UNIT_1

1. Traditional Commerce :
Traditional commerce refers to the commercial transactions or exchange of information, buying or
selling of product/services from/to person without use of internet which is a older method of business
style and comes under traditional business. Now a days people are not preferring this as it is time
taking and needs physical way of doing business.
Example includes physical market/bazzar.
2. E-commerce :
E-commerce refers to the commercial transactions or exchange of information, buying or selling
product/services electronically with the help of internet which is a newer concept of business style
and comes under e-business. Now a days people are preferring this as it is less time taking and
does not need physical way of doing business .Everything can be done with laptop or smartphone
and internet.
Example includes online shopping sites.
Difference between Traditional Commerce and E-commerce :

S.No. TRADITIONAL COMMERCE E-COMMERCE

Traditional commerce refers to the
commercial transactions or exchange of
information, buying or selling E-commerce refers to the commercial transactions or
product/services from person to person exchange of information, buying or selling
01. without use of internet. product/services electronically with the help of internet.

In traditional commerce it is difficult to In E.commerce it is easy to establish and maintain

02. establish and maintain standard practices. standard practices.

In traditional commerce direct interaction In E.commerce indirect interaction through seller and
03. among seller and buyer is present. buyer occurs using electronic medium and internet.

Traditional commerce is carried out by

face to face, telephone lines or mail E-commerce is carried out by internet or other network
04. systems. communication technology.

In traditional commerce processing of

05. transaction is manual. In e-commerce processing of transaction is automatic.

In traditional commerce delivery of

06. goods is instant. In e-commerce delivery of goods takes time.

Its accessibility is for limited time in a

07. day. Its accessibility is 24×7×365 means round the clock.

Traditional commerce is done where E-commerce is used to save valuable time and money.
08. digital network is not reachable. Digital network in necessary.

Traditional commerce is a older method

of business style which comes under E-commerce is a newer concept of business style which
09. traditional business. comes under e-business.

10. Its resource focuses on supply side. Its resource focuses on demand side.

In traditional commerce customers can

inspect products physically before In e-commerce customers can not inspect products
11. purchase. physically before purchase.

The business scope is in a limited Its business scope is worldwide (Global access) as it is
12. physical area. done through digital medium.

For customer support, information

exchange there is no such uniform For customer support, information exchange there is
13. platform. exists a uniform platform.

1)B2C( business to consumer ):

-ENTERTAINMENT
-FINANCIAL SERVICES.

-ESSENTIAL SERVICES(home shoping,telemedicine)

-EDUCATION AND TRAINING ( interactive education, video conferencing etc)

Operational rules :

-the cost is less

-should be more convenient or faster

2)B2B( business to business)

-it is a market link transaction

-it is also an inter-organization e-commerce

-it occurs between two organization.

-it includes purchasing ,procurement ,supplier management , payment management and services.

-it includes EDI(electronic data interchange)

3)C2C(consumer to consumer)

-it involves transaction between and among consumer

-this can include

-kinabika .com

4)C2B:

-information brokerage and data services:-it provides service integration

-information brokerage is a interface who provide service integration between customer and information provider ,
given some constraint such as low price, fast services or profit maximization for a client .

-FX COMPANY provides not only the currency exchange rate , but also gives risk management .

E-Commerce Advantages
The internet might be the single most important facet of modern society. It plays a primary role
in everything from political discourse and higher education to the way we conduct ourselves and our
businesses. It's no wonder, then, that switching to an e-commerce model comes with significant
advantages.
1)E-commerce eliminates the need for physical stores and allows businesses to expand their
customer base. 
On top of eliminating the possibility of long lines, e-commerce sites offer a huge advantage to both
shoppers and stores that aren't located in major urban areas. Even if you are located in a big city, e-
commerce opens up new markets, allowing you to develop a new business model  toward your
expanding consumer base. Many businesses have found particular success in developing good e-
commerce Search Engine Optimization, which drives more traffic to the site.
2)Your business can also save money on rent, utilities, maintenance, and other costs
associated with physical stores. 
Your e-commerce store can essentially remain open 24/7 without hiring employees to watch over the
store and protect items. Since you aren't confined to a set amount of shelf space, there is no limit to
the number of items that can be sold online, and your store's stock can expand exponentially.
Physical products will still have to be stored somewhere, but storage spaces are often cheaper than
retail spaces, and you won't have to worry about factors like foot traffic and parking spaces.
3)Digital products can be sold online with little or no overhead cost. 
Thanks to e-commerce, consumers can purchase music, videos, or books instantaneously. Stores
can now sell unlimited copies of these digital items, without having to worry about where they'll store
the inventory.
4) E-commerce allows your business to scale up easier than physical retailers. 
When a brick-and-mortar store grows, it needs to consider how it will serve more customers in the
same small space. More employees are needed to expedite check-outs, more of the floor gets
dedicated to forming lines, shoppers feel more crowded as customer base and inventory grows. Of
course, logistics always get tougher as a business grows, no matter how the business operates. With
the right choice of a third-party logistics provider, however, e-commerce companies can manage this
growth without worrying about the physical store aspects.
5)Keeping contact with customers is often easier for e-commerce businesses.
 Since the e-commerce merchant captures contact information in the form of email, sending out both
automated and customized emails is simple. Let customers know about a sale, promote a new
product, or just check in with customers for a personal touch—all with minimal effort. Additionally,
web tools like cookies allow for superior store customization and consumer behavior analysis.
6)The benefits consumers enjoy are shared by e-commerce companies when it comes to the
supply chain.
 Consumers like online shopping because they don't have to deal with cash, worry about schedules,
or wait in long lines. Those benefits also apply to entire supply chains interlinked with business-to-
business e-commerce systems. Procurement becomes faster, transparent, and there's no need to
handle currency notes or cash. The result is cheaper, easier transactions with fewer opportunities for
accounting errors.
7) Data provided by the consumer can be shared by e- commerce companies
8) e-commerce allows your business to track logistics, which is key to a successful e-
commerce company. 
Having everything digitized makes it easier to automatically collect data and crunch numbers. While
you can benefit from knowing what's selling best, you can also afford to take more risks on low-
volume goods. The conventional retail strategy focuses on stocking fast-moving goods, but the
economics of e-commerce permits slow-moving and even obsolete products to be included in the
catalog. Storage is less expensive, and displaying the product is as easy as adding another item
page to your site.

E-Commerce Disadvantage /Drawbacks:

While it may initially seem like e-commerce will solve all your business problems, there are
disadvantages to switching from a physical location to an online store.
1) Many consumers still prefer the personal touch and relationships with the business house:
This can be especially valuable to customers shopping for specialized products, as they may want to
consult an expert about the best product for their needs. A solid customer service hotline can't
replace face-to-face interaction with a specialized sales rep. Additionally, many customers want to
experience the product before purchase, like when shopping for clothes.
2) Security of transaction and credit card fraud are huge when dealing with online shopping. 
Consumers run the risk of identity fraud and similar hazards every time they enter their details into a
site. If your site doesn't convince shoppers that the check-out process is secure, they could get
scared out of buying. On the other hand, businesses run the risk of phishing attacks and other forms
of cyber attacks. If one of your employees opens just one malicious link, it could compromise your
website functionality, financial information—or worst of all, your customers' information.
3) Sometime consumers wants is not satisfied in time.
They often have to either pay more for expedited shipping or wait for several days until the product
arrives. The wait could drive away customers. For businesses, the shipping becomes extra
complicated when a customer wants a refund. Growing e-commerce businesses need to expand
their reverse logistics functions, meaning the shipping back of goods and refunding of costs.

4) Refund is difficult if reverse logistic is not developed properly

Speaking of costs, there's a multiplicity of regulations and taxes that come with opening an e-
commerce shop (and a fair amount of confusion, as well). On June 21, 2018, the U.S. Supreme
Court ruled that states can charge sales tax on e-commerce transactions. But the Supreme Court left
it up to states to decide what size of online retailers must pay sales tax, and what that tax rate will be.
That's just one example of the regulatory confusion that has stemmed from e-commerce's rapid
growth, and it doesn't even touch on international trade laws. The result is a regulatory patchwork that
retailers are responsible for learning, no matter how complicated.
5) Good for Consumers, Bad for Businesses
Some aspects of e-commerce don't fit nicely into just the pro or con side of the argument. Unique
issues present an advantage to shoppers while adding difficulty for businesses. Customers might be
buying, but the business could suffer in other ways.
5) Price comparison is a major advantage for customer but it can restrict businesses. 
Consumers can compare prices with a simple click, rather than crossing town to check another store.
Many shoppers will search for the absolute lowest price, and if you can't offer it, you will probably lose
the sale.
6) Even if you can offer lower prices ( to compete in these price wars) the profits decline. 
Though there is nothing about e-commerce that's intrinsically tied to discounts, the way online
business has evolved has led to lower prices. Buyers love the lower prices, but sellers—not so much.
7) Shipping of goods is convenient for consumers, but it is inconvenience to the business. 
Shoppers love having things delivered right to their doorstep, but the logistics of delivery adds
substantial strain to the e-commerce business operation. The more you ship, the bigger the burden
becomes. Logistics and management can become a nightmare, even as the business enjoys steady
profit growth and customer retention.

E-commerce business models can generally be categorized into the following categories.
 Business - to - Business (B2B)
 Business - to - Consumer (B2C)
 Consumer - to - Consumer (C2C)
 Consumer - to - Business (C2B)
 Business - to - Government (B2G)
 Government - to - Business (G2B)
 Government - to - Citizen (G2C)
Business - to - Business
A website following the B2B business model sells its products to an intermediate buyer who then
sells the product to the final customer. As an example, a wholesaler places an order from a
company's website and after receiving the consignment, sells the endproduct to the final customer
who comes to buy the product at one of its retail outlets.

Business - to – Consumer:
A website following the B2C business model sells its products directly to a customer. A customer can
view the products shown on the website. The customer can choose a product and order the same.
The website will then send a notification to the business organization via email and the organization
will dispatch the product/goods to the customer.
Consumer - to - Consumer
A website following the C2C business model helps consumers to sell their assets like residential
property, cars, motorcycles, etc., or rent a room by publishing their information on the website.
Website may or may not charge the consumer for its services. Another consumer may opt to buy the
product of the first customer by viewing the post/advertisement on the website.

Consumer - to - Business
In this model, a consumer approaches a website showing multiple business organizations for a
particular service. The consumer places an estimate of amount he/she wants to spend for a
particular service. For example, the comparison of interest rates of personal loan/car loan provided
by various banks via websites. A business organization who fulfills the consumer's requirement
within the specified budget, approaches the customer and provides its services.
Deep
Business - to – Government:
B2G model is a particular type of B2B model. Such websites are used by governments to trade and
exchange information and goods with various business organizations. Such websites are accredited
by the government and provide a medium for businesses and to submit application forms to the
government.

Government – to – Business:

Governments use B2G model websites to approach business organizations. Such websites support
auctions, tenders, and application submission functionalities.

Government – to – Citizen:
Governments use G2C model websites to approach citizen in general. Such websites support
auctions of vehicles, machinery, or any other material. Such website also provides services like
registration for birth, marriage or death certificates. The main objective of G2C websites is to reduce
the average time for fulfilling citizen’s requests for various government services.

UNIT-2
Network Architecture Basics:
Before you can truly understand network security, you have to first understand network architecture. As
you may know, every network design can be divided into seven logical parts, each of which handles a
different part of the communication task. This seven-layered design is called the OSI Reference Model.
It was created by the International Standards Organizations (ISO) to provide a logical model for
describing network communications, and it helps vendors to standardize equipment and software. Figure
3.1 shows the OSI Reference Model and gives examples of each layer.

Figure 3.1. The OSI Reference Model

Physical
This layer is the actual physical media that carries the data. Different types of media use different
standards. For example, coaxial cable, unshielded twisted pair (UTP), and fiber optic cable each serve a
different purpose: coaxial cable is used in older LAN installations as well as Internet service through cable
TV networks, UTP is generally used for in-house cable runs, while fiber optic is generally used for long-
haul connections that require a high load capacity.So fiber optic is used for intercontinental network
connectivity.

Data Link layer:

This layer relates (connect) different pieces of network interface hardware(NIC) on the network. The
function of this layer is to encode the data and put it on the physical media. It also allows devices to
identify each other when trying to communicate with another node( computer). An example of a data link
layer address is network card's MAC address.

(the MAC address doesn't have anything to do with any computers; it's the Medium Access Control
number that uniquely identifies your computer's card on the network.) On an Ethernet network, MAC
addresses are the way by which your computer can be found. Corporations used many different types of
data link standards in the 1970s and 80s, mostly determined by their hardware vendor. IBM used Token
Ring for their PC networks, DEC used a different standard, and Apple used yet another. Most companies
use Ethernet today because it is widespread and cheap.

Network
This layer is the first part that you really see when interacting with TCP/IP networks. The network layer
allows for communications across different physical networks by using a secondary identification layer. On
TCP/IP networks, there is an IP address. The IP address on your computer helps to get your data routed
from one place to otherplace on the network and over the Internet. This address is a unique number to
identify your computer on an IP-based network. In some cases, this number is unique to a computer; no
other machine on the Internet can have the same address. This is the case with normal publicly routable
IP addresses. On internal LANs, machines often use private IP address blocks. These have been reserved
for internal use only and will not route across the Internet. These numbers may not be unique from
network to network but still must be unique within each LAN. While two computers may have the same
private IP address on different internal networks, they will never have the same MAC address, as it is a
serial number assigned by the NIC manufacturer. There are some exceptions to this (see the sidebar
Follow the MAC), but generally the MAC address will uniquely identify that computer (or at least the
network interface card inside that computer).

Transport
This level handles getting the data packet from point A to point B. This is the layer where the TCP and
UDP protocols reside. TCP (Transmission Control Protocol) basically ensures that packets are consistently
sent and received on the other end. It allows for bit-level error correction, retransmission of lost
segments, and fragmented traffic and packet reordering. UDP (User Datagram Protocol) is a lighter weight
scheme used for multimedia traffic and short, low-overhead transmissions like DNS requests. It also does
error detection and data multiplexing, but does not provide any facility for data reordering or ensured data
arrival. This layer and the network layer are where most firewalls operate.

Session
The session layer is primarily involved with setting up a connection and then closing it down. It also
sometimes does authentication to determine which parties are allowed to participate in a session. It is
mostly used for specific applications higher up the model.

