TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two Transport layer protocols tested on CompTIA Network+ N10-009. You must understand their characteristics, when each is appropriate, the TCP three-way handshake, and which application protocols use TCP vs UDP. Questions ask you to match protocols to use cases, explain why an application uses UDP, or identify what TCP provides that UDP does not.
Practice this topic
TCP is connection-oriented — before data transfer, a session is established using the three-way handshake: (1) SYN — client sends synchronize to server. (2) SYN-ACK — server acknowledges and sends its own synchronize. (3) ACK — client acknowledges. The session is now established. Termination uses a four-way FIN/ACK sequence.
TCP guarantees delivery by requiring acknowledgment (ACK) for every segment. If an ACK is not received within a timeout period, the sender retransmits. TCP provides: ordered delivery (sequence numbers ensure correct reassembly), error detection (checksum), flow control (window size — prevents overwhelming receiver), and congestion control (reduces transmission rate when network is congested).
TCP port numbers identify applications. Source port: a random high-numbered port chosen by the client for this session (ephemeral port, typically 1024–65535). Destination port: the well-known port of the service (80 for HTTP, 443 for HTTPS). The combination of source IP, source port, destination IP, and destination port (the four-tuple or socket pair) uniquely identifies each TCP connection.
UDP is connectionless — it sends data without establishing a session first. No handshake, no acknowledgment, no guaranteed delivery, no ordering. UDP is a 'fire and forget' protocol. This makes UDP significantly faster and lower latency than TCP — there is no round-trip handshake overhead before data starts flowing.
When to use UDP: real-time applications where speed matters more than guaranteed delivery — VoIP, video streaming, online gaming, DNS queries. A lost voice packet is better discarded than retransmitted (retransmitting old audio causes glitching). DNS queries are typically one UDP request and one UDP response — connection overhead would waste time. TFTP and DHCP also use UDP.
Applications can build their own reliability on top of UDP when needed. QUIC (used in HTTP/3) is a modern protocol that implements reliable, multiplexed transport over UDP, combining UDP's speed with TCP-like reliability and TLS encryption.
Choose TCP when: data integrity is critical (file transfers, web pages, email, database queries), ordered delivery matters, or the application cannot tolerate missing data. Choose UDP when: low latency is critical (voice/video), some data loss is acceptable, the application implements its own error handling, or the transaction is a single request-response (DNS, DHCP, SNMP, TFTP).
Common exam question: 'Which protocol should be used for a VoIP application?' Answer: UDP — because even a small retransmission delay causes audible glitching, and a lost voice packet is simply skipped. Similarly: 'Which protocol ensures all data is received and in order?' Answer: TCP.
| Feature | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented (handshake) | Connectionless |
| Reliability | Guaranteed delivery (ACK) | Best effort, no guarantee |
| Ordering | Guaranteed (sequence numbers) | Not guaranteed |
| Speed | Slower (overhead) | Faster (minimal overhead) |
| Flow control | Yes (window size) | No |
| Error recovery | Yes (retransmission) | No (application must handle) |
| Use cases | HTTP, FTP, SSH, email, LDAP | DNS, DHCP, VoIP, video, TFTP |
UDP is unreliable so it should never be used for important applications
UDP is used intentionally for real-time applications where latency matters more than occasional data loss. VoIP, video conferencing, DNS, and online gaming all rely on UDP's speed
TCP is always better than UDP
TCP's overhead (handshake, ACKs, retransmission) adds latency. For real-time applications, UDP's speed outweighs reliability — a retransmitted voice packet arriving late is useless and causes audio glitching
DNS only uses UDP
DNS uses UDP port 53 for standard queries (fast, small requests). DNS uses TCP port 53 for zone transfers (full zone data is too large for a single UDP packet) and responses exceeding 512 bytes
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A network engineer is configuring QoS for VoIP traffic. Which Transport layer protocol does VoIP use, and why?
Explanation: VoIP uses UDP because low latency is critical for audio quality. If a voice packet is lost, retransmitting it would arrive too late to be useful and would cause audio glitching. It is better to skip the packet (resulting in a brief gap) than to delay all subsequent audio waiting for a retransmission. UDP's connectionless nature also eliminates handshake overhead.
Which step of the TCP three-way handshake is initiated by the server in response to the client's first message?
Explanation: The TCP three-way handshake: (1) Client sends SYN. (2) Server responds with SYN-ACK (acknowledging the client's SYN and sending its own synchronize). (3) Client sends ACK to acknowledge the server's SYN. The SYN-ACK is the server's response to the initial client SYN.
A port is a logical endpoint for a service on a device (e.g., TCP port 80 on a web server). A socket is the combination of an IP address and port number (e.g., 192.168.1.10:80). A socket pair (client IP:port + server IP:port) uniquely identifies one TCP connection. A server can have thousands of simultaneous connections all on port 80 because each has a unique client IP:port combination.
Try free TCP vs UDP practice questions with explanations, topic links and progress tracking.