July 14, 2026
Network Protocols Explained: TCP, UDP, HTTP, HTTPS and DNS for Beginners
You learned how data finds the right machine. Now here is how machines actually talk to each other, and why a handful of protocols are…

By UnSaLt3D
4 min read
You learned how data finds the right machine. Now here is how machines actually talk to each other, and why a handful of protocols are where almost all security work happens.
In the last part, you learned how data finds the right machine. The IP address gets it to the right computer, and the port gets it to the right service. But that is only half the story. Once the data arrives, the two machines have to understand each other. The rules they use to do that are called protocols, and a small handful of them are where almost all security work happens.
So, this is the next layer. The four protocols you will run into most, explained for a beginner, and tied to why a defender pays attention to each one.
What a protocol actually is
Picture two people who agree to speak the same language before they talk. That agreement is why they understand each other.
A protocol is the same thing, but for machines. It is just an agreed set of rules for how two computers share information. Both sides know the format ahead of time. So, what one sends, the other can read. Every single thing you do online runs on one protocol or another.
TCP and UDP: how data travels
The first two protocols are about how data gets delivered.
Start with TCP. Think of a phone call, where you keep checking the other person can hear you. TCP works the same way. It sets up a proper connection first. Then it checks that every piece of data arrived. If a piece goes missing, it sends it again. That is why most things use TCP. Loading a web page. Sending an email. You cannot afford missing pieces.
Now UDP. Think of shouting across a room. Fast, but you do not stop to check every word landed. UDP just sends the data. No setup. No checking. That makes it faster. So, it is used for video calls and online games, where speed matters more than a little lost data.
Here is why a defender cares. Because UDP does not check anything, attackers sometimes use it to flood a target or push traffic through quietly. So, knowing which one an alert involves is already a clue.
HTTP and HTTPS: the web, open or encrypted
The next two run the web.
HTTP is how your browser asks a website for a page. But plain HTTP has a problem. It sends everything as readable text. If someone is sitting in the middle of that connection, they can read all of it. What you typed. What the site sent back.
HTTPS fixes that. The difference is one letter. The S means secure. It is the same thing but scrambled. Anyone who intercepts it sees only nonsense. Scrambling data like this is called encryption. It is what keeps your passwords private on the way across.
So here is the point for a defender. Seeing plain HTTP where you expect the secure version, like a login page sending a password as readable text, is worth a closer look.
DNS: the internet's phone book, and a security goldmine
Now the most important one for security. DNS.
Here is what it does. You remember website names, like google.com. But machines do not use names. They use IP addresses. So, something has to turn the name into the address. That something is DNS. Think of it as a phone book. You give it a name. It gives you back the number. Here, the number is an IP address.
You can watch this happen yourself. On almost any computer, you can run a command called "nslookup", give it a website name, and it returns the IP address that name points to. That exact lookup happens silently every time you open any website.
So why does DNS matter most for security. Because almost every attack uses it. Once malware lands on a machine, it needs to contact the attacker's server to get instructions. But first it has to find that server's address. So it does a DNS lookup. The same lookup your browser does. The malware uses the phone book, just like you do.
That is why defenders watch DNS closely. A normal machine looks up normal names. But a machine asking for strange, random domain names, over and over, is a classic sign it is infected and trying to phone home. The phone book becomes the evidence.
Putting it together
TCP and UDP are how data travels, the careful way or the fast way. HTTP and HTTPS run the web, either in plain view or encrypted. And DNS turns names into addresses and sits at the centre of almost every attack.
Next time you read a security alert and see these names, you will actually know what each one is telling you. In the final part of this series, we put all of it together and follow how a real attack travels through a network, step by step, using everything you have learned.