TCP vs UDP: 3-Way Handshake, Congestion Control & Transport Mechanisms
---
1. TCP (Transmission Control Protocol)
TCP provides reliable, ordered, error-checked delivery of a stream of bytes between applications.
TCP Header Fields
| Field | Size | Purpose |
|---|---|---|
| Source Port | 16 bits | Sending process port number |
| Destination Port | 16 bits | Receiving process port number |
| Sequence Number | 32 bits | Byte offset of first byte in this segment |
| Acknowledgement Number | 32 bits | Next byte expected from the sender |
| Header Length | 4 bits | Size of TCP header in 32-bit words |
| Flags | 6 bits | SYN, ACK, FIN, RST, PSH, URG |
| Window Size | 16 bits | Receiver's available buffer space (flow control) |
| Checksum | 16 bits | Error detection for header + data |
| Urgent Pointer | 16 bits | Points to urgent data (if URG flag set) |
| Options | Variable | MSS, SACK, timestamp, window scaling |
TCP Flags
| Flag | Meaning | Usage |
|---|---|---|
| SYN | Synchronise sequence numbers | Connection establishment |
| ACK | Acknowledgement field is valid | After initial SYN |
| FIN | Sender finished sending | Connection teardown |
| RST | Reset connection | Error, abort connection |
| PSH | Push data to application immediately | Real-time data |
| URG | Urgent data present | Out-of-band data |
---
2. TCP 3-Way Handshake (Connection Establishment)
The 3-way handshake synchronises sequence numbers between client and server before data transfer begins.
Handshake Steps
| Step | Direction | Message | Purpose |
|---|---|---|---|
| 1 | Client → Server | SYN (seq=x) | Client proposes initial sequence number x |
| 2 | Server → Client | SYN-ACK (seq=y, ack=x+1) | Server proposes its sequence y; acknowledges x |
| 3 | Client → Server | ACK (ack=y+1) | Client acknowledges server's sequence y |
After step 3, the connection is established and data transfer begins.
Security note: SYN flood attacks exploit the half-open state during the handshake — server allocates resources after SYN but before the final ACK. SYN cookies prevent this by not allocating state until the handshake completes.
---
3. TCP 4-Way Teardown (Connection Termination)
| Step | Direction | Message | Purpose |
|---|---|---|---|
| 1 | Client → Server | FIN | Client done sending |
| 2 | Server → Client | ACK | Server acknowledges |
| 3 | Server → Client | FIN | Server done sending |
| 4 | Client → Server | ACK | Client acknowledges |
After step 4, the client enters TIME_WAIT state for 2 × MSL (Maximum Segment Lifetime, typically 2 minutes) to ensure the final ACK was received.
---
4. TCP Flow Control
Flow control prevents the sender from overwhelming the receiver's buffer.
TCP uses a sliding window mechanism:
- Receiver advertises its available buffer space as Window Size in each ACK
- Sender limits unacknowledged bytes to the receiver's window size
- If window = 0, sender stops and waits for a window update
Example:
- Receiver buffer = 65535 bytes; currently 30000 bytes in use
- Receiver advertises Window = 35535
- Sender can only send 35535 more bytes before waiting for ACKs
---
5. TCP Congestion Control
Congestion control prevents the sender from overwhelming the network (distinct from flow control which protects the receiver).
TCP Congestion Control Phases
| Phase | Mechanism | Behaviour |
|---|---|---|
| Slow Start | Exponential increase | CWND starts at 1 MSS; doubles each RTT |
| Congestion Avoidance | Additive Increase | CWND increases by 1 MSS per RTT (linear) |
| Fast Retransmit | 3 duplicate ACKs | Retransmit lost segment immediately |
| Fast Recovery | Skip Slow Start | Halve CWND, enter Congestion Avoidance |
Threshold (ssthresh):
- Initially high (e.g., 65535 bytes)
- On timeout:
ssthresh = CWND/2; restart Slow Start from 1 MSS - On 3 duplicate ACKs:
ssthresh = CWND/2; setCWND = ssthresh; enter Fast Recovery
AIMD (Additive Increase Multiplicative Decrease): The core TCP congestion algorithm — gradually increases sending rate; halves it on congestion signal.
---
6. UDP (User Datagram Protocol)
UDP provides a minimal, connectionless transport service — fast but unreliable.
UDP Header (Only 8 bytes!)
| Field | Size | Description |
|---|---|---|
| Source Port | 16 bits | Sending port |
| Destination Port | 16 bits | Receiving port |
| Length | 16 bits | Total UDP datagram length |
| Checksum | 16 bits | Error detection (optional in IPv4, mandatory in IPv6) |
When to Use UDP
Applications that prefer speed over reliability:
- DNS: Single query/response — retransmit manually if no reply
- VoIP/Video streaming: A late/retransmitted packet is useless; just play silence or skip frame
- Online gaming: Position updates sent at 60fps — old data is irrelevant by the time it could be retransmitted
- DHCP: Broadcast-based — can't use connection-oriented protocol before having an IP address
- TFTP (Trivial FTP): Implements its own simple reliability in the application layer
---
7. TCP vs UDP Summary Table
| Feature | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented (3-way handshake) | Connectionless |
| Reliability | Guaranteed (retransmission, ACKs) | Best-effort (no retransmission) |
| Ordering | Yes (sequence numbers) | No |
| Flow control | Yes (window size) | No |
| Congestion control | Yes (CWND, AIMD) | No |
| Header size | 20–60 bytes | 8 bytes |
| Delivery speed | Slower (overhead + ACK wait) | Faster |
| Use cases | HTTP, SMTP, FTP, SSH | DNS, VoIP, streaming, gaming |
Exam Tip: TCP 3-way handshake: SYN → SYN-ACK → ACK. TCP 4-way teardown: FIN → ACK → FIN → ACK. Flow control = protect receiver (window size). Congestion control = protect network (CWND). These are very high-frequency exam topics.
---
Study Deep: Why TCP Congestion Control Is Critical
- Internet stability: TCP's AIMD congestion control is why the internet doesn't collapse under load. Without it, all senders would transmit at maximum rate, causing router queues to fill and drop packets, which would cause even more retransmissions — a catastrophic feedback loop called congestion collapse.
- QUIC (HTTP/3): Google developed QUIC to overcome TCP's limitations — QUIC provides reliability, ordering, and congestion control over UDP, and eliminates TCP's head-of-line blocking. QUIC's connection establishment is faster (0-RTT for resumed connections).
- TCP BBR: Google's Bottleneck Bandwidth and Round-trip propagation time (BBR) algorithm replaces AIMD with a model-based approach that achieves higher throughput on high-bandwidth, high-latency links.