When data is fed to TCP, TCP breaks it into smaller, more manageable pieces called packets. A header is written for each packet which specifies the originating IP address, the destination IP address, the sequence number and some other key identifying information.
When the packets leave to traverse the Internet and get to their destination they may not take the same path. There are thousands of routers and complex algorithms help to decide from nanosecond to nanosecond which path is going to be the best path for the next packet. This means that the packets may not arrive at their destination in the same order they were sent out. It is the responsibility of the TCP protocol on the receiving end to look at the sequence number in the packet headers and put the packets back in order.
If there are missing packets error messages are sent back to let the sending computer know to resend the data. TCP also does flow control by sending messages between the two hosts letting them know to speed up or slow down the rate of sending packets depending on network congestion and how fast the receiving computer can handle processing the incoming packets.
UDP is another protocol that works with IP networks. Unlike TCP, UDP does not establish a connection. UDP does not provide any sort of error protection or flow control. It is primarily used for broadcasting messages. The sending host gets no acknowledgement that the message was successfully received.
Because UDP does not take the time to set up a connection between the two hosts, perform flow control to monitor network congestion or do the sort of error-checking and receipt acknowledgement that TCP does, it has much less overhead in terms of time and resources. Some services that benefit from this are DNS, SNMP and streaming multimedia (for example watching a video clip over the Internet).
Now that we have covered TCP, UDP and ports we can move on to discussing firewalls. A basic firewall is designed to block or control what traffic is allowed into or out of your computer or network. One way to do this is to simply block all incoming TCP and UDP traffic on all ports. For many home users this will work just fine. The firewall will still allow a response using the TCP or UDP ports through as long as the connection was initiated by your computer, but blocking in this manner will make sure no external computers can initiate a session with your computer.