NetworkingNetwork+

TCP vs UDP for CompTIA Network+ N10-009

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two Transport layer protocols tested on CompTIA Network+ N10-009. You must understand their characteristics, when each is appropriate, the TCP three-way handshake, and which application protocols use TCP vs UDP. Questions ask you to match protocols to use cases, explain why an application uses UDP, or identify what TCP provides that UDP does not.

8 min

3 sections · 7 exam key points

2 practice questions

TCP: Reliable, Connection-Oriented

TCP is connection-oriented — before data transfer, a session is established using the three-way handshake: (1) SYN — client sends synchronize to server. (2) SYN-ACK — server acknowledges and sends its own synchronize. (3) ACK — client acknowledges. The session is now established. Termination uses a four-way FIN/ACK sequence.

TCP guarantees delivery by requiring acknowledgment (ACK) for every segment. If an ACK is not received within a timeout period, the sender retransmits. TCP provides: ordered delivery (sequence numbers ensure correct reassembly), error detection (checksum), flow control (window size — prevents overwhelming receiver), and congestion control (reduces transmission rate when network is congested).

TCP port numbers identify applications. Source port: a random high-numbered port chosen by the client for this session (ephemeral port, typically 1024–65535). Destination port: the well-known port of the service (80 for HTTP, 443 for HTTPS). The combination of source IP, source port, destination IP, and destination port (the four-tuple or socket pair) uniquely identifies each TCP connection.

UDP: Fast, Connectionless

UDP is connectionless — it sends data without establishing a session first. No handshake, no acknowledgment, no guaranteed delivery, no ordering. UDP is a 'fire and forget' protocol. This makes UDP significantly faster and lower latency than TCP — there is no round-trip handshake overhead before data starts flowing.

When to use UDP: real-time applications where speed matters more than guaranteed delivery — VoIP, video streaming, online gaming, DNS queries. A lost voice packet is better discarded than retransmitted (retransmitting old audio causes glitching). DNS queries are typically one UDP request and one UDP response — connection overhead would waste time. TFTP and DHCP also use UDP.

Applications can build their own reliability on top of UDP when needed. QUIC (used in HTTP/3) is a modern protocol that implements reliable, multiplexed transport over UDP, combining UDP's speed with TCP-like reliability and TLS encryption.

TCP vs UDP Decision Framework

Choose TCP when: data integrity is critical (file transfers, web pages, email, database queries), ordered delivery matters, or the application cannot tolerate missing data. Choose UDP when: low latency is critical (voice/video), some data loss is acceptable, the application implements its own error handling, or the transaction is a single request-response (DNS, DHCP, SNMP, TFTP).

Common exam question: 'Which protocol should be used for a VoIP application?' Answer: UDP — because even a small retransmission delay causes audible glitching, and a lost voice packet is simply skipped. Similarly: 'Which protocol ensures all data is received and in order?' Answer: TCP.

TCP vs UDP Feature Comparison

Feature	TCP	UDP
Connection	Connection-oriented (handshake)	Connectionless
Reliability	Guaranteed delivery (ACK)	Best effort, no guarantee
Ordering	Guaranteed (sequence numbers)	Not guaranteed
Speed	Slower (overhead)	Faster (minimal overhead)
Flow control	Yes (window size)	No
Error recovery	Yes (retransmission)	No (application must handle)
Use cases	HTTP, FTP, SSH, email, LDAP	DNS, DHCP, VoIP, video, TFTP

Key exam facts — Network+

TCP = reliable, ordered, connection-oriented; three-way handshake: SYN→SYN-ACK→ACK
UDP = connectionless, no guaranteed delivery, faster — used for real-time apps
DNS uses UDP for queries, TCP for zone transfers
VoIP uses UDP — retransmitting old audio is worse than dropping it
DHCP uses UDP (broadcasts before having an IP — TCP impossible)
HTTP/HTTPS, FTP, SSH, SMTP, LDAP, RDP all use TCP
Ephemeral ports: 1024–65535 — randomly assigned by OS for client-side of connections

Common exam traps

UDP is unreliable so it should never be used for important applications

UDP is used intentionally for real-time applications where latency matters more than occasional data loss. VoIP, video conferencing, DNS, and online gaming all rely on UDP's speed

TCP is always better than UDP

TCP's overhead (handshake, ACKs, retransmission) adds latency. For real-time applications, UDP's speed outweighs reliability — a retransmitted voice packet arriving late is useless and causes audio glitching

DNS only uses UDP

DNS uses UDP port 53 for standard queries (fast, small requests). DNS uses TCP port 53 for zone transfers (full zone data is too large for a single UDP packet) and responses exceeding 512 bytes

Practice questions — TCP vs UDP

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A network engineer is configuring QoS for VoIP traffic. Which Transport layer protocol does VoIP use, and why?

A.TCP — for guaranteed voice packet delivery

B.UDP — for low latency, as retransmitting voice packets causes audio glitching

C.ICMP — for real-time signaling

D.TCP — because VoIP requires ordered packet delivery

Explanation: VoIP uses UDP because low latency is critical for audio quality. If a voice packet is lost, retransmitting it would arrive too late to be useful and would cause audio glitching. It is better to skip the packet (resulting in a brief gap) than to delay all subsequent audio waiting for a retransmission. UDP's connectionless nature also eliminates handshake overhead.

Q2.Which step of the TCP three-way handshake is initiated by the server in response to the client's first message?

A.SYN

B.SYN-ACK

C.ACK

D.FIN

Explanation: The TCP three-way handshake: (1) Client sends SYN. (2) Server responds with SYN-ACK (acknowledging the client's SYN and sending its own synchronize). (3) Client sends ACK to acknowledge the server's SYN. The SYN-ACK is the server's response to the initial client SYN.

Frequently asked questions — TCP vs UDP

What is the difference between a port and a socket?

A port is a logical endpoint for a service on a device (e.g., TCP port 80 on a web server). A socket is the combination of an IP address and port number (e.g., 192.168.1.10:80). A socket pair (client IP:port + server IP:port) uniquely identifies one TCP connection. A server can have thousands of simultaneous connections all on port 80 because each has a unique client IP:port combination.

Practice this topic

Network+practice questions

Test yourself on TCP vs UDP

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime