver in an order
different from the transmission order. Applications that require ordered delivery
must restore datagram ordering themselves.

The burdon of needing to code all these protocol mechanims can be avoided by
using TCP!

Ports

Generally, clients set the source port number to a unique number that they choose
themselves - usually based on the program that started the connection. Since this
number is returned by the server in responses, this lets the sender know which
"conversation" incoming packets are to be sent to. The destination port of packets
sent by the client is usually set to one of a number of well-known ports. These usually
correspond to one of a number of different applications, e.g. port 23 is used for telnet,
and port 80 is used for web servers.
A server process (program), listens for UDP packets received with a particular well-
known port number and tells its local UDP layer to send packets matching this
destination port number to the server program. It determines which client these
packets come from by examining the received IP source address and the received
unique UDP source port number. Any responses which the server needs to send to
back to a client are sent with the source port number of the server (the well-known
port number) and the destination port selected by the client. Most people do not
memorise the well known ports, instead they look them up in table (e.g. see below).

20 FTP-DATA File Transfer [Default Data]

21 FTP File Transfer [Control]
23 TELNET Telnet
25 SMTP Simple Mail Transfer
37 TIME Time
69 TFTP Trivial File Transfer
79 FINGER Finger
110 POP3 Post Office Protocol v 3
123 NTP Network Time Protocol
143 IMAP2 Interim Mail Access Prot. v2
161 SNMP Simple Network Man. Prot.

Some well-known UDP/IP port numbers

(a full list is provided in the link at the bottom of this page).

If a client/server application executes on a host with more than one IP interface, the
application needs to ensure that it sends any UDP responses with an IP source
address that matches the IP destination address of the UDP datagram that carried the
request.
Networking Basics: TCP, UDP, TCP/IP and
OSI Model
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite was created
by the U.S. Department of Defense (DoD) to ensure that communications could
survive any conditions and that data integrity wouldn't be compromised under
malicious attacks.

The Open Systems Interconnection Basic Reference Model (OSI Model) is an

abstract description for network protocol design, developed as an effort to standardize
networking.

In this article, I will present the differences between the DoD and the OSI models and
then provide details about the DoD's version of TCP/IP. I will also describe the
protocols used at the various layers of the DoD model and provide you with the details
of TCP and UDP protocols. Throughout this article you will find useful information
concerning the protocol suite of the century: TCP/IP.

So if you're preparing for your CCENT or CCNA exams, or if you're just interested in
networking, this is one article you don't want to miss! Fasten your seat belts and have
a good ride!

TCP/IP and the OSI Model

Comparison
Let's Start by Comparing TCP/IP and the OSI Models. The TCP/IP model is basically
a shorter version of the OSI model. It consists of four instead of seven layers. Despite
their architectural differences, both models have interchangeable transport and
network layers and their operation is based upon packet-switched technology. The
diagram below indicates the differences between the two models:
 Application Layer: The Application layer deals with representation, encoding and dialog
control issues. All these issues are combined together and form a single layer in the TCP/IP
model whereas three distinctive layers are defined in the OSI model.

 Host-to-Host: Host-to-Host protocol in the TCP/IP model provides more or less the same
services with its equivalent Transport protocol in the OSI model. Its responsibilities include
application data segmentation, transmission reliability, flow and error control.

 Internet: Again Internet layer in TCP/IP model provides the same services as the OSIs
Network layer. Their purpose is to route packets to their destination independent of the
path taken.

 Network Access: The network access layer deals with all the physical issues concerning
data termination on network media. It includes all the concepts of the data link and physical
layers of the OSI model for both LAN and WAN media.
The diagram below shows clearly the way TCP/IP protocol suite relates to the TCP/IP
model.

Host-to-Host Layer Protocols

Two protocols: Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP) are defined for transmitting datagrams. We will look at the details of
both these protocols as well as their interaction with the upper layer.
Transmission Control Protocol
(TCP)
TCP is connection-oriented in the sense that prior to transmission end points need to
establish a connection first. TCP protocol data units are called segments. The sending
and receiving TCP entities exchange data in the form of segments, which consist of a
fixed 20-byte header followed by a variable size data field.

TCP is responsible for breaking down a stream of bytes into segments and
reconnecting them at the other end, retransmitting whatever might be lost and also
organizing the segments in the correct order. The segment size is restricted by the
maximum transfer unit (MTU) of the underlying link layer technology (MTU is generally
1500 bytes which is the maximum payload size of the Ethernet).

The image below shows the TCP segment format. The most important fields are
explained further on.
 Source Port and Destination Port fields together identify the two local end points of the
particular connection. A port plus its hosts' IP address forms a unique end point. Ports are
used to communicate with the upper layer and distinguish different application sessions on
the host.

 The Sequence Number and Acknowledgment Number fields specify bytes in the byte
stream. The sequence number is used for segment differentiation and is useful for
reordering or retransmitting lost segments. The Acknowledgment number is set to the next
segment expected.

 Data offset or TCP header length indicates how many 4-byte words are contained in the
TCP header.

 The Window field indicates how many bytes can be transmitted before an
acknowledgment is received.

 The Checksum field is used to provide extra reliability and security to the TCP segment.

 The actual user data are included after the end of the header.
Let's have a look at how a TCP segment is captured by Ethereal network analyzer.
The image below shows a request-response message sequence carried over TCP.
Notice the fields discussed above: Source Port, Destination Port, Sequence number,
Acknowledgement number, Window size and checksum.

User Datagram Protocol (UDP)

UDP protocol consists of fewer fields compared to TCP. The reason for that is because
certain data types do not require reliable delivery and extra overhead. Real-time traffic
for example, needs to be transported in an efficient way without error correction and
retransmission mechanisms.
UDP is considered to be a connectionless protocol. It leaves reliability to be handled
by the application layer. All it cares about is fast transmission. The UDP segment
format is presented in the diagram below:

Let's see how a UDP segment is captured by Ethereal. Notice the small header size.

Which One Should You Use?

Choosing the right transport protocol to use depends on the type of data to be
transferred. For information that needs reliability, sequence transmission and data
integrity -- TCP is the transport protocol to use. For data that require real-time
transmission with low overhead and less processing -- UDP is the right choice.
The following table summarizes the key-characteristics of each one of these protocols.
Keep them in mind when choosing the transport protocol for your data.