oryk0

oryk0

Ethical Hacker and CyberSecurity Analyst
RedTeam

TCP vs UDP

TCP (Transmission Control Protocol)

TCP is a protocol orientated in connections, most of the dispositives use this protocol to connect to internet. Provides error checking, ensure data delivery and packages are delivered in the order they were sent as well.

In this protocol we have something called “Three way handshake”, what is this? well the three way handshake is basically the three steps that the TCP protocol follow for send data or package, you can see it with with the command “wireshark” and you’re going to see something like this: (SYS)>(SYS ACK)>(ACK) where SYS is a flag that shows you the connection by sending a synchronization request to the remote endpoint. ACK is a short for “acknowledgment”, an ACK packet is any TCP package that acknowledges receiving a message or series of packets.

To see how this works we can listen on port 4646 with netcat command (“nc”) and connect from another terminal to our own computer through the port 4646.

After connecting with your commputer you will run the command “wireshark” in another terminal:

As you can see, there’s showing you the SYS and ACK how they works, basically in easy words, imagine that you met your friend in a commercial shop and you walk to him to talk with him, after that he heards you and after that he responds you and he keep talking with you; well you are “SYS” and your friend is “ACK”.

Most commond ports in this protocols

Common TCP ports:

- 21: FTP (File Transfer Protocol), allows files transfers between systems.
- 22: SSH (Secure Shell), secure net protocol that allows the users to connect and administer manage systems remote. 
- 23: Telnet, protocol used for remote connections with dispositives.
- 80: HTTP (Hypertext Transfer Protocol), protocol used for transfer data in the World Wide Web.
- 443: HTTPS (Hypertext Transfer Protocol Secure), it's the secure version of HTTP, that use encryption SSL/TLS for protect web comunications.

Common UDP ports:

- 53: DNS (Domain Name System), a system that translate dominians names in an IP address.
- 67/68: DHCP (Dynamic Host Configuration Protocol), a protocol used for assign IP addresses and other configuration parameters to devices on a network.
- 69: TFTP (Trivial File Transfer Protocol), a simple protocol used for transferring files between devices on a network.
- 123: NTP(Network Time Protocol), a protocol used for synchronize the clocks of devices on a network.
- 161: SNMP (Simple Network Management Protocol), a protocol used for manage and monitor devices on a network.

Obviously that these are just some of the most common. There are many more ports which operate through both TCP and UDP.