CYBER SECURITY (Penetration Testing Prerequisites) 1.7 TCP and UDP

CYBER SECURITY (Penetration Testing Prerequisites) 1.7 TCP and UDP

Mohamed Abdalla Ibrahim's photo
Mohamed Abdalla Ibrahim
·Mar 21, 2022·

3 min read


How Do TCP and UDP support my pentesting career?

it will allow me to perform the TCP session Attacks, advanced DOS attacks, and network scanning

  • The Transmission control protocol (TCP) and the user datagram protocol (UDP) are the most common transport protocols used on the internet.

  • before we dive deeper into the different services that the transport layer protocol can offer to the application layer let's consider that, a computer network can be unreliable, this means that some packets can be lost during their tri from the source to the destination, a packet can be lost because of the network congestion, temporary loss of connection and other Technical issues.


when designing a transport layer protocol, the Designer must choose how to deal with these limitations, for example : TCP :

  • Grants packet delivery: Because the application needs a guaranteed delivery will use TCP as the transport protocol.
  • also connection-oriented, it must establish a connection before transferring data.

  • keep in mind these facts.

TCP is the most transported protocol on the internet, the vast majority of applications use it, and the IP protocol suite is often called TCP/IP.


  • On the other hand, UDP is much more simple than TCP :
  • it doesn't guarantee packet delivery and its connectionless.

-> UPD is faster than TCP, as it provides better throughput, it is used by multimedia applications that can tolerate packet loss.

Ex: UDP is used for VOIP and video streaming.



Applications and their processes use TCP and UDP to send and receive data over the network, when an IP datagram reaches a host, how can the transport layers know what the destination process is? -> here ports role come

ports are used to identify a single network process on a machine

-> let me explain it more in the following example :

assume that we have a PC that uses different ports :


  • the browser uses local port 3028 to connect to the webserver.
  • While the mail client uses local port 1022.
  • all communication from the web browser to the web server will have 3028 as the source port and 80 as the destination port.
  • all the communication back from the webserver to the browser will have 80 as the source port and 3028 as the destination port.

Well-known ports

  • Each common protocol has a well know ports in the 1023 range, common server process or daemons, well-known ports most of the time.
  • ports are assigned by IANA and referenced in this link

TCP and UDP Headers

How can server and client applications know which port to use : they use two fields in the TCP or UDP header: the source and destination ports :

TCP Header :


UDP Header :


In the next article, I will write about Firewall and Network Defense.

Written by : Mohamed Abdalla Ibrahim

PMP | CISM | ITIL | CEH | Azure Architect | Azure Security Engineer | IBM Cybersecurity Analyst###

Share this