UDP: User Datagram Protocol
UDP (User Datagram Protocol) is a simple transport layer protocol defined in RFC 768. It is designed to run on top of IP and is assigned IP protocol number 17.
Key Properties of UDP
- Connectionless and ‘unreliable’;
- Minimal overhead;
UDP is a Connectionless and ‘unreliable’ protocol.
Instead of initiating a connection, UDP splits data into discrete segments and sends them independently. Because there is no sequencing information, the recipient cannot guarantee whether all of the data sent has been received. UDP does still have a checksum, so corrupted data can be discarded, but it is not resent if there is an issue.
It is still possible for applications to perform error checking and correction at the application layer if necessary. For example, if transferring files, you could run a checksum against the fully received file.
Because UDP does not establish connections or implement flow control, far fewer packets need to be sent to transfer data. The UDP header is also much more basic, with just 4 fields and no options.
Multiplexing is used to allow multiple connections simultaneously and to differentiate between the connections for different applications.
When a host receives data, it needs to work out who that data is for – is it HTTP traffic for a web browser, VOIP for Skype or FTP data being transferred. UDP does this using ports.
Hosts manage network connections using sockets which are defined by:
- IP Address
- Transport Protocol (UDP)
- Port number
When a client sets up a connection for an application, it will assign an unused port as the source port. A port number from the ephemeral/dynamic range is used for the connection – it is just assigned for the duration of the connection. All data received on this port is sent on to that application until the connection is terminated.
The destination port that data is sent to is more specific. Popular applications have been assigned port numbers which clients set as the destination port. For example, DNS traffic uses port 53. The server side of the connection can then differentiate between clients using the combination of IP address and the client source port.
There are three ranges of port numbers. IANA (the Internet Assigned Numbers Authority) maintain a registry of port numbers and suggested ranges:
- Well known ports (0 – 1023)
- Registered ports (1024 – 49151)
- Dynamic / Private Ports (49152 – 65535)
Well Known UDP Port Numbers
53 Domain Name System DNS
67 and 68 Dynamic Host Configuration Protocol DHCP
69 Trivial File Transfer Protocol TFTP
123 Network Time Protocol NTP
161 Simple Network Management Protocol
Source Port (16 bits)
UDP port number from which the data is being sent.
Destination Port (16 bits)
UDP port number which the data is being sent to.
Length (16 bits)
Length in bytes of the datagram (header and data). The minimum is 8 bytes – just a UDP header with no data.
Checksum (16 bits)
The checksum is calculated over a ‘pseudo-header’ consisting of the source IP address, destination IP address, 8 bits of zero padding, transport protocol (17 for UDP) and the UDP length.
Follow On Cyber Learning
Network Sockets and Ports
Network sockets are software structures that represent the endpoints of a network connection. A pair of sockets fully specify a network connection, and these connections enable communication in both directions. There are three main types of network socket: datagram, stream and raw.