Explain the difference between TCP and UDP and when you'd use each.
Short answer
TCP is connection-oriented and reliable: it uses a three-way handshake, guarantees ordered delivery, and retransmits lost packets. UDP is connectionless and fast with no delivery, ordering, or congestion guarantees. Use TCP for accuracy (web, email, file transfer) and UDP for speed-sensitive traffic (DNS, VoIP, streaming, gaming).
TCP and UDP are the two main transport-layer protocols, and the difference between them comes down to a single tradeoff: reliability versus speed. Interviewers also like to connect this to security.
TCP — reliable and ordered
TCP is connection-oriented. Before any data flows, both sides establish a session with the three-way handshake (SYN, SYN-ACK, ACK). Once connected, TCP guarantees:
- Reliable delivery — lost packets are detected and retransmitted.
- Ordering — bytes arrive in the order they were sent.
- Flow and congestion control — it adapts the send rate to avoid overwhelming the receiver or network.
This overhead makes TCP slightly slower but ensures accuracy, so it's used where every byte matters: web (HTTP/HTTPS), email, SSH, and file transfer.
UDP — fast and lightweight
UDP is connectionless. It just fires packets ("datagrams") with no handshake, no acknowledgments, no retransmission, and no ordering. That means lower latency and overhead, at the cost of possible loss or reordering. It suits applications where speed beats perfection and a missed packet doesn't ruin things: DNS lookups, VoIP, live video, online gaming.
The security angle
The lack of a handshake makes UDP attractive for attackers: spoofed-source amplification DDoS attacks abuse UDP services (DNS, NTP, memcached) because there's no connection to validate the sender. TCP's handshake also underlies attacks like SYN floods. Knowing how each protocol behaves helps you read firewall rules, IDS alerts, and traffic captures correctly.
Why this matters
Interviewers want the core tradeoff (reliable/ordered vs fast/best-effort), a correct description of the handshake, and ideally the security implications. Tying protocol behavior to real attacks like UDP amplification shows you think about networking through a security lens.
Likely follow-ups
- What is the TCP three-way handshake?
- Why is UDP often used in DDoS amplification attacks?
- How does protocol choice affect firewall and IDS handling?