Skip to content

Explain the difference between TCP and UDP and when you'd use each.

Short answer

TCP is connection-oriented and reliable: it uses a three-way handshake, guarantees ordered delivery, and retransmits lost packets. UDP is connectionless and fast with no delivery, ordering, or congestion guarantees. Use TCP for accuracy (web, email, file transfer) and UDP for speed-sensitive traffic (DNS, VoIP, streaming, gaming).

TCP and UDP are the two main transport-layer protocols, and the difference between them comes down to a single tradeoff: reliability versus speed. Interviewers also like to connect this to security.

TCP — reliable and ordered

TCP is connection-oriented. Before any data flows, both sides establish a session with the three-way handshake (SYN, SYN-ACK, ACK). Once connected, TCP guarantees:

  • Reliable delivery — lost packets are detected and retransmitted.
  • Ordering — bytes arrive in the order they were sent.
  • Flow and congestion control — it adapts the send rate to avoid overwhelming the receiver or network.

This overhead makes TCP slightly slower but ensures accuracy, so it's used where every byte matters: web (HTTP/HTTPS), email, SSH, and file transfer.

UDP — fast and lightweight

UDP is connectionless. It just fires packets ("datagrams") with no handshake, no acknowledgments, no retransmission, and no ordering. That means lower latency and overhead, at the cost of possible loss or reordering. It suits applications where speed beats perfection and a missed packet doesn't ruin things: DNS lookups, VoIP, live video, online gaming.

The security angle

The lack of a handshake makes UDP attractive for attackers: spoofed-source amplification DDoS attacks abuse UDP services (DNS, NTP, memcached) because there's no connection to validate the sender. TCP's handshake also underlies attacks like SYN floods. Knowing how each protocol behaves helps you read firewall rules, IDS alerts, and traffic captures correctly.

Why this matters

Interviewers want the core tradeoff (reliable/ordered vs fast/best-effort), a correct description of the handshake, and ideally the security implications. Tying protocol behavior to real attacks like UDP amplification shows you think about networking through a security lens.

Likely follow-ups

  • What is the TCP three-way handshake?
  • Why is UDP often used in DDoS amplification attacks?
  • How does protocol choice affect firewall and IDS handling?

Sources

Certifications

Get 100 cybersecurity interview questions + answers

Drop your email and we'll send you the free PDF pack and the flashcard deck.

No spam. Unsubscribe anytime.