Basic TCP and UDP Demos w/ netcat and telnet

I am currently working on a network & security training, module “OSI Layer 4 – Transport”. Therefore I made a very basic demo of a TCP and UDP connection in order to see the common “SYN, SYN-ACK, ACK” for TCP while none of them for UDP, “Follow TCP/UDP Stream” in Wireshark, and so on. I wanted to show that it’s not that complicated at all. Every common application/service simply uses these data streams to transfer data aka bytes between a client and a server.

That is: Here are the Linux commands for basic lab, a downloadable pcap, and, as always, some Wireshark screenshots:


Listening with netcat on the server on port 1337:

Verifying the listening port:

In my case, this looks like:

Now connecting from the client to the server with telnet:

In my case, along with some text messages in both directions:

Wireshark reveals the TCP flags in the Info column for connection establishment and termination. Have a look at the ACKs directly after each sent message, regardless of which direction. Finally, a “Follow TCP Stream” shows the raw data, coloured by the way they were transmitted:


Basically the same with UDP. Listening on the server on port 2311:

Proto type “udp6” is shown with netstat:

Connecting from the client, using netcat (and not telnet, which is not capable of UDP):

Now my demo, again with some text messages and umlauts:

Wireshark’s glasses. No connection establishment nor termination. No ACKs. Only the raw data in both directions. One single UDP packet per sent text message. Quite easy. “Follow UDP Stream” works as well:


Have a look at the corresponding pcap, if you like. 7zipped, 1 KB:

Featured image “Slices of rye bread with butter on a wooden board” by Marco Verch Professional Photographer and Speaker is licensed under CC BY 2.0.

2 thoughts on “Basic TCP and UDP Demos w/ netcat and telnet

  1. It’s correct that UDP is usually one packet per information, but if the information is too large to fit into a single packet it will be fragmented at the IP layer. In that case its more than one packet per information.

    1. Or… your application might find out and switch to tcp (like DNS does). Beware of stability and availability issues.

Leave a Reply

Your email address will not be published. Required fields are marked *