Transport Layer – UDP & TCP

Administrative / Contextual Points

  • Quiz 1 deadline: 13th of the month (end of the week)

    • Multiple-choice + one numerical/free-text answer

    • Includes a small Wireshark capture analysis; all required theory already covered.

  • DNS slides from last week were skipped; lecturer will cover them in the Wednesday session because DNS relies on UDP.

Layered Model Refresher

  • Application layer (previous week): message exchange between applications (e.g., browser ︎ web server).

  • Transport layer (this week):

    • Offers process-to-process delivery inside the two hosts.

    • Encapsulates application messages into segments.

  • Network layer (next week): host-to-host delivery (IP datagrams).

Fundamental Transport-Layer Functions

  • Multiplexing / Demultiplexing

    • Multiple application processes share the same network interface.

    • Transport layer tags each segment with source port and destination port so the receiver can demultiplex to correct socket.

  • Encapsulation order (outer to inner): Frame (L2) → IP Datagram (L3) → TCP/UDP Segment (L4) → Application Message (L5+).

Ports & Sockets

  • Ports are 16-bit numbers ⇒ range 0–65535.

    • <1024 ⇒ well-known / privileged ports (need root/admin to bind on Unix-like OSs).

    • Examples: HTTP 80, HTTPS 443, SMTP 25, SSH 22, DNS 53, RDP 3389.

  • Ephemeral port: random high port chosen by client for a single session (e.g.

    63251 in the DNS example).

  • Sockets

    • UDP: identified by .

    • TCP: identified by 4-tuple because each connection is unique.

Connection Paradigms

User Datagram Protocol (UDP)

Key Characteristics

  • Defined in RFC 768 (1980s).

  • Message-oriented; each application message ≈ one UDP datagram.

  • Header (8 B):

0               15 16              31
  +---------------+---------------+
  | Src Port      | Dst Port      |
  +---------------+---------------+
  | Length        | Checksum      |
  +---------------+---------------+
  |  Data  (payload) ...          |

  • Optional checksum (many implementations set to 0 for speed).

  • No handshaking ⇒ zero startup latency.

  • No retransmissions / ordering / congestion control.

Benefits

  • Very small header ⇒ minimal overhead.

  • Extremely fast; ideal for latency-sensitive traffic.

  • Apps free to send arbitrarily fast (no CC throttling).

Drawbacks

  • Packet may be lost, duplicated, or re-ordered with no automatic fix.

  • Large payloads cause IP fragmentation (inefficient & loss-prone).

Design Pattern

  • If reliability needed, application layer adds:

    • Timeout + retry (e.g.

      DNS repeats query after 2 s).

    • Sequence numbers or FEC at app level (e.g.

      QUIC, RTP).

Typical UDP Use-Cases

  • Tiny request/response protocols:

    • DNS, DHCP, NTP.

  • Loss-tolerant real-time traffic:

    • VoIP, video/voice chat (Zoom media stream), on-line games.

  • Tunnelling / VPN (e.g.

    WireGuard) for speed.

When NOT to use UDP

  • File transfer, software downloads, e-mail, login sessions—anything that must arrive bit-perfect.

Wireshark Example (DNS)

  • Query: SrcPort 63251 → DstPort 53, Length 43 B.

  • Response reverses ports; larger length 96 B.

Transmission Control Protocol (TCP)

Key Characteristics

  • Defined in RFC 793.

  • Connection-oriented (3-way handshake).

  • Full-duplex, point-to-point, stream interface (app sends bytes, TCP segments them).

  • Reliable, in-order, duplicate-free delivery.

  • Built-in flow control (receiver window) and congestion control (adaptive send rate).

Segment Format (minimum 20 B header)

0        4      8      12           20       32 bits
+--------+------+--------+-----------------+--------+
| SrcPort|DstPort| Sequence Number         |
+--------+------+--------+-----------------+
| Acknowledgment Number                    |
+-----------------+------+---------------+-+
|HdrLen| Flags    | Window Size           |
+-----------------+------+---------------+
| Checksum | UrgPtr | Options (0–40B) ... |
+------------------------+----------------+
|           Data (payload)                |

  • Flags (1 bit each): URG, ACK, PSH, RST, SYN, FIN.

Reliable Data Transfer Mechanisms

  1. Sequence numbers = byte index of first data byte in segment (initial value random).

  2. Acknowledgment number = next byte receiver expects.

  3. Cumulative ACKs: one ACK can cover many bytes; reduces overhead.

  4. Pipelining: several segments "in flight" simultaneously.

  5. Duplicate detection: repeated sequence ignored.

  6. Retransmissions when timeout expires (adaptive RTT estimation).

Adaptive Timeout Computation

  • Maintains smoothed RTT SRTT and deviation RTTVAR.

  • Sender timeout = SRTT + 4 * RTTVAR (RFC 6298 heuristic).

Flow Control (Receiver Window)

  • Receiver advertises rwnd.

  • If buffer full ⇒ advertises 0; sender pauses.

  • When space freed ⇒ sends new ACK with positive window.

3-Way Handshake (Connection Setup)

  1. SYN: client → server (includes ISN, window).

  2. SYN|ACK: server → client (its own ISN + ACK=ISN+1).

  3. ACK: client → server (ACK = server ISN+1).

Graceful Teardown (4 segments, 3 logical steps)

  1. Side A: FIN|ACK.

  2. Side B: ACK; when ready sends FIN|ACK.

  3. Side A: final ACK ⇒ enters TIME-WAIT state.

    • Ensures late segments are discarded before socket fully closes.

TCP States (seen via netstat)

  • LISTEN, SYN-SENT, SYN-RCVD, ESTABLISHED, FIN-WAIT-1/2, CLOSE-WAIT, LAST-ACK, TIME-WAIT, CLOSED, etc.

Comparison Summary

  • UDP = fast, simple, unreliable; great for real-time or tiny transactions.

  • TCP = heavyweight but reliable; essential for correctness (web, SSH, e-mail, file xfer).

  • Applications can mix both (e.g.

    Zoom: login over TCP, media over UDP).

Practical / Tooling Notes

  • Wireshark: inspect headers, follow TCP stream, watch SYN/SYN-ACK/ACK, FIN, sequence/ack numbers.

  • Netstat (netstat -na on Windows): view TCP state machine in action.

  • For firewalls/load balancers, routers normally ignore L4 details; only endpoints process TCP reassembly.

Real-World Analogies (used in lecture)

  • TCP phone call: dial (handshake) → talk (data) → hang up (FIN).

  • UDP Morse key: hit key, start transmitting; no greeting, no confirmation.

  • Airline baggage: IP = flight (host-to-host); TCP = sorting bags to correct carousel (process-to-process).

Exam / Assessment Hints (explicitly flagged)

  • Terminology in red slides: multiplexing, demultiplexing, connection-oriented, connection-less, reliable delivery, in-order delivery, congestion control, flow control.

  • Understand header fields & their purpose (especially source/destination port, sequence & ACK numbers, window, SYN/FIN flags).

  • Be able to justify why a given application chooses UDP vs TCP.