Presentation
This layer handles certain encoding or decoding required to present the data in a format readable by the
receiving party. Some forms of encryption could be considered presentation. The distinction between
application and session layers is fine and some people argue that the presentation and application layers
are basically the same thing.
Application
This final level is where an application program gets the data. This can be FTP, HTTP, SMTP, or many
others. At this level, some program handling the actual data inside the packet takes over. This level gives
security professionals fits, because most security exploits happen here.

Web system architecture :

When building a web application, there are three main principles to bear in mind. From a customer’s
point of view, the application should be simple, aesthetically pleasing, and address most of their
problems. From the business aspect, a web application should stay aligned with its product/market
fit.From a software engineer’s perspective, a web application should be scalable, functional, and able
to withstand high traffic loads.

Web Application Architecture:

So, what is a web application and how is it different from a website?

The basic definition of a web application is that a program that runs on a browser. It’s not a website,
but the line between the two is fuzzy. To differentiate a web application from a website,we have to
remember these three formal characteristics of a web application:

 Addresses a particular problem, even if it’s simply finding some information.

 It is as interactive as a desktop application.
 It has a Content Management System.

A website is traditionally understood to simply be a combination of static pages. But today, most
websites consist of both static and dynamic pages ,which makes almost all modern activities (i.e
web applications). Here we will use the terms interchangeably.

 Your computer, or Smartphone, or any other device you’re browsing with is called a client. The
other half of the web equation is called a server because it serves you the data you request.
Their communication is called a client-server model, whose main concern is receiving your
request and delivering the response back.

 Web application architecture is a mechanism that determines how application components

communicate with each other. Or, in other words, the way the client and the server are
connected is established by web application architecture.
 Web applications of different sizes and complexity levels all follow the same architectural
principle, but details may differ. We will further explain how a basic request-response process
works and what components comprise the architecture.
  How does the web request work?
 To understand the components of web application architecture, we need to understand how
they are used in performing the most basic action – receiving and responding to a web
request.

First, you visit amazon.com. You type in the URL and as you hit Enter, your browser prepares to
recognize this URL, because it needs to know the address of the server where the page is located.
So it sends your request to the Domain Name Center (DNS) (it is a repository of domain names and
their IP addresses). If you’ve already visited Amazon from the same browser, it will pull the address
from the cache memory. Then, a browser sends the request to the found IP address using the
HTTPS protocol.

Domain name IP address

Amazon.com 192.897.456

Flipcart.com 189.786.567

Second, the web server processes the request. The web server where Amazon.com is located
catches the request and sends it to the storage area to locate the page and all data that follows with
it. But its route is held via Business Logic (also called Domain Logic and Application Logic). BL
manages how each piece of data is accessed and determines this workflow specifically for each
application . As BL processes the request, it sends it to storage to locate the looked-for data.
Third, you receive your data. Your response travels back to you and you see the content of the web
page on your display. The graphical interface you see when scrolling Amazon’s or any other website
is called the front end of an application – it depicts all UX and UI components so that a user can
access the information they came looking for.

Web application architecture components and Three-Tier Architecture:

Most web applications are developed by separating its main functions into layers, or tiers. This allows
you to easily replace and upgrade each layer independently. This architectural pattern is called Multi-
or Three-Tier Architecture.

Presentation layer:
The presentation layer is accessible to users via a browser and consists of user interface components
and UI process components that support interaction with the system. It’s developed using three core
technologies: HTML, CSS, and JavaScript. While HTML is the code that determines what your
website will contain, CSS controls how it will look. JavaScript and its frameworks make your website
interactive – responsive to a user’s actions. Developers use JavaScript frameworks such
as Angular and React to make the content on the page dynamic.

Business layer:
This layer, also called Business Logic or Domain Logic or Application Layer, accepts user requests
from the browser, processes them, and determines the routes through which the data will be
accessed. The workflows by which the data and requests travel through the back end are encoded in
a business layer. For example, if your application is a hotel booking website, business logic will be
responsible for the sequence of events a traveler will go through when booking a room.

Although business rules can be a manifestation of the business logic, they are not the same.
Sometimes business rules are extracted and managed separately, using a Business Rules
Management System, as we discussed in our article on back office systems.
Persistence layer:
Also called the storage or data access layer, the persistance layer is a centralized location that
receives all data calls and provides access to the persistent storage of an application. The
persistence layer is closely connected to the business layer, so the logic knows which database to
talk to and the data retrieving process is more optimized.

The data storage infrastructure includes a server and a Database Management System, software to
communicate with the database itself, applications, and user interfaces to obtain data and parse it.
Typically you can store your data either in owned hardware servers or in the cloud –

( meaning, that you purchase data center management and maintenance services while
accessing your storage virtually. Using the services of cloud technology providers such as Amazon,
Google, or Microsoft, you can utilize Infrastructure-as-a-Service, Platform-as-a-Service, or server less
approaches to cloud management. )

There are also components that usually exist in all web applications but are separated from the main
layers:
HyperText Transfer Protocol (HTTP) and File Transfer Protocol(FTP) are the protocols used for file
transfer between client and server. There is a lot of difference between FTP and HTTP. Here we
will learn what are the differences between HTTP and FTP.

