networking protocols

UDP (UDP)

udp protocols transport-layer networking-fundamentals
Plain English

UDP is like shouting a message across a room. You send it and move on without waiting for confirmation that it was heard. This makes UDP fast because there is no setup or tracking, but it also means some messages might get lost. Applications that need speed more than perfection (video calls, online games, DNS lookups) use UDP.

Technical Definition

User Datagram Protocol (UDP), defined in RFC 768, is a connectionless transport protocol at Layer 4 of the OSI model. Unlike TCP, UDP provides no guarantees of delivery, ordering, or duplicate protection.

The UDP header is minimal: 8 bytes total containing source port, destination port, length, and checksum. This minimal overhead (compared to TCP’s 20+ byte header) makes UDP ideal for:

  • Low-latency applications: VoIP, video conferencing, online gaming where a dropped packet is preferable to the delay of retransmission
  • Simple request-response protocols: DNS (port 53), DHCP (ports 67/68), NTP (port 123), SNMP (port 161)
  • Broadcast/multicast: UDP supports one-to-many delivery, essential for service discovery and streaming
  • Tunneling protocols: WireGuard, OpenVPN (UDP mode), VXLAN

Because UDP has no congestion control, applications must implement their own rate limiting to avoid flooding the network. Modern protocols built on UDP (QUIC, WebRTC) add their own reliability and congestion control layers while keeping UDP’s flexibility.

Key differences from TCP:

FeatureTCPUDP
ConnectionRequired (3-way handshake)None
Delivery guaranteeYes (ACK + retransmit)No
OrderingYes (sequence numbers)No
Header size20-60 bytes8 bytes
Use caseWeb, email, file transferDNS, VoIP, gaming, streaming

UDP traffic analysis 

# Listen for UDP traffic on port 53 (DNS)
$ sudo tcpdump -i eth0 udp port 53 -c 4
12:00:01 IP 192.168.1.10.41234 > 8.8.8.8.53: UDP, length 42
12:00:01 IP 8.8.8.8.53 > 192.168.1.10.41234: UDP, length 58

# Send a UDP packet with netcat
$ echo "test message" | nc -u -w1 10.0.0.1 9999

# Check UDP listening ports
$ ss -ulnp
State  Recv-Q  Send-Q  Local Address:Port  Process
UNCONN 0       0       0.0.0.0:53          users:(("named",pid=1234))
UNCONN 0       0       0.0.0.0:67          users:(("dhcpd",pid=5678))
In the Wild

UDP handles a surprising amount of critical traffic. Every DNS query your machine makes starts as a UDP packet. DHCP uses UDP to assign IP addresses. VoIP systems like Zoom and Teams use UDP for real-time audio and video because a slight glitch is better than buffering. Online games use UDP for player position updates where the latest data matters more than every historical packet. WireGuard VPN runs entirely over UDP. The emergence of QUIC (the protocol underneath HTTP/3) demonstrates the industry moving toward building custom reliability on top of UDP rather than accepting TCP’s fixed constraints.

← Back to Dictionary