BCS502

Dr. Soumya J Bhat

Dept. of CSE
SMVITM, Bantakal

Textbook: 1. Behrouz A. Forouzan, Data Communications

and Networking, 5th Edition, Tata McGraw Hill,2013.

Introduction to Application Layer

25.1 INTRODUCTION
25.1.1 Providing Services
The application layer provides services to the user.
Highest layer in the suite.
The protocols in this layer do not provide services to any other
protocol in the suite; they only receive services from the protocols
in the transport layer.
The application layer is the only layer that provides services to
the Internet user.
Since the application layer provides services to the Internet user,
and it has no dependency to provide service to other layers, it
allows new application protocols to be easily added to the
Internet.
Standard and Nonstandard Protocols
The application-layer protocols can be both standard and
nonstandard.
Standard Application-Layer Protocols
There are several application-layer protocols that have been
standardized and documented by the Internet authority, and we
are using them in our daily interaction with the Internet. Each
standard protocol is a pair of computer programs that interact
with the user and the transport layer to provide a specific service
to the user.
Nonstandard Application-Layer Protocols
A programmer can create a nonstandard application-layer
protocol that provide service to the user by interacting with the
transport layer. A private company can create a new customized
application protocol to communicate with all of its offices around
the world using the services provided by the first four layers of the
TCP/IP protocol suite. This does not even need the approval of
the Internet authorities if privately used.

25.1.2 Application-Layer Paradigms (a set of practices)

To use the Internet we need two application programs to interact
with each other: one running on a computer somewhere in the
world, the other running on another computer somewhere else in
the world. The two programs need to send messages to each
other through the Internet infrastructure.
Two paradigms are used in the Internet: the client-server
paradigm and the peer-to-peer paradigm.
Traditional Paradigm or Client-Server paradigm
In this paradigm, the service provider is an application program,
called the server process; it runs continuously, waiting for another
application program, called the client process, to make a
connection through the Internet and ask for service. There are
normally some server processes that can provide a specific type
of service, but there are many clients that request service from
any of these server processes. The server process must be
running all the time; the client process is started when the client
needs to receive service.
Here the communication load is on the shoulder of the server,
The server should be a powerful computer
Eg - World wide web
New Paradigm or Peer-to-Peer paradigm
In this paradigm, there is no need for a server process to be
running all the time and waiting for the client processes to
connect. The responsibility is shared between peers. A computer
connected to the Internet can provide service at one time and
receive service at another time. A computer can even provide and
receive services at the same time.
One of the areas that really fits in this paradigm is the Internet
telephony. Communication by phone is a peer-to-peer activity.
Another area in which the peer-to-peer paradigm can be used is
when some computers connected to the Internet have something
to share with each other. For example, if an Internet user has a
file available to share with other Internet users, there is no need
for the file holder to become a server and run a server process all
the time waiting for other users to connect and retrieve the file.
Advantage: eliminating the need for expensive servers
The main challenge has been security; it is more difficult to create
secure communication between distributed services than
between those controlled by some dedicated servers.
Other applications: BitTorrent, Skype, IPTV, and Internet
telephony,
Mixed Paradigm An application may choose to use a mixture of
the two paradigms by combining the advantages of both. For
example, a simple client-server communication can be used to
find the address of the peer that can offer a service. When the
address of the peer is found, the actual service can be received
from the peer by using the peer-to peer paradigm.
25.2 CLIENT-SERVER PROGRAMMING
In a client-server paradigm, a client is a running program that
initializes the communication by sending a request; a server is
another application program that waits for a request from a client.
The server handles the request received from a client, prepares a
result, and sends the result back to the client. This definition of a
server implies that a server must be running when a request from
a client arrives, but the client needs to be run only when it is
needed.
25.2.1 Application Programming Interface
Several APIs have been designed for communication.

An API (Application Programming Interface) is a set of rules and

tools that allows different software applications to communicate
with each other. Essentially, it's a bridge that lets one program
interact with another.
The terms Socket Interface, Transport Layer Interface (TLI),
and STREAM refer to distinct approaches and technologies used
in network communication
We briefly discuss only socket interface. The Socket Interface is
a widely used in network communication. It provides a standard
API for developing network applications that communicate over
IP networks.
Sockets
The socket interface between the application layer and the
transport layer serves as a communication bridge, allowing
applications to use the services of the transport layer (e.g., TCP
or UDP) to send and receive data over a network. The socket
interface provides a standardized way for applications to interact
with the underlying network stack.
The socket interface acts as an API between these two layers:
• From the application's perspective, the socket allows it to
send and receive data, but the details of how the data is
transmitted over the network are abstracted away.
• The transport layer handles the actual transport of data over
the network using the socket, ensuring that it gets to the correct
destination and providing the required services
Socket Addresses
In a two-way communication, we need a pair of addresses.
A socket address should first define the computer on which a
client or a server is running.
A computer in the Internet is uniquely defined by its IP address, a
32-bit integer in the current Internet version. However, several
client or server processes may be running at the same time on a
computer, which means that we need another identifier called
port number to define the specific client or server process
involved in the communication.
This means that a socket address should be a combination of an
IP address and a port number
At the server-
The server needs a local (server) and a remote (client) socket
address for communication.
The local (server) socket address is provided by the operating
system. The operating system knows the IP address of the
computer on which the server process is running. The port
number of a server process, however, needs to be assigned. If
the server process is a standard one defined by the Internet
authority, a port number is already assigned to it. For example,
the assigned port number for a Hypertext Transfer Protocol
(HTTP) is the integer 80, which cannot be used by any other
process. If the server process is not standard, the designer of the
server process can choose a port number
Remote Socket Address -The remote socket address for a server
is the socket address of the client that makes the connection.
Since the server can serve many clients, it does not know
beforehand the remote socket address for communication. The
server can find this socket address when a client tries to connect
to the server. The client socket address, which is contained in the
request packet sent to the server, becomes the remote socket
address that is used for responding to the client.
At the Client Site -
The client also needs a local (client) and a remote (server) socket
address for communication.
The local (client) socket address is also provided by the operating
system. The operating system knows the IP address of the
computer on which the client is running. The port number,
however, is a 16-bit temporary integer that is assigned to a client
process each time the process needs to start the communication.
Finding the remote (server) socket address for a client, however,
needs more work. When a client process starts, it should know
the socket address of the server it wants to connect to. We will
have two situations in this case.
Sometimes, the user who starts the client process knows both the
server port number and IP address of the computer on which the
server is running. This usually occurs in situations when we have
written client and server applications and we want to test them.
Most of the time, we do not know the IP address of the server.
This happens in situations such as when we need to contact a
web page, send an e-mail to a friend, copy a file from a remote
site, and so on. In these situations, the server has a name, an
identifier that uniquely defines the server process. Examples of
these identifiers are URLs, such as www.xxx.yyy, or e-mail
addresses, such as [email protected]. The client process should
now change this identifier (name) to the corresponding server
socket address. The client process normally knows the port
number because it should be a well-known port number, but the
IP address can be obtained using another client-server
application called the Domain Name System (DNS). DNS maps
the server name to the IP address of the computer running that
server.

25.2.2 Using Services of the Transport Layer

Application layer needs to use the services provided by the
transport layer. There are three common transport-layer protocols
in the TCP/IP suite: UDP, TCP, and SCTP.
UDP Protocol
UDP provides connectionless, unreliable, datagram service.
Connectionless service means that there is no logical connection
between the two ends exchanging messages. Each message is
an independent entity encapsulated in a datagram. UDP does not
see any relation (connection) between consequent datagrams
coming from the same source and going to the same destination.
UDP is not a reliable protocol. An application program may be
designed to use UDP if it is sending small messages and the
simplicity and speed is more important for the application than
reliability.
TCP Protocol
TCP provides connection-oriented, reliable, byte-stream service.
TCP requires that two ends first create a logical connection
between themselves by exchanging some connection-
establishment packets. This phase, which is sometimes called
handshaking. After the handshaking process, the two ends can
send chunks of data in segments in each direction. By numbering
the bytes exchanged, the continuity of the bytes can be checked.
For example, if some bytes are lost or corrupted, the receiver can
request the resending of those bytes, which makes TCP a
reliable protocol. TCP also can provide flow control and
congestion control. Most of the standard applications that need
to send long messages and require reliability may benefit from
the service of the TCP.
SCTP Protocol
SCTP provides a service which is a combination of the two other
protocols. Like TCP, SCTP provides a connection-oriented,
reliable service, but it is not bytestream oriented. It is a message-
oriented protocol like UDP.

25.2.3 Iterative Communication Using UDP

Communication between a client program and a server program
can occur iteratively or concurrently. Although several client
programs can access the same server program at the same time,
the server program can be designed to respond iteratively or
concurrently. An iterative server can process one client request at
a time; it receives a request, processes it, and sends the
response to the request before handling another request. When
the server is handling the request from a client, the requests from
other clients, and even other requests from the same client, need
to be queued at the server site and wait for the server to be freed.
The received and queued requests are handled in the first-in,
first-out fashion.
In UDP communication, the client and server use only one socket
each. The socket created at the server site lasts forever; the
socket created at the client site is closed (destroyed) when the
client process terminates.
In other words, different clients use different sockets, but the
server creates only one socket and changes only the remote
socket address each time a new client makes a connection.

Flow Diagram
Figure 25.9 shows a simplified flow diagram for iterative
communication. There are multiple clients, but only one server.
Each client is served in each iteration of the loop in the server.
Note that there is no connection establishment or connection
termination. Each client sends a single datagram and receives a
single datagram. In other words, if a client wants to send two
datagrams, it is considered as two clients for the server. The
second datagram needs to wait for its turn.
Server Process
The server makes a passive open, in which it becomes ready for
the communication, but it waits until a client process makes the
connection. It creates an empty socket. It then binds the socket to
the server. The server then issues a receive request command,
which blocks until it receives a request from a client. After it
receives a request from client, server sends the response to
client. The server now starts another iteration waiting for another
request to arrive (an infinite loop).
Client Process
The client process makes an active open. In other words, it starts
a connection. It creates an empty socket and then issues the
send command. The client then issues a receive command,
which is blocked until a response arrives from the server. The
response is then handled and the socket is destroyed.
25.2.4 Iterative Communication Using TCP
TCP is a connection-oriented protocol. Before sending or
receiving data, a connection needs to be established between the
client and the server. After the connection is established, the two
parties can send and receive chunks of data as long as they have
data
Sockets Used in TCP
The TCP server uses two different sockets, one for connection
establishment and the other for data transfer. We call the first one
the listen socket and the second the socket. The reason for
having two types of sockets is to separate the connection phase
from the data exchange phase. A server uses a listen socket to
listen for a new client trying to establish connection. After the
connection is established, the server creates a socket to
exchange data with the client and finally to terminate the
connection. The client uses only one socket for both connection
establishment and data exchange
Flow Diagram
Figure 25.11 shows a simplified flow diagram for iterative
communication using TCP. There are multiple clients, but only
one server. Each client is served in each iteration of the loop.
Server Process
In Figure 25.11, the TCP server process, creates a listen socket
to be used only for the connection establishment phase. The
server process then calls the listen procedure, to allow the
operating system to start accepting the clients. The server
process now starts a loop and serves the clients one by one. In
each iteration, the server process issues the accept procedure
that removes one client from the waiting list of the connected
clients for serving.
Client Process
The client flow diagram is almost similar to the UDP version
except that the client data-transfer box needs to be defined for
each specific case.
25.2.5 Concurrent Communication
A concurrent server can process several client requests at the
same time.

