User Datagram Protocol (UDP) is a Transport Layer protocol.

UDP is a part of the Internet Protocol

suite, referred to as UDP/IP suite. Unlike TCP, it is an unreliable and connectionless protocol. So,
there is no need to establish a connection before data transfer. The UDP helps to establish low-
latency and loss-tolerating connections over the network. The UDP enables process-to-process
communication.

What is User Datagram Protocol?

User Datagram Protocol (UDP) is one of the core protocols of the Internet Protocol (IP) suite. It is a
communication protocol used across the internet for time-sensitive transmissions such as video
playback or DNS lookups . Unlike Transmission Control Protocol (TCP), UDP is connectionless and
does not guarantee delivery, order, or error checking, making it a lightweight and efficient option for
certain types of data transmission.

UDP Header

UDP header is an 8-byte fixed and simple header, while for TCP it may vary from 20 bytes to 60 bytes.
The first 8 Bytes contain all necessary header information and the remaining part consists of data.
UDP port number fields are each 16 bits long, therefore the range for port numbers is defined from 0
to 65535; port number 0 is reserved. Port numbers help to distinguish different user requests or
processes.
UDP Header

• Source Port: Source Port is a 2 Byte long field used to identify the port number of the source.

• Destination Port: It is a 2 Byte long field, used to identify the port of the destined packet.

• Length: Length is the length of UDP including the header and the data. It is a 16-bits field.

• Checksum: Checksum is 2 Bytes long field. It is the 16-bit one’s complement of the one’s
complement sum of the UDP header, the pseudo-header of information from the IP header,
and the data, padded with zero octets at the end (if necessary) to make a multiple of two
octets.

Notes – Unlike TCP, the Checksum calculation is not mandatory in UDP. No Error control or flow
control is provided by UDP. Hence UDP depends on IP and ICMP for error reporting. Also UDP
provides port numbers so that is can differentiate between users requests.

Applications of UDP

• Used for simple request-response communication when the size of data is less and hence
there is lesser concern about flow and error control.

• It is a suitable protocol for multicasting as UDP supports packet switching.

• UDP is used for some routing update protocols like RIP(Routing Information Protocol).

• Normally used for real-time applications which can not tolerate uneven delays between
sections of a received message.

• VoIP (Voice over Internet Protocol) services, such as Skype and WhatsApp, use UDP for real-
time voice communication. The delay in voice communication can be noticeable if packets
are delayed due to congestion control, so UDP is used to ensure fast and efficient data
transmission.

• DNS (Domain Name System) also uses UDP for its query/response messages. DNS queries are
typically small and require a quick response time, making UDP a suitable protocol for this
application.

• DHCP (Dynamic Host Configuration Protocol) uses UDP to dynamically assign IP addresses to
devices on a network. DHCP messages are typically small, and the delay caused by packet
loss or retransmission is generally not critical for this application.

• Following implementations uses UDP as a transport layer protocol:

o NTP (Network Time Protocol)

o DNS (Domain Name Service)

o BOOTP, DHCP.

o NNP (Network News Protocol)

o Quote of the day protocol

o TFTP, RTSP, RIP.

• The application layer can do some of the tasks through UDP-

 o Trace Route

o Record Route

o Timestamp

• UDP takes a datagram from Network Layer , attaches its header, and sends it to the user. So,
it works fast.

TCP vs UDP

Basis Transmission Control Protocol (TCP) User Datagram Protocol (UDP)

UDP is the Datagram-oriented

TCP is a connection-oriented protocol. protocol. This is because there
Connection orientation means that the is no overhead for opening a
communicating devices should establish a connection, maintaining a
connection before transmitting data and connection, or terminating a
should close the connection after connection. UDP is efficient for
transmitting the data. broadcast and multicast types
Type of Service of network transmission.

The delivery of data to the

TCP is reliable as it guarantees the delivery
destination cannot be
of data to the destination router.
Reliability guaranteed in UDP.

TCP provides extensive error-checking UDP has only the basic error-
Error checking mechanisms. It is because it provides flow checking mechanism using
mechanism control and acknowledgment of data. checksums.

Acknowledgme
An acknowledgment segment is present. No acknowledgment segment.
nt

Sequencing of data is a feature of There is no sequencing of data

Transmission Control Protocol (TCP). this in UDP. If the order is required,
means that packets arrive in order at the it has to be managed by the
Sequence receiver. application layer.

UDP is faster, simpler, and more

TCP is comparatively slower than UDP.
Speed efficient than TCP.
Basis Transmission Control Protocol (TCP) User Datagram Protocol (UDP)

There is no retransmission of
Retransmission of lost packets is possible in
lost packets in the User
TCP, but not in UDP.
Retransmission Datagram Protocol (UDP).

TCP has a (20-60) bytes variable length UDP has an 8 bytes fixed-length
Header Length header. header.

