What is UDP?

In the last blog post, we talked about the basic functions and uses of TCP. While TCP is a protocol designed for communications over networks, it does not provide a lot of protection for data that crosses through a network. To fill this void comes another one of the core internet protocols - UDP. UDP stands for User Datagram Protocol and is yet another way to send messages from one computer to another over the internet. UDP works in a similar way to the way that TCP works, but differs in the fact that UDP is connectionless. This means that there is no need to open a TCP connection between two machines and can simply use UDP to send messages from one machine to another.

As you can see from the name, UDP operates differently than TCP in the sense that, not only does it send messages across networks without opening a tcp connection, but it also does not provide any security for these messages. In other words, unlike TCP which provides an encrypted channel between two machines, UDP on the other hand simply sends information across networks without any protection for these messages. This means that anyone can intercept or even change data sent through this protocol as they see fit.

One of the most famous examples of UDP was when the US Naval Research Lab was hacked in 1996 as a result of the use of UDP for transmission of data from one point to another. The following information packet from the Naval Research Lab (see below) was actually sent over an insecure network, but because it didn't use TCP, it went through without any problems - even if someone else connected to that machine and requested to view the data.

The next screenshot shows you a packet sent by one computer to another computer in via UDP. As you can see, it is not encrypted and therefore anyone could intercept this packet. I've copied the entire packet in the screenshot below so that you can see how it works.

As you can see, there are three fields that explain the structure and contents of each packet: IP, UDP and length. The IP field tells us that this data was sent over network address 192.168.2.2 (The MAC Address of my router). The UDP field tells us that this message had a total size of 229 bytes and finally the length tells us how many bytes are left in the packet (229 in this case).

As we learned in the previous post, TCP messages require an established connection between two machines. In order for a TCP packet to be sent from one machine to another it first needs to be queued up on one of the two machines. For this reason, once a TCP connection is established between two machines, data can immediately be sent without waiting for the other side to receive it. On the other hand, UDP works differently; it does not require any sort of connection and therefore any data sent through this protocol will arrive when its destination receives it.

Conclusion

While TCP is used to establish a connection between two machines, UDP is used to send messages from one machine to another without the need of a connection. As we've learned, UDP has no security and therefore it can be sent through an insecure network in such a way that it passes through without any problems. This is why the Naval Research Lab was hacked, as well as why many sensitive information leaks occur over the internet. For example, in August of 2014 the Privacy Rights Clearinghouse (PRC) discovered that HTTPS connections potentially leak information when data packets are sent over these connections over UDP . Data sent over this protocol includes what webpages you have visited, your entire browsing history even your IP address.