1. File Transfer Protocol (FTP)  :

It stands for File Transfer Protocol. It is an internet standard that allows the process of file
downloading and uploading on different computers from the internet. FTP site consists of
different types of files (text, graphics, videos, images, etc). It was developed when security
was not a big issue. It is older and is being replaced with new protocols. FTP supports two
separate Transmission Control Protocols the first one is a control connection or command
port (port 21 ) to authenticate the user and the second one is a data connection or data
port(port 20) to transfer the files. It requires a specific username and password for access.

2. HyperText Transfer Protocol (HTTP)  :

It stands for HyperText Transfer Protocol. It is the backbone of WWW. It is an internet standard that
allows the process of transfer of web pages over the internet. It also defines how the web browser
will respond to any web request. The web address of all the web pages contains a protocol, domain
name, and path to the web page. Most of the web address contains http:// in their URL to show the
HTTP protocol. HTTP works similar to the combined functions of FTP and SMTP. It also uses
Transmission Control Protocol.

Whenever you issue a URL from your browser to get a web resource using HTTP,
e.g. http://www.nowhere123.com/index.html, the browser turns the URL into a request
message and sends it to the HTTP server. The HTTP server interprets the request message, and returns
you an appropriate response message, which is either the resource you requested or an error
message. This process is illustrated below:
Uniform Resource Locator (URL):

A URL (Uniform Resource Locator) is used to uniquely identify a resource over the web. URL has the
following syntax:
protocol://hostname:port/path-and-file-name

There are 4 parts in a URL:

1. Protocol: The application-level protocol used by the client and server, e.g., HTTP, FTP, and telnet.
2. Hostname: The DNS domain name (e.g., www.nowhere123.com) or IP address (e.g., 192.128.1.2)
of the server.
3. Port: The TCP port number that the server is listening for incoming requests from the clients.
4. Path-and-file-name: The name and location of the requested resource, under the server
document base directory.
For example, in the URL http://www.nowhere123.com/docs/index.html, the communication
protocol is HTTP; the hostname is www.nowhere123.com. The port number was not specified in the
URL, and takes on the default number, which is TCP port 80 for HTTP. The path and file name for the
resource to be located is "/docs/index.html".

Other examples of URL are:

ftp://www.ftp.org/docs/test.txt
mailto:[email protected]
news:soc.culture.Singapore
telnet://www.nowhere123.com/
HTTP Protocol

As mentioned, whenever you enter a URL in the address box of the browser, the browser translates
the URL into a request message according to the specified protocol; and sends the request message
to the server.
For example, the browser translated the URL http://www.nowhere123.com/doc/index.html into
the following request message:
GET /docs/index.html HTTP/1.1
Host: www.nowhere123.com
Accept: image/gif, image/jpeg, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
(blank line)

When this request message reaches the server, the server can take either one of these actions:
1. The server interprets the request received, maps the request into a file under the server's
document directory, and returns the file requested to the client.
2. The server interprets the request received, maps the request into a program kept in the server,
executes the program, and returns the output of the program to the client.
3. The request cannot be satisfied, the server returns an error message.
An example of the HTTP response message is as shown:
HTTP/1.1 200 OK
Date: Sun, 18 Oct 2009 08:56:53 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Sat, 20 Nov 2004 07:16:26 GMT
ETag: "10000000565a5-2c-3e94b66c2e680"
Accept-Ranges: bytes
Content-Length: 44
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug

<html><body><h1>It works!</h1></body></html>
The browser receives the response message, interprets the message and displays the contents of the
message on the browser's window according to the media type of the response (as in the Content-
Type response header). Common media type include "text/plain", "text/html", "image/gif",
"image/jpeg", "audio/mpeg", "video/mpeg", "application/msword", and "application/pdf".

In its idling state, an HTTP server does nothing but listening to the IP address(es) and port(s) specified
in the configuration for incoming request. When a request arrives, the server analyzes the message
header, applies rules specified in the configuration, and takes the appropriate action. The webmaster's
main control over the action of web server is via the configuration, which will be dealt with in greater
details in the later sections.

HTTP over TCP/IP

HTTP is a client-server application-level protocol. It typically runs over a TCP/IP connection, as

illustrated. (HTTP needs not run on TCP/IP. It only presumes a reliable transport. Any transport
protocols that provide such guarantees can be used.)

TCP/IP (Transmission Control Protocol/Internet Protocol) is a set of transport and network-layer

protocols for machines to communicate with each other over the network.
IP (Internet Protocol) is a network-layer protocol, deals with network addressing and routing. In an IP
network, each machine is assigned an unique IP address (e.g., 165.1.2.3), and the IP software is
responsible for routing a message from the source IP to the destination IP. In IPv4 (IP version 4), the IP
address consists of 4 bytes, each ranges from 0 to 255, separated by dots, which is called a  quad-
dotted form.  This numbering scheme supports up to 4G addresses on the network.  The latest IPv6 (IP
version 6) supports more addresses.  Since memorizing number is difficult for most of the people, an
english-like domain name, such as www.nowhere123.com is used instead.  The DNS (Domain Name
Service) translates the domain name into the IP address (via distributed lookup tables). A special IP
address 127.0.0.1 always refers to your own machine.  It's domian name is "localhost" and can be
used for local loopback testing.

