266 PART II Core Protocols The little "echo" port is not listed because it is not running on this host. Note that the syslogd process in FreeBSD listens on both the UDP and TCP ports (in this case, port 514) for clients. What about Windows XP? The command here is netstat ­a (all), but be prepared to be surprised. Windows hosts listen to a larger number of sockets than Unix systems. It depends on exactly what the system is doing, but even on our "quiet" test network, winsrv2 has 25 TCP and 19 UDP processes waiting to spring into action. They range from Netbios (an old IBM and Microsoft LAN protocol) to Microsoft-specific functions. Heavily loaded systems have even higher numbers. What about looking at UDP with IPv6? It's not really necessary. We are now high enough in the TCP/IP protocol stack not to worry about differences between IPv4 and IPv6. (In practical terms, we still have to worry about DNS a bit, but we'll talk about that in Chapter 19.) With the exception of the checksum use and something called the pseudo-header, UDP is the same in both. WHAT UDP IS FOR UDP was defined in RFC 768 and refined in RFC 1122. All implementations must follow both RFCs to make interoperability reliable, and all do. UDP uses IP protocol ID 17. Any IPv4 or IPv6 packet received with 17 in the protocol ID field is given to the local UDP service. UDP is defined as stateless (no session information is kept by hosts) and unreliable (no guarantees of any QoS parameters, not even delivery). This does not mean that UDP traffic is somehow lower priority on the network or through routers. It's not as if UDP traffic is routinely tossed by stressed-out routers. It just means that if the appli- cation using UDP needs to keep track of a session history ("How many datagrams did you get before that link failed?") or guaranteed delivery ("I'm not sending any more until I know if you got the datagrams I sent."), then the application itself must do it, because UDP can't and won't. Nevertheless, there is a whole class of applications that use UDP, some almost exclusively. These are applications that are invoked to exchange quick, request­ response pairs of messages, such as DNS ("Quick! What IP address goes with www. example.com ?"). These applications could suffer while waiting for all the overhead that TCP requires to set up a connection between hosts before sending a message. Multicast allows one source to send a single packet stream to multiple destina- tions (TCP is strictly a one-source-to-one-destination protocol), so UDP must be used for multicast data transfer as well. Multicast is not only used with video or audio, but also in applications such as the Dynamic Host Configuration Protocol (DHCP). In other words, UDP is a low-overhead transport for applications that do not need, or cannot have, the "point-to-point" connections or guaranteed delivery that TCP provides. Packets carrying UDP traffic in IPv4 sometimes have the DF (Don't Fragment) bit set in the IPv4 header. However, no one should be surprised or upset to find a UDP datagram riding inside an IPv4 packet without the DF bit set.