Weight TCP is heavy-weight. UDP is lightweight.

Handshaking Uses handshakes such as SYN, ACK, SYN- It’s a connectionless protocol
Techniques ACK i.e. No handshake

Broadcasting TCP doesn’t support Broadcasting. UDP supports Broadcasting.

TCP is used by HTTP, UDP is used by DNS, DHCP,

Protocols HTTPs , FTP , SMTP and Telnet . TFTP, SNMP , RIP, and VoIP.

UDP connection is a message

The TCP connection is a byte stream.
Stream Type stream.

Overhead Low but higher than UDP. Very low.

This protocol is used in

This protocol is primarily utilized in situations where quick
situations when a safe and trustworthy communication is necessary but
communication procedure is necessary, where dependability is not a
such as in email, on the web surfing, and concern, such as VoIP, game
in military services. streaming, video, and music
Applications streaming, etc.

Advantages of UDP

• Speed: UDP is faster than TCP because it does not have the overhead of establishing a
connection and ensuring reliable data delivery.

• Lower latency: Since there is no connection establishment, there is lower latency and faster
response time.
 • Simplicity: UDP has a simpler protocol design than TCP, making it easier to implement and
manage.

• Broadcast support: UDP supports broadcasting to multiple recipients, making it useful for
applications such as video streaming and online gaming.

• Smaller packet size: UDP uses smaller packet sizes than TCP, which can reduce network
congestion and improve overall network performance.

• User Datagram Protocol (UDP) is more efficient in terms of both latency and bandwidth.

Disadvantages of UDP

• No reliability: UDP does not guarantee delivery of packets or order of delivery, which can
lead to missing or duplicate data.

• No congestion control: UDP does not have congestion control, which means that it can send
packets at a rate that can cause network congestion.

• Vulnerable to attacks: UDP is vulnerable to denial-of-service attacks , where an attacker can

flood a network with UDP packets, overwhelming the network and causing it to crash.

• Limited use cases: UDP is not suitable for applications that require reliable data delivery,
such as email or file transfers, and is better suited for applications that can tolerate some
data loss, such as video streaming or online gaming.

How is UDP used in DDoS attacks?

A UDP flood attack is a type of Distributed Denial of Service (DDoS) attack where an attacker sends
a large number of User Datagram Protocol (UDP) packets to a target port.

• UDP Protocol : Unlike TCP, UDP is connectionless and doesn’t require a handshake before
data transfer. When a UDP packet arrives at a server, it checks the specified port for listening
applications. If no app is found, the server sends an ICMP “destination unreachable” packet
to the supposed sender (usually a random bystander due to spoofed IP addresses).

• Attack Process :

o The attacker sends UDP packets with spoofed IP sender addresses to random ports
on the target system.

o The server checks each incoming packet’s port for a listening application (usually not
found due to random port selection).

o The server sends ICMP “destination unreachable” packets to the spoofed sender
(random bystanders).

o The attacker floods the victim with UDP data packets, overwhelming its resources.

• Mitigation : To protect against UDP flood attacks, monitoring network traffic for sudden
spikes and implementing security measures are crucial. Organizations often use specialized
tools and services to detect and mitigate such attacks effectively.

UDP Pseudo Header

 • The purpose of using a pseudo-header is to verify that the UDP packet has reached its
correct destination

• The correct destination consist of a specific machine and a specific protocol port number
within that machine

UDP pseudo header

UDP Pseudo Header Details

• The UDP header itself specify only protocol port number.thus , to verify the destination UDP
on the sending machine computes a checksum that covers the destination IP address as well
as the UDP packet.

• At the ultimate destination, UDP software verifies the checksum using the destination IP
address obtained from the header of the IP packet that carried the UDP message.

• If the checksum agrees, then it must be true that the packet has reached the intended
destination host as well as the correct protocol port within that host.

User Interface

A user interface should allow the creation of new receive ports, receive operations on the receive
ports that returns the data octets and an indication of source port and source address, and an
operation that allows a datagram to be sent, specifying the data, source and destination ports and
address to be sent.

IP Interface

• The UDP module must be able to determine the source and destination internet address and
the protocol field from internet header

• One possible UDP/IP interface would return the whole internet datagram including the entire
internet header in response to a receive operation

• Such an interface would also allow the UDP to pass a full internet datagram complete with
header to the IP to send. the IP would verify certain fields for consistency and compute the
internet header checksum.

• The IP interface allows the UDP module to interact with the network layer of the protocol
stack, which is responsible for routing and delivering data across the network.

• The IP interface provides a mechanism for the UDP module to communicate with other hosts
on the network by providing access to the underlying IP protocol.
• The IP interface can be used by the UDP module to send and receive data packets over the
network, with the help of IP routing and addressing mechanisms.