TCP (Transmission Control Protocol) is a transport-layer protocol, responsible for establish a

connection between two machines. TCP consists of 2 protocols: TCP and UDP (User Datagram
Package).  TCP is reliable, each packet has a sequence number, and an acknowledgement is expected. 
A packet will be re-transmitted if it is not received by the receiver.  Packet delivery is guaranteed in
TCP.  UDP does not guarantee packet delivery, and is therefore not reliable.  However, UDP has less
network overhead and can be used for applications such as video and audio streaming, where
reliability is not critical.
TCP multiplexes applications within an IP machine. For each IP machine, TCP supports (multiplexes) up
to 65536 ports (or sockets), from port number 0 to 65535.  An application, such as HTTP or FTP, runs
(or listens) at a particular port number for incoming requests. Port 0 to 1023 are pre-assigned to
popular protocols, e.g., HTTP at 80, FTP at 21, Telnet at 23, SMTP at 25, NNTP at 119, and DNS at 53.  
Port 1024 and above are available to the users.
Although TCP port 80 is pre-assigned to HTTP, as the default HTTP port number, this does not
prohibit you from running an HTTP server at other user-assigned port number (1024-65535) such as
8000, 8080, especially for test server. You could also run multiple HTTP servers in the same machine
on different port numbers. When a client issues a URL without explicitly stating the port number,
e.g., http://www.nowhere123.com/docs/index.html, the browser will connect to the default port
number 80 of the host www.nowhere123.com. You need to explicitly specify the port number in the
URL, e.g. http://www.nowhere123.com:8000/docs/index.html if the server is listening at port
8000 and not the default port 80.

In brief, to communicate over TCP/IP, you need to know (a) IP address or hostname, (b) Port number.
HTTP Specifications
The HTTP specification is maintained by W3C (World-wide Web Consortium) and available
at http://www.w3.org/standards/techs/http.  There are currently two versions of HTTP, namely,
HTTP/1.0 and HTTP/1.1.  The original version, HTTP/0.9 (1991), written by Tim Berners-Lee, is a simple
protocol for transferring raw data across the Internet.  HTTP/1.0 (1996) (defined in RFC 1945),
improved the protocol by allowing MIME-like messages.  HTTP/1.0 does not address the issues of
proxies, caching, persistent connection, virtual hosts, and range download. These features were
provided in HTTP/1.1 (1999) (defined in RFC 2616).
HTTP Request Methods

HTTP protocol defines a set of request methods. A client can use one of these request methods to
send a request message to an HTTP server. The methods are:
 GET: A client can use the GET request to get a web resource from the server.
 HEAD: A client can use the HEAD request to get the header that a GET request would have
obtained. Since the header contains the last-modified date of the data, this can be used to check
against the local cache copy.
 POST: Used to post data up to the web server.
 PUT: Ask the server to store the data.
 DELETE: Ask the server to delete the data.
 TRACE: Ask the server to return a diagnostic trace of the actions it takes.
 OPTIONS: Ask the server to return the list of request methods it supports.
 CONNECT: Used to tell a proxy to make a connection to another host and simply reply the
content, without attempting to parse or cache it. This is often used to make SSL connection
through the proxy.
 Other extension methods.
"GET" Request Method

GET is the most common HTTP request method. A client can use the GET request method to request
(or "get") for a piece of resource from an HTTP server. A GET request message takes the following
syntax:
GET request-URI HTTP-version
(optional request headers)
(blank line)
(optional request body)
 The keyword GET is case sensitive and must be in uppercase.
 request-URI: specifies the path of resource requested, which must begin from the root " /" of the
document base directory.
 HTTP-version: Either HTTP/1.0 or HTTP/1.1. This client negotiates the protocol to be used for the
current session. For example, the client may request to use HTTP/1.1. If the server does not
support HTTP/1.1, it may inform the client in the response to use HTTP/1.0.
 The client uses the optional request headers (such as Accept, Accept-Language, and etc)
to negotiate with the server and ask the server to deliver the preferred contents (e.g., in the
language that the client preferred).
 GET request message has an optional request body which contains the query string (to be
explained later).
Testing HTTP Requests
There are many way to test out the HTTP requests. Your can use utility program such as "telnet" or
"hyperterm" (search for "telnet.exe" or "hypertrm.exe" under c:\windows), or write you own
network program to send raw request message to an HTTP server to test out the various HTTP
requests.
Telnet

"Telnet" is a very useful networking utility.  You can use telnet to establish a TCP connection with a
server; and issue raw HTTP requests.  For example, suppose that you have started your HTTP server in
the localhost (IP address 127.0.0.1) at port 8000:
> telnet
telnet> help
... telnet help menu ...
telnet> open 127.0.0.1 8000
Connecting To 127.0.0.1...
GET /index.html HTTP/1.0
(Hit enter twice to send the terminating blank line ...)
... HTTP response message ...

