Tcp – How to know whether a protocol uses TCP or UDP

layer4tcptransport-protocoludp

Well I know that might sound a stupid question and I believe that the most proper answer will be like I will be able to tell as my experience builds up and I learn more and more about the protocols.

However I am a student and I am not having much hands on experience in the field. Though I can google for any given protocol, I want to know if there is any rule of thumb. I still feel asking for "rule of thumb" is stupid, but still I am looking for one.

I encountered this list on wikipedia which lists the protocols and whether they use TCP or UDP in the tabular format. However I am not able to understand that what it means when the row for a particular protocol contains both TCP and UDP with single port number. For example, in Telnet row, it has 23-TCP-UDP. What does this mean? Telnet can operate on both TCP port 23 and UDP port 23?

Also I found that in my textbook, it says TFTP uses UDP, but if we look in the above table, TFTP line is 69-TCP-UDP. So just guessing whats going on in the above table.

Best Answer

You asked a good question. Don't let anyone tell you otherwise.

Regrettably, there is no rule of thumb for the types of protocols that use TCP verses the types of protocols that use UDP.

The decision whether a protocol uses one or the other come down to whomever wrote/created the protocol to begin with.

If they didn't want to bother with writing their own "reliable delivery" system, then they can simply use TCP which provides all the reliability innately.

If they thought (knowing their own protocol innately) that they could write a better or more appropriate "reliable delivery" system, then they can build that into the protocol itself and simply use UDP as their transport.

As an example, take a look at a UDP TFTP sample capture, you'll notice there are built in acknowledgement systems within TFTP itself -- having both those and the additional acknowledgement systems within TCP would simply be redundant.

Whereas FTP, which runs over TCP, does not have a built-in acknowlegdment system. A user simply request a file, and the sender sends it. There is a "file transfer complete" notification, but nothing that guarantees having received each bit of the file. FTP is relying on TCP's reliability to ensure the file gets all the way across.

That said, I looked through the list of ports on the wiki page you linked, and saw a surprising amount of protocols that supposedly use TCP and UDP. This was foreign to me, and I only know of very few that use both (namely, DNS). But it may be that there is a TFTP implementation that uses TCP, and if so, I'm afraid I have no exposure to it.

Domain Name System (DNS) is traditionally the protocol referred to when discussing protocols that use both TCP and UDP. It doesn't use these at the same time, mind you. But different functions within DNS might call for TCP vs UDP.

For example, when making a simple A-record resolution request, the "request" and "response" are very lightweight, both requiring a single packet. As such, this is typically done over UDP.

But if a request or response requires a larger transfer (above a certain amount of bytes), then DNS chooses to use TCP to ensure "all the bits" get there. This is common with full Zone Transfer requests.

Related Topic