Writings

TCP - UDP - ICMP

Yani Diagne

11 Juni 2022 • 3 min read

This post discusses the difference between the TCP, UDP and, ICMP protocols. As you continue with your cyber journey, those protocols are one of the first and most important things that will cross your path. It is important to understand the difference between them and when each of them should be used. Sitting in class and not really understanding what their function is or how they differ from others can be very frustrating and I had to realize that there is no shortcut when it comes to properly understanding them since you use these protocols every day.

TCP

First, we need to understand what those protocols are for. Networking protocols provide a certain set of rules that are used for computers to communicate with each other on a network. TCP is the short version for Transmission Control Protocol. It guarantees the delivery of the packets through connection-oriented traffic. This is done by using the three-way handshake.

In the picture above, you can see how the three-way handshake works.

The client sends a SYN (synchronize) packet to the server. The server responds with a SYN/ACK (synchronize/acknowledge) packet, which could be seen as a response to the client that the server is up. Lastly, the client sends another acknowledgment package to the server to establish the connection.

An easy way to remember this method is to see it as a form of verbal communication:

Client: Hey are you there? (SYN)

Server: Yes I'm here. (SYN/ACK)

Client: Great! Let's chat! (SYN)

TCP in general is used for many things. The protocols are mostly used when there should be an error-free data delivery, meaning that safe delivery is more important than speeding up the process. This is extremely important when sending emails, making file transfers, or doing similar activities where you require all the data in the right order.

UDP

UDP is the short version for User Datagram Protocol. This protocol provides a connectionless session, meaning that there is no three-way handshake included. As you could see earlier, the TCP protocol makes sure that the packets are being delivered, and there is a guarantee that the outgoing packets will reach their destination. This is done through the three-way handshake, but since UDP is not using this method, delivery is not ensured.

By "chatting" with your destination server you have the guarantee that your packets will arrive. UDP saves this extra traffic, takes your packages, and sends them to the destination. You do not have to create a connection between the client and the server in order to send the packages. By using the term extra traffic, I mean that UDP saves the effort of sending you a confirmation that the packages have arrived. Instead, it just sends them out. TCP creates a connection first and then sends the packages. It is guaranteed that they arrive because the client knows that the server is up and ready to receive. UDP doesn't establish a connection and just sends the packages to the destination, hoping they will arrive. There is no extra traffic going back and forth between the client and server.

The focus is clearly on speed and not to ensure that the packages have arrived. The UDP datagrams are coordinated by the application and not the protocol, which allows them to be received and processed as they come. In many cases, speed is more important than ensuring the delivery, such as for video streams, where processing information as fast as possible is more important than reassembling the data in perfect order.

ICMP

The Internet Control Message Protocol is used to test the basic connectivity between two systems. This can be done by using tools such as "ping", "pathping" or "tracert". Normally when you begin to troubleshoot, your network testing begins almost every time with ICMP, as it gives a good baseline. ICMP is also very popular for DoS attacks (Denial of Service attacks). Since those attacks use mainly ICMP, firewalls and routers have adapted and sometimes block ICMP traffic. This disables a ping response and prevents hackers from discovering devices in the network. However, if you use hping instead of ping, you might find interesting information. While ping sends traffic by only using ICMP protocol, hping can send pings using TCP, UDP, and ICMP.
Now, if your packets can't reach their destination using the ping command but it is successful when using hping, you know that the server is using a firewall to block ICMP traffic.

Sign up for more content.