# Day 30: TCP and UDP

# CCNA 200-301 Study Guide: Transport Layer (Layer 4)

## 1.0 The Role of the Transport Layer (Layer 4)

The Transport Layer serves as the bridge between application-level protocols and the network-level protocols responsible for routing. It manages the end-to-end conversation between applications on different hosts.

### 1.1 Core Functions

- Session Multiplexing: Allows a host to handle multiple simultaneous sessions (e.g., multiple browser tabs) by assigning unique source port numbers to each session.
- Application Identification: Uses destination port numbers to direct incoming data to the correct service (e.g., Port 80 for HTTP).
- Segmentation: Breaks large data streams into smaller "segments" that fit within the network's Maximum Transmission Unit (MTU).

## 2.0 Deep Dive: TCP (Transmission Control Protocol)

TCP is connection-oriented and designed for applications that require absolute data integrity. It has a 20-byte header.

### 2.1 Key Characteristics

- Reliable: Uses acknowledgments (ACKs) and retransmissions for lost data.
- Ordered: Uses Sequence Numbers to ensure data is reassembled in the correct order.
- Flow Control: Uses Windowing to prevent a sender from overwhelming a receiver.

### 2.2 Connection Management

- The Three-Way Handshake (Establishment):
1. SYN: Client sends a request to synchronize.
2. SYN-ACK: Server acknowledges and requests a return connection.
3. ACK: Client acknowledges the server.

- The Four-Way Handshake (Termination): Uses FIN and ACK flags to gracefully close both sides of the virtual circuit.

### 2.3 Reliability Mechanisms

- Forward Acknowledgment: The ACK number indicates the next byte expected (e.g., if you receive byte 1000, you send ACK 1001).
- Sliding Window: A dynamic flow control mechanism that adjusts how much data can be sent before an ACK is required based on network conditions.

## 3.0 Deep Dive: UDP (User Datagram Protocol)

UDP is connectionless and prioritizes speed over reliability. It has a lightweight 8-byte header.

### 3.1 Key Characteristics

- Best-Effort Delivery: No acknowledgments, no retransmissions, and no sequencing.
- Low Overhead: No connection setup delay (no handshake).
- No Flow Control: Sends data as fast as the application allows.

### 3.2 Strategic Use Cases

Ideal for real-time traffic like VoIP and Video Streaming, where a dropped packet is better than a delayed/retransmitted one that causes jitter.

## 4.0 Head-to-Head Comparison: TCP vs. UDP

<div align="left" dir="ltr" id="bkmrk-feature-tcp-udp-type"><table><colgroup><col width="130"></col><col width="228"></col><col width="194"></col></colgroup><tbody><tr><td>Feature

</td><td>TCP

</td><td>UDP

</td></tr><tr><td>Type

</td><td>Connection-Oriented

</td><td>Connectionless

</td></tr><tr><td>Handshake

</td><td>Yes (3-Way)

</td><td>No

</td></tr><tr><td>Reliability

</td><td>Reliable (ACKs/Retransmits)

</td><td>Unreliable (Best-effort)

</td></tr><tr><td>Sequencing

</td><td>Yes

</td><td>No

</td></tr><tr><td>Flow Control

</td><td>Yes (Sliding Window)

</td><td>No

</td></tr><tr><td>Header Size

</td><td>20 Bytes

</td><td>8 Bytes

</td></tr><tr><td>Common Uses

</td><td>HTTP, FTP, SMTP, SSH

</td><td>VoIP, DNS, DHCP, SNMP

</td></tr></tbody></table>

</div>## 5.0 Layer 4 Addressing: Port Numbers

Ports are 16-bit addresses (0 – 65,535) used to identify specific application processes.

### 5.1 Port Number Ranges

- Well-Known Ports (0 – 1,023): Common services (HTTP, SSH, etc.).
- Registered Ports (1,024 – 49,151): Assigned for specific vendor applications.
- Ephemeral Ports (49,152 – 65,535): Temporary source ports used by clients.

### 5.2 Essential Well-Known Ports for the CCNA

<div align="left" dir="ltr" id="bkmrk-protocol-port%28s%29-tra"><table><colgroup><col width="86"></col><col width="86"></col><col width="96"></col><col width="265"></col></colgroup><tbody><tr><td>Protocol

</td><td>Port(s)

</td><td>Transport

</td><td>Description

</td></tr><tr><td>FTP

</td><td>20, 21

</td><td>TCP

</td><td>File Transfer (21-Control, 20-Data)

</td></tr><tr><td>SSH

</td><td>22

</td><td>TCP

</td><td>Secure Remote Access

</td></tr><tr><td>Telnet

</td><td>23

</td><td>TCP

</td><td>Unencrypted Remote Access

</td></tr><tr><td>SMTP

</td><td>25

</td><td>TCP

</td><td>Sending Email

</td></tr><tr><td>DNS

</td><td>53

</td><td>UDP/TCP

</td><td>Name Resolution

</td></tr><tr><td>DHCP

</td><td>67, 68

</td><td>UDP

</td><td>Dynamic IP Assignment

</td></tr><tr><td>TFTP

</td><td>69

</td><td>UDP

</td><td>Trivial FTP

</td></tr><tr><td>HTTP

</td><td>80

</td><td>TCP

</td><td>Web Browsing (Cleartext)

</td></tr><tr><td>POP3

</td><td>110

</td><td>TCP

</td><td>Retrieving Email

</td></tr><tr><td>SNMP

</td><td>161, 162

</td><td>UDP

</td><td>Network Management

</td></tr><tr><td>HTTPS

</td><td>443

</td><td>TCP

</td><td>Secure Web Browsing

</td></tr><tr><td>Syslog

</td><td>514

</td><td>UDP

</td><td>System Logging

</td></tr></tbody></table>

</div>## 6.0 Practical Context &amp; Key Exam Takeaways

### 6.1 Session Tracking

- Request: Source Port: 51234 (Ephemeral) $\\rightarrow$ Destination Port: 80 (Well-Known).
- Reply: Source Port: 80 $\\rightarrow$ Destination Port: 51234.
- The reversal of port numbers is how a host keeps track of distinct conversations.

### 6.2 The DNS Exception

DNS primarily uses UDP 53 for speed. However, it switches to TCP 53 if the response exceeds 512 bytes or during Zone Transfers between servers.

### 6.3 Core Analogy

- TCP is a Certified Letter: Requires a signature, has tracking, and pages are numbered.
- UDP is a Postcard: Fast and cheap; you drop it in the mail and hope it arrives.