Telnet is a character-based protocol. Each character you enter on the telnet client will be sent to the
server immediately. Therefore, you cannot make typo error in entering you raw command, as delete
and backspace will be sent to the server. You may have to enable "local echo" option to see the
characters you enter. Check the telnet manual (search Windows' help) for details on using telnet.

WEBPAGE DESIGNING USING html

In many Internet applications, such as e-commerce and search engine, the clients are required to
submit additional information to the server (e.g., the name, address, the search keywords). Based on
the data submitted, the server takes an appropriate action and produces a customized response.
The clients are usually presented with a form (produced using HTML <form> tag). Once they fill in the
requested data and hit the submit button, the browser packs the form data and submits them to the
server, using either a GET request or a POST request.

The following is a sample HTML form, which is produced by the following HTML script:
<html>
<head><title>A Sample HTML Form</title></head>
<body>
<h2 align="left">A Sample HTML Data Entry Form</h2>
<form method="get" action="/bin/process">
Enter your name: <input type="text" name="username"><br />
Enter your password: <input type="password" name="password"><br />
Which year?
<input type="radio" name="year" value="2" />Yr 1
<input type="radio" name="year" value="2" />Yr 2
<input type="radio" name="year" value="3" />Yr 3<br />
 Subject registered:
<input type="checkbox" name="subject" value="e101" />E101
<input type="checkbox" name="subject" value="e102" />E102
<input type="checkbox" name="subject" value="e103" />E103<br />
Select Day:
<select name="day">
<option value="mon">Monday</option>
<option value="wed">Wednesday</option>
<option value="fri">Friday</option>
</select><br />
<textarea rows="3" cols="30">Enter your special request here</textarea><br />
<input type="submit" value="SEND" />
<input type="reset" value="CLEAR" />
<input type="hidden" name="action" value="registration" />
</form>
</body>
</html>
(When you will run above code you will able to see following form in browser.)

A form contains fields.  The types of field include:

 Text Box : produced by <input type="text">.
 Password Box: produced by <input type="password">.
 Radio Button: produced by <input type="radio">.
 Checkbox : produced by <input type="checkbox">.
 Selection : produced by <select> and <option>.
 Text Area: produced by <textarea>.
 Submit Button: produced by <input type="submit">.
 Reset Button : produced by <input type="reset">.
 Hidden Field : produced by <input type="hidden">.
 Button: produced by <input type="button">.
Each field has a name and can take on a specified value. Once the client fills in the fields and hits the
submit button, the browser gathers each of the fields' name and value, packed them into
"name=value" pairs, and concatenates all the fields together using "&" as the field separator. This is

known as a query string. It will send the query string to the server as part of the request.

name1=value1&name2=value2&name3=value3&...

Special characters are not allowed inside the query string. They must be replaced by a "%" followed by

the ASCII code in Hex. E.g., "~" is replaced by "%7E", "#" by "%23" and so on. Since blank is rather

common, it can be replaced by either "%20" or "+" (the "+" character must be replaced by "%2B"). This

replacement process is called URL-encoding, and the result is a URL-encoded query string. For
example, suppose that there are 3 fields inside a form, with name/value of "name=Peter Lee",
"address=#123 Happy Ave" and "language=C++", the URL-encoded query string is:

name=Peter+Lee&address=%23123+Happy+Ave&Language=C%2B%2B

The query string can be sent to the server using either HTTP GET or POST request method, which is
specified in the <form>'s attribute "method".

<form method="get|post" action="url">

If GET request method is used, the URL-encoded query string will be appended behind the request-
URI after a "?" character, i.e.,

GET request-URI?query-string HTTP-version

(other optional request headers)
(blank line)
(optional request body)

Using GET request to send the query string has the following drawbacks:
 The amount of data you could append behind request-URI is limited. If this amount exceed a
server-specific threshold, the server would return an error "414 Request URI too Large".
 The URL-encoded query string would appear on the address box of the browser.
POST method overcomes these drawbacks. If POST request method is used, the query string will be
sent in the body of the request message, where the amount is not limited. The request
headers Content-Type and Content-Length are used to notify the server the type and the length of
the query string. The query string will not appear on the browser’s address box. POST method will be
discussed later.
Example

The following HTML form is used to gather the username and password in a login menu.
<html>
<head><title>Login</title></head>
<body>
<h2>LOGIN</h2>
<form method="get" action="/bin/login">
Username: <input type="text" name="user" size="25" /><br />
Password: <input type="password" name="pw" size="10" /><br /><br />
<input type="hidden" name="action" value="login" />
<input type="submit" value="SEND" />
</form>
</body>
</html>

