During many of my interviews, I have been asked whether I understood TCP and UDP, and how they differed from each other. While I knew that TCP had an error-checking procedure that made the protocol more reliable but slower than UDP, my understanding was limited. Although I had learned about the detailed structure of these protocols in school, I didn’t have a chance to get hands-on experience with them. However, I later discovered an easy way to explore TCP and UDP packets using Windows Subsystem for Linux (WSL) and WireShark. As a result, I would like to share what I have learned today.

---

Table of Contents:

• Setup TCP client and server with NetCat
  • 1. Install netcat
    • 2. Install Wireshark
    • 3. Setting up Wireshark
    • 4. Setting up TCP/UDP server and client
    • 5. Checking Result on Wireshark

Setup TCP client and server with NetCat

1. Install netcat

In WSL
sudo apt-get install netcat
To know the argument for netcat or nc you can use
man netcat

2. Install Wireshark

3. Setting up Wireshark

Open Wireshark and select Adapter for loopback traffic capture
In the Apply a display filter box type tcp.port == 5000 because we will use port 5000 for transmitting and receiving.

4. Setting up TCP/UDP server and client

You can open 2 WSL windows, one for client and the other for server

• TCP:
  server
  nc -l localhost 5000
  This means listen with TCP at port 5000 on localhost
  client
  nc -v localhost 5000 <<< 'sup buddy'
  If it is successful, it will show
  Connection to localhost 5000 port [tcp/*] succeeded!
• UDP:
  server
  nc -l -u localhost 5000
  client
  nc -v -u localhost 5000 <<< 'sup buddy'
  Alternatively, you can also try the command cat textfile > /dev/tcp/HOST/PORT to send message to the server

5. Checking Result on Wireshark

If you follow all of the steps correctly, you will see 3 ways handshake and all the payloads that come with it.

Also, you can go to Statistics > Flow Graph under Flow Type select TCP to see the flow of traffic