Is TCP or UDP faster?

UDP is faster because it has no handshake, no acknowledgements, and no retransmission. TCP trades that speed for guaranteed, in-order delivery. Choose UDP when occasional loss is acceptable, TCP when every byte must arrive.

Can the same port number be used by both TCP and UDP?

Yes. Port 53 (DNS) is a classic example that runs on both TCP and UDP. The transport protocol and port number together identify a service, so TCP/53 and UDP/53 are distinct endpoints.

Why is UDP used for DDoS amplification?

UDP is connectionless and easy to spoof, so attackers forge the victim's source IP. Servers on ports like 53, 123, 161, 1900 and 5353 reply with responses far larger than the request, amplifying traffic toward the victim.

TCP vs UDP: what's the difference?

TCP and UDP are the two transport protocols that carry almost everything on the internet. They sit just above IP and decide how your data gets from one host to another. Picking the right one — or recognizing which one a service uses — is fundamental to networking and security work. This guide explains the difference and why it matters.

Connection-oriented vs connectionless

TCP (Transmission Control Protocol) is connection-oriented. Before any data flows, the two hosts perform a three-way handshake: SYN → SYN-ACK → ACK. Only once that exchange completes does the actual payload move. The connection is a tracked, stateful session for its entire lifetime.

UDP (User Datagram Protocol) is connectionless. There is no handshake and no session. A host simply sends a datagram and hopes it arrives. There is no built-in acknowledgement, so the sender never learns whether the packet was received unless the application layer adds its own check.

Reliability and ordering

This is the core trade-off:

TCP guarantees delivery and order. Lost segments are retransmitted, duplicates are discarded, and bytes are reassembled in the exact order they were sent. Flow control and congestion control keep the sender from overwhelming the receiver or the network.
UDP guarantees nothing. Packets can be lost, duplicated, or arrive out of order, and UDP will not fix it. That sounds bad, but for some workloads it is exactly right — a dropped frame in a video call is better than a stall while it gets retransmitted.

Headers

The header sizes reflect the philosophy. A UDP header is a lean 8 bytes: source port, destination port, length, and checksum. A TCP header is at least 20 bytes because it carries sequence numbers, acknowledgement numbers, window sizes, and control flags — all the machinery needed to track a reliable session.

Quick comparison

Feature	TCP	UDP
Connection	Handshake first	None
Reliability	Guaranteed	Best-effort
Ordering	In order	Not guaranteed
Header size	20+ bytes	8 bytes
Speed	Slower	Faster
Typical use	Web, email, SSH	DNS, VoIP, streaming

When each is used

TCP is the choice whenever correctness matters more than latency. Web traffic over port 80 and port 443, secure shell on port 22, and email across port 25, port 587, port 465, port 110, port 143 and port 993 all rely on TCP. Databases such as port 3306 and port 5432 and remote desktop on port 3389 do too — a corrupt query result or a garbled screen update is unacceptable.

UDP wins where speed and low overhead beat perfect delivery. DNS uses port 53 for fast lookups, DHCP hands out addresses on port 67, and time synchronization runs over NTP on port 123. VoIP signaling on port 5060, network management with SNMP on port 161, and local service discovery via mDNS on port 5353 and SSDP on port 1900 all favor UDP's minimal latency. You can browse all ports to see which protocol each service uses.

Why UDP feeds amplification DDoS

UDP's lack of a handshake is also its biggest security weakness. Because no connection is established, an attacker can forge the source IP address and send a small request that triggers a much larger reply — sent to the spoofed victim. This is reflection and amplification.

The worst offenders are UDP services that return large responses to tiny queries: DNS on port 53, NTP on port 123 (the monlist command), SNMP on port 161, SSDP on port 1900, and mDNS on port 5353. A few bytes in can produce dozens or hundreds of bytes out, multiplying an attacker's bandwidth against a target. TCP's handshake makes this far harder, since the spoofed victim would have to complete the connection.

Conclusion

TCP buys reliability with overhead; UDP buys speed by giving up guarantees. Neither is "better" — they serve different needs, and good engineers match the protocol to the workload. Just remember that UDP's simplicity carries a security cost: exposed UDP services are prime amplification targets, so lock them down or keep them off the public internet.