During many of my interviews, I have been asked whether I understood TCP and UDP, and how they differed from each other. While I knew that TCP had an error-checking procedure that made the protocol more reliable but slower than UDP, my understanding was limited. Although I had learned about the detailed structure of these protocols in school, I didn’t have a chance to get hands-on experience with them. However, I later discovered an easy way to explore TCP and UDP packets using Windows Subsystem for Linux (WSL) and WireShark. As a result, I would like to share what I have learned today.
Setup TCP client and server with NetCat#
1. Install netcat#
In WSLsudo apt-get install netcat
To know the argument for netcat or nc you can useman netcat
2. Install Wireshark#
3. Setting up Wireshark#
Open Wireshark and select Adapter for loopback traffic capture
In the Apply a display filter box type tcp.port == 5000 because we will use port 5000 for transmitting and receiving.
4. Setting up TCP/UDP server and client#
You can open 2 WSL windows, one for client and the other for server
- TCP:
servernc -l localhost 5000
This means listen with TCP at port 5000 on localhost
clientnc -v localhost 5000 <<< 'sup buddy'
If it is successful, it will showConnection to localhost 5000 port [tcp/*] succeeded! - UDP:
servernc -l -u localhost 5000
clientnc -v -u localhost 5000 <<< 'sup buddy'
Alternatively, you can also try the commandcat textfile > /dev/tcp/HOST/PORTto send message to the server
5. Checking Result on Wireshark#
If you follow all of the steps correctly, you will see 3 ways handshake and all the payloads that come with it.
Also, you can go to Statistics > Flow Graph under Flow Type select TCP to see the flow of traffic