TCP vs UDP & Common Ports¶
Both are Layer 4 (Transport) protocols — see OSI Model — responsible for getting data to the right application on a host, once IP has already gotten it to the right host. Ports are how that final delivery is targeted.
TCP (Transmission Control Protocol)¶
Connection-oriented and reliable — TCP guarantees delivery, order, and error recovery, at the cost of overhead.
Three-Way Handshake¶
Every TCP connection starts with a handshake before any application data flows:
Client → Server: SYN (Client: "let's connect, my starting sequence number is X")
Server → Client: SYN-ACK (Server: "acknowledged, here's my starting sequence number Y")
Client → Server: ACK (Client: "acknowledged" — connection established)
Teardown¶
Client → Server: FIN (Client: "I'm done sending")
Server → Client: ACK
Server → Client: FIN (Server: "I'm done too")
Client → Server: ACK (connection closed)
Reliability Features¶
- Sequence numbers — every byte is numbered, so the receiver can reorder out-of-sequence packets and detect gaps
- Acknowledgments — the receiver confirms what it's received; unacknowledged data gets retransmitted
- Flow control — the receiver advertises a window size, throttling the sender to avoid overwhelming it
UDP (User Datagram Protocol)¶
Connectionless and unreliable by design — no handshake, no guaranteed delivery, no ordering, no retransmission. Much lower overhead than TCP, which is exactly why it's chosen for latency-sensitive or high-volume traffic where an app-layer protocol handles reliability itself (or doesn't need it):
- DNS queries (a lost query just gets retried by the resolver)
- VoIP / video calls (a late retransmitted packet is worse than a dropped one)
- DHCP
- SNMP
TCP vs UDP — Quick Comparison¶
| TCP | UDP | |
|---|---|---|
| Connection | Connection-oriented (handshake) | Connectionless |
| Reliability | Guaranteed delivery, ordering | Best-effort, no guarantees |
| Overhead | Higher (headers, ACKs, retransmits) | Lower |
| Typical use | Web, email, file transfer, SSH | DNS, DHCP, VoIP, streaming, SNMP |
Common Ports¶
| Port | Protocol | Service |
|---|---|---|
| 20/21 | TCP | FTP (data/control) |
| 22 | TCP | SSH |
| 23 | TCP | Telnet (avoid — see SSH Management Only) |
| 25 | TCP | SMTP (email sending) |
| 53 | TCP/UDP | DNS |
| 67/68 | UDP | DHCP (server/client) |
| 80 | TCP | HTTP |
| 110 | TCP | POP3 |
| 123 | UDP | NTP |
| 143 | TCP | IMAP |
| 161/162 | UDP | SNMP (agent/trap) |
| 443 | TCP | HTTPS |
| 3389 | TCP | RDP |
Why This Matters on Cisco Gear¶
Port numbers are exactly what Access Control Lists filter on when you need more than IP-based rules:
ip access-list extended MGMT_ONLY
permit tcp any host 10.0.99.10 eq 22
permit tcp any host 10.0.99.10 eq 443
deny tcp any host 10.0.99.10 eq 23
eq 22 matches TCP port 22 (SSH) specifically — this is how you allow management access over SSH/HTTPS while explicitly blocking Telnet, without blocking the host's IP entirely.