CCNA / CCENT/ Network+ Tutorial: TCP and UDP Headers And Multiplexing

In previous CCNA and CCENT tutorials, we took a look at several TCP features, including flow control, the TCP three-way handshake, and sequence numbers.   Those tutorials are excellent study material for the Network+ exam, too, so head to those pages when you’re done here.   Right now, let’s get to the header comparison and figure out why we care about this in the first place!

After reading about all of TCP’s great features, you might wonder why anyone even uses UDP.    Let’s have a look at the TCP and UDP headers and see if they hint at the reason UDP is still around.

TCP header:

TCP Header Fields

UDP header:

UDP Header Fields

Quite a difference in size.  That size difference leads us to that single word that makes TCP problematic:  overhead.

All those great TCP features come with the cost of higher overhead.   The headers you see here are attached to every segment.  The header size difference really adds up, especially with the delay-sensitive voice and video traffic found on today’s networks.  TCP’s three-way handshake and forward acknowledgment schemes, while generally seen as positives, use bandwidth that UDP does not.

Let’s leave the TCP-UDP differences behind for a moment and remind ourselves of their similarities:

  • They both run at the Transport layer.
  • They both perform multiplexing.

The Purpose Of Multiplexing

How does a server handle multiple and simultaneous flows from a host, such as these?

Three Data Flows, Three Types Of Data

The server needs a way to transmit those incoming flows separately in order to send the TFTP data to the application that is designed to handle that data, SMTP data to the appropriate application, and so forth.  That’s where well-known port numbers come into play.

These port numbers might not be well known to you (yet), but our network devices know every single one of them, from the common to the obscure.  The three protocols mentioned in that list each have a well-known port number.

  • TFTP: UDP port 69
  • HTTP: TCP port 80
  • SMTP: TCP port 25

These three data flows will share the destination IP address, but they’ll have different and pre-assigned destination port numbers.

Three Data Flows, Three Different Port Numbers

When a host receives data marked as UDP port 69, it knows that’s Trivial File Transfer Protocol traffic, and that traffic can then be handled accordingly.  Same for TCP port 80, which is always HTTP.   These reserved port numbers make it possible for the host to mix the data flows (“multiplexing”) rather than sending all TFTP data first, then the HTTP data, and so forth. Multiplexing allows for a more efficient data transmission scheme.

Multiplexing In Action

We’ll wrap up this tutorial with a look at sockets…and a four-way handshake.

The term “socket” suggests a physical item, but in this context, it’s strictly logical.  A socket is the combination of IP address and port number.  For example, the socket for TFTP traffic at host 10.1.1.2 is 10.1.1.2:69.  Occasionally, you’ll see a socket expressed in this format:

IP address, transport protocol, port number

In that case, the TFTP socket would be (10.1.1.2, UDP, 69).  Just two ways to express the same value, which is something we’re used to in networking.

Now about that other handshake…TCP has a four-way handshake you should be aware of.  We already tackled the TCP three-way handshake, so where can a four-way handshake possibly fit in?

The four-way handshake is the termination of the communication.   The FIN (“finish”) bit wasn’t involved in the 3-way shake, but it’s at the core of this operation.

TCP Four-Way Handshake

This concludes my CCNA and CCENT TCP / UDP tutorial series, but there’s plenty of material here on the site to help you earn these certifications, including free courses on EIGRP and access-lists.  Follow these links to get started, and thanks for making my work part of your success story!

CCNA Tutorial Series:  EIGRP (scroll down on that page)

CCNA Free Video Boot Camp:  Access Lists