Skip to content

UDP - User Datagram Protocol

Some protocols care about delivery.
UDP does not.
It is not about reliability. It is about speed, simplicity, and minimal overhead.
UDP is the protocol of choice when timing matters more than accuracy.

What this page covers

  • What UDP is and what it does
  • How it fits into the TCP/IP stack
  • How it handles data transmission
  • How it is structured and used
  • How it can be abused or defended
  • Tools I use to explore it

This page is my reference for understanding UDP as a transport protocol, a performance tool, and a risk surface.

What UDP Actually Is

UDP is a connectionless transport protocol.
It sends datagrams without establishing a session or waiting for acknowledgments.
There is no guarantee of delivery, order, or integrity.

UDP is one of two protocols that almost all others on higher levels of the OSI Model use. It is fundamental to the core functionality of the internet.

How UDP Lives in the TCP/IP Stack

  • OSI Layer: Transport Layer (Layer 4)
  • Encapsulation:
  • UDP datagrams are wrapped in IP packets
  • IP packets are sent across the network
  • Ports: UDP uses port numbers to identify services
  • Example: Port 53 for DNS, Port 161 for SNMP

UDP is the lightweight alternative to TCP.
It trades reliability for speed and simplicity.

How UDP Works

  • No handshake or session setup
  • Each datagram is independent
  • No retransmission or acknowledgment
  • Minimal header (only 8 bytes)

UDP is ideal for applications that can tolerate loss or handle reliability themselves.

UDP and Security

UDP can be abused in several ways:

  • UDP scanning: attackers probe open UDP ports
  • Amplification attacks: used in DDoS via protocols like DNS or NTP
  • Spoofing: easy to forge source IPs
  • Data exfiltration: covert channels using UDP payloads

Defenses include:

  • Filtering unused UDP ports
  • Rate limiting and anomaly detection
  • Monitoring for unusual traffic patterns

Tools I Use to Explore UDP

nmap

  • Scan for open UDP ports
  • Example: nmap -sU 10.10.10.1

tcpdump

  • Capture and analyze UDP traffic
  • Example: tcpdump udp port 53

netcat

  • Send and receive UDP packets manually
  • Example: nc -u 10.10.10.1 12345

These tools help me understand how UDP behaves, how it communicates, and how it can be tested or abused.

Final Thought

UDP is a shout into the void.
It does not wait for a reply.
It is the protocol of speed, simplicity, and risk.

This page is my study of that shout.
Not just how UDP works, but when to use it, how to secure it, and how to understand its role in the stack.