Figure A contains a section of the standard port definition file you can download from http://www.isi.edu/in-notes/iana/assignments/port-numbers. Notice that all the port numbers have two entries, one for User Datagram Protocol (UDP) and one for Transmission Control Protocol (TCP) ports. The NetBIOS entries at the top of the screen initiate or respond to connections on ports 137, 138, and 139. The NetBIOS Name Service (which has the abbreviation netbios-ns in the figure) uses TCP port 137 and UDP port 137. The NetBIOS Datagram Service (netbios-dgm in the figure) uses TCP port 138 and UDP port 138. The NetBIOS Session Service (netbios-ssn in the figure) uses TCP port 139 and UDP port 139.

So what's the difference between these two port types? UDP is a connectionless protocol that runs on top of IP (UDP/IP), and TCP is a connection-oriented protocol that runs on top of IP (TCP/IP). Connectionless means that a host can send a message to another host without first establishing a connection with the recipient. The host simply puts a message onto the network with a destination address and hopes that the message arrives. In addition, the transmission or receipt of a UDP packet doesn't guarantee any further communication in either direction. Because a UDP packet doesn't require an existing connection, network systems use UDP primarily for broadcasting messages (i.e., a one-to-many sending, much like unsolicited junk email). The most common UDP packets—DNS registrations and name-resolution queries—are sent to port 53.

In contrast, TCP ports support only connection-oriented protocols. A connection-oriented protocol requires that network endpoints establish a channel between them before they transmit messages. Whereas incoming UDP traffic indicates an unsolicited message that doesn't necessarily require a response, incoming TCP messages arrive because someone is trying to establish a point-to-point connection with your system and, in turn, is expecting a response.