TCP is a connection-oriented protocol, whereas UDP is a connectionless protocol. TCP is comparatively slower than UDP (much faster, simpler, and efficient protocol). However, retransmission of lost data packets is only possible with TCP.

TCP 3-way handshake process

  1. SYN: The process starts with the client sending a TCP packet with the SYN (Synchronize Sequence Number) flag set to the server. This is a request to establish a connection. The client also sends a random sequence number (let's call it X) that it will use as a starting point for its sequence numbers.
  2. SYN + ACK: Upon receiving the SYN packet, the server acknowledges the request to establish a connection by sending a packet back to the client with the SYN and ACK (Acknowledgement) flags set. The ACK number will be the client's sequence number (X) plus 1, acknowledging that it expects the next packet's sequence number from the client to be X+1. The server also sends its own random sequence number (let's call it Y).
  3. ACK: Finally, the client responds back with a packet with the ACK flag set. The sequence number will be X+1 (as this was the expected sequence number the server had acknowledged), and the ACK number will be the server's sequence number (Y) plus 1, acknowledging the server's sequence number and that it expects the next packet from the server to be Y+1.

Common TCP/UDP Ports Protocols

Protocol (TCP) Port Number Description
FTP 20/21 Login to the server, we can put a file or we can get a file.
SSH 22 Secure Telnet.
Telnet 23 Ability to login to a machine remotely.
SMTP 25 SMTP is used for two primary functions, it is used to transfer mail (email) from source to destination between mail servers and it is used by end users to send email to a mail system.
HTTP 80 Main protocol used by web browsers and is thus used by any client that uses files located on these servers.
POP3 110 POPv3 is one of the two main protocols used to retrieve mail from a server.
IMAP 143 IMAPv3 is the second of the main protocols used to retrieve mail from a server.
HTTPS 443 HTTPS is used in conjunction with HTTP to provide the same services but doing it using a secure connection.
SMB (Samba) 139+445 Communication protocol that Microsoft created for providing shared access to files and printers across nodes on a network.
Protocol (UDP) Port Number Description
DHCP 67/68 DHCP is used on networks that do not use static IP address assignment (almost all of them).
TFTP 69 Method of file transfer without the session establishment requirements that FTP uses.
Protocol (TCP/UDP) Port Number Description
DNS 53 To translate domain names into IP addresses.
SNMP 161/162 Internet Standard protocol for collecting and organizing information about managed devices on IP networks.

TCP 4-way handshake (TCP connection termination)

  1. FIN: The process starts with the device that wants to close the connection, often referred to as the client, sending a TCP packet with the FIN (Finish) flag set to the other device, often referred to as the server. This packet is saying "I have no more data to send." The client then waits for an acknowledgment from the server.
  2. ACK: Upon receiving the FIN packet, the server sends an ACK (Acknowledgement) back to the client, acknowledging the receipt of the FIN to close the connection from the client side. This packet says, "I acknowledge that you want to close the connection." At this point, the connection is half-closed, and the server can still send data.
  3. FIN: Once the server has finished sending all of its remaining data, it will send its own TCP packet with the FIN flag set. This is saying "I also have no more data to send, and I understand you have no more data to send."
  4. ACK: Finally, the client sends an ACK back to the server. This last ACK says, "I acknowledge your decision to close the connection as well."