TCP/UDP Help needed

[keavlar]

Hi there.

 

It looks stupid to ask, but can someone please explain when you been asked, if you know TCP/UDP, what does it mean?

I read about it, I do understand how it works, but I just don't get the question, if you know it?

It is not like Java the "if" statements.

 

Also, maybe aby one can provide the website, or online books regarding the servers and protocols (to learn), as the search results for each and every one of us is different,

I am sure, you have other websites to suggest me. 

 

Thanks in advance. 

[Skiiwee29]

Easiest way to think about it is that TCP requires confirmation the packet was sent and received. If not, it stops and resends the packet or packets it did not get an acknowledgement from the other end as having received a good packet. This is known as the TCP Handshake.  UDP on the other hand, doesnt care and sends the packet assuming the other side received it just fine. 

[ZeouLs]

I would say something like both are Transport Layer Protocols.

TCP stands for Transmission Control Protocol while UDP means User Datagram Protocol. And then Pros and Cons and what the difference is like TCP sends 2 adresses with the package, one for where the package goes and the other is your own adress since TCP needs a confirmation back from where the packets are sent while UDP does send the packets all day long

 

 

[Skiiwee29]

With the TCP handshake, if you ever did a wireshark packet capture, you would see that each packet is assigned a number that the receiving side acknowledges it received. If it doesnt acknowledge it, the sending side can then determine which packet it needs to resend based on that number that did not get the acknowledgement. 

[keavlar]

Just now, Skiiwee29 said:

Easiest way to think about it is that TCP requires confirmation the packet was sent and received. If not, it stops and resends the packet or packets it did not get an acknowledgement from the other end as having received a good packet. This is known as the TCP Handshake.  UDP on the other hand, doesnt care and sends the packet assuming the other side received it just fine. 

 

Just now, ZeouLs said:

I would say something like both are Transport Layer Protocolls.

TCP stands for Transmission Control Protocll while UDP means User Datagram Protocoll

Guys, 

Thanks, but I do know what they do and the difference. 

But for some reason, when applying to malware analyst, it is not enough. 

And every time someone ask, do you know TCP/UDP it is not what they do, but more than that.

[LAwLz]

Yeah, I don't get the question either.

It's like asking "do you know wheels". You can answer that you know what they are and that they are used in for example cars, but the question has to be more specific to give any proper answer.

[BSpendlove]

13 hours ago, keavlar said:

 

Guys, 

Thanks, but I do know what they do and the difference. 

But for some reason, when applying to malware analyst, it is not enough. 

And every time someone ask, do you know TCP/UDP it is not what they do, but more than that.

Probably looking into the more specifics of TCP and UDP (compare and contrast) with features such as how TCP and windowing works, the 3 way handshake, latency, Maximum segment size, tcp slow starts, demonstrating a good knowledge of what TCP should look like with the acknowledging, sequencing and how UDP can affect TCP traffic within a stream since standard UDP would drain out TCP since it has no in-built features into the protocol itself to reduce a 'bottleneck' or what I mean is UDP can't dynamically adjust packets being sent between hosts that both agree how much data they can receive like TCP does with windowing. (maybe compared to something like people that implement TCP like features within upper layers with UDP)

 

You can't just define TCP as: "oh it uses a three way handshake, has sequencing and acknowledgements, and is also more reliable than UDP"... the TCP/IP illustrated book is a well known book that dives deep into the gritty basics of tcp/udp/also routing protocols etc..

[beersykins]

On 7/24/2018 at 2:21 AM, keavlar said:

But for some reason, when applying to malware analyst, it is not enough. 

I imagine they were expecting more of an angle of how to fingerprint traffic flows between the two.  

[keavlar]

On 7/24/2018 at 5:22 PM, LAwLz said:

Yeah, I don't get the question either.

It's like asking "do you know wheels". You can answer that you know what they are and that they are used in for example cars, but the question has to be more specific to give any proper answer.

 

On 7/25/2018 at 1:55 AM, BSpendlove said:

Probably looking into the more specifics of TCP and UDP (compare and contrast) with features such as how TCP and windowing works, the 3 way handshake, latency, Maximum segment size, tcp slow starts, demonstrating a good knowledge of what TCP should look like with the acknowledging, sequencing and how UDP can affect TCP traffic within a stream since standard UDP would drain out TCP since it has no in-built features into the protocol itself to reduce a 'bottleneck' or what I mean is UDP can't dynamically adjust packets being sent between hosts that both agree how much data they can receive like TCP does with windowing. (maybe compared to something like people that implement TCP like features within upper layers with UDP)

 

You can't just define TCP as: "oh it uses a three way handshake, has sequencing and acknowledgements, and is also more reliable than UDP"... the TCP/IP illustrated book is a well known book that dives deep into the gritty basics of tcp/udp/also routing protocols etc..

 

On 7/25/2018 at 7:28 PM, beersykins said:

I imagine they were expecting more of an angle of how to fingerprint traffic flows between the two.  

THIS is what I basically asked for. But thx any way for help. Maybe now you also can tell me, what is teh correct way to ask my question. Thx

 

How TCP_IP Protocol Works - Part 1.pdf

How TCP_IP Protocol Works - Part 2 .pdf

TCP IP Book.pdf

[Brian Blankenship]

TCP

[Brian Blankenship]

UDP