The HTTP GET request method is used to send the query string. Suppose the user enters "Peter Lee" as the username, "123456" as
password; and clicks the submit button. The following GET request is:

GET /bin/login?user=Peter+Lee&pw=123456&action=login HTTP/1.1

Accept: image/gif, image/jpeg, */*
Referer: http://127.0.0.1:8000/login.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 127.0.0.1:8000
Connection: Keep-Alive

Note that although the password that you enter does not show on the screen, it is shown clearly in the address box of the browser. You
should never use send your password without proper encryption.

http://127.0.0.1:8000/bin/login?user=Peter+Lee&pw=123456&action=login

"POST" Request Method

POST request method is used to "post" additional data up to the server (e.g., submitting HTML form
data or uploading a file). Issuing an HTTP URL from the browser always triggers a GET request. To
trigger a POST request, you can use an HTML form with attribute method="post" or write your own
network program. For submitting HTML form data, POST request is the same as the GET request
except that the URL-encoded query string is sent in the request body, rather than appended behind
the request-URI.

The POST request takes the following syntax:

POST request-URI HTTP-version
Content-Type: mime-type
Content-Length: number-of-bytes
(other optional request headers)

(URL-encoded query string)

Request headers Content-Type and Content-Length is necessary in the POST request to inform the
server the media type and the length of the request body.
Example: Submitting Form Data using POST Request Method

We use the same HTML script as above, but change the request method to POST.
<html>
<head><title>Login</title></head>
<body>
<h2>LOGIN</h2>
<form method="post" action="/bin/login">
Username: <input type="text" name="user" size="25" /><br />
Password: <input type="password" name="pw" size="10" /><br /><br />
<input type="hidden" name="action" value="login" />
<input type="submit" value="SEND" />
</form>
</body>
</html>

Suppose the user enters "Peter Lee" as username and "123456" as password, and clicks the submit
button, the following POST request would be generated by the browser:
POST /bin/login HTTP/1.1
Host: 127.0.0.1:8000
Accept: image/gif, image/jpeg, */*
Referer: http://127.0.0.1:8000/login.html
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Length: 37
Connection: Keep-Alive
Cache-Control: no-cache

User=Peter+Lee&pw=123456&action=login
Note that the Content-Type header informs the server the data is URL-encoded (with a special MIME
type application/x-www-form-urlencoded), and the Content-Length header tells the server how
many bytes to read from the message body.
POST vs GET for Submitting Form Data

As mentioned in the previous section, POST request has the following advantage compared with the
GET request in sending the query string:
 The amount of data that can be posted is unlimited, as they are kept in the request body, which is
often sent to the server in a separate data stream.
 The query string is not shown on the address box of the browser.

Note that although the password is not shown on the browser’s address box, it is transmitted to the
server in clear text, and subjected to network sniffing. Hence, sending password using a POST request
is absolutely not secure.

File Upload using multipart/form-data POST Request 

"RFC 1867: Form-based File upload in HTML" specifies how a file can be uploaded to the server using
a POST request from an HTML form. A new attribute type="file" was added to the <input> tag of
HTML <form> to support file upload. The file-upload POST data is not URL-encoded (in the
standard application/x-www-form-url
encoded), but uses a new MIME type of multipart/form-data.
Example

The following HTML form can be used for file upload:

<html>
<head><title>File Upload</title></head>
<body>
<h2>Upload File</h2>
<form method="post" enctype="multipart/form-data"
action="servlet/UploadServlet">
Who are you: <input type="text" name="username" /><br />
Choose the file to upload:
<input type="file" name="fileID" /><br />
<input type="submit" value="SEND" />
</form>
</body>
</html>

When the browser encountered an <input> tag with attribute type="file", it displays a text box
and a "browse..." button, to allow user to choose the file to be uploaded.
When the user clicks the submit button, the browser send the form data and the content of the
selected file(s). The old encoding type "application/x-www-form-urlencoded" is inefficient for
sending binary data and non-ASCII characters. A new media type "multipart/form-data" is used
instead.
Difference between FTP and HTTP :
S.NO
. HTTP FTP

1. It stands for HyperText Transfer Protocol. It stands for File Transfer Protocol

It is the set of rules that how web pages are It is the set of rules that permit the downloading
transferred on different computers over the and uploading the files on the computer over the
2. internet. internet.

It supports both data connection and control

3. It only supports the data connection. connection

It uses Transmission Control Protocol and It uses Transmission Control Protocol and runs on
4. runs on TCP port 80. TCP port 20 and TCP port 21.

The URL using the HTTP protocol will start

5. with HTTP. The URL using the FTP will start with FTP.

6. It does not require authentication. It requires authentication.

7. It is efficient in transferring small files. It is efficient in transferring large files.

The files transferred to the computer over the The files transferred to the computer over the
8.  internet are not saved to the memory. internet are saved to the memory.

HTTP is used to provide the web pages to the FTP is used to upload or download files between
9.  web browser from the webserver  client and server.

10. It is a stateless protocol. It is not a stateless protocol and it maintains state