26.1 WORLD WIDE WEB AND HTTP

26.1.1 World Wide Web
The idea of the Web was first proposed by Tim Berners-Lee in
1989 at CERN†, the European Organization for Nuclear
Research, to allow several researchers at different locations
throughout Europe to access each others’ researches. The
commercial Web started in the early 1990s.
The Web today is a repository of information in which the
documents, called web pages, are distributed all over the world
and related documents are linked together.
Web pages can be linked to allow one web page to refer to
another web page stored in another server somewhere else in
the world. The linking of web pages was achieved using a
concept called hypertext/hypermedia
Architecture
The WWW today is a distributed client-server service, in which a
client using a browser can access a service using a server.
However, the service provided is distributed over many locations
called sites. Each site holds one or more web pages. Each web
page, however, can contain some links to other web pages in the
same or other sites.
Example 26.1
Assume we need to retrieve a scientific document that contains
one reference to another text file and one reference to a large
image. Figure 26.1 shows the situation.
The main document and the image are stored in two separate
files (file A and file B) in the same site; the referenced text file (file
C) is stored in another site.
We need three transactions if we want to see the whole
document. The first transaction (request/response) retrieves a
copy of the main document (file A), which has references to the
second and third files. When a copy of the main document is
retrieved and browsed, the user can click on the reference to the
image to invoke the second transaction and retrieve a copy of the
image (file B). If the user needs to see the contents of the
referenced text file, she can click on its reference invoking the
third transaction and retrieving a copy of file C. A very important
point we need to remember is that file A, file B, and file C in
Example 26.1 are independent web pages, each with
independent names and addresses. Although references to file B
or C are included in file A, it does not mean that each of these
files cannot be retrieved independently. A second user can
retrieve file B with one transaction. A third user can retrieve file C
with one transaction.
Web Client (Browser)
Each browser usually consists of three parts: a controller, client
protocols, and interpreters.
The controller receives input from the keyboard or the mouse and
uses the client programs to access the document. After the
document has been accessed, the controller uses one of the
interpreters to display the document on the screen. The client
protocol can be one of the protocols described later, such as
HTTP or FTP. The interpreter can be HTML, Java, or JavaScript,
depending on the type of document. Some commercial browsers
include Internet Explorer, Netscape Navigator, and Firefox.
Web Server
The web page is stored at the server. Each time a request
arrives, the corresponding document is sent to the client. A server
can also become more efficient through multithreading or
multiprocessing. In this case, a server can answer more than one
request at a time.
Uniform Resource Locator (URL)
A web page needs to have a unique identifier to distinguish it
from other web pages. To define a web page, we need these
identifiers: protocol, host, port, and path.
Protocol. The first identifier is the abbreviation for the client-
server program that we need in order to access the web page.
Although most of the time the protocol is HTTP (Hyper Text
Transfer Protocol), we can also use other protocols such as FTP
(File Transfer Protocol).
Host. The host identifier can be the IP address (such as
64.23.56.17) of the server or the unique name (such as
forouzan.com) given to the server.
Port. The port, a 16-bit integer, is normally predefined for the
client-server application. For example, if the HTTP protocol is
used for accessing the web page, the well-known port number is
80.
Path. The path identifies the location and the name of the file in
the underlying operating system. For example,
/top/next/last/myfile is a path
uniform resource locator (URL) format –

Example:
The URL http://www.mhhe.com/compsci/forouzan/ defines the
web page. The string www.mhhe.com is the name of the
computer in the McGraw-Hill company. The path is
compsci/forouzan/.
Web Documents
The documents in the WWW can be grouped into three broad
categories: static, dynamic, and active.
Static Documents - Static documents are fixed-content
documents that are created and stored in a server. The client can
get a copy of the document only. Static documents are prepared
using one of several languages: Hyper Text Markup Language
(HTML), Extensible Markup Language (XML), Extensible Style
Language (XSL), and Extensible Hypertext Markup Language
(XHTML).
Dynamic Documents - A dynamic document is created by a web
server whenever a browser requests the document. When a
request arrives, the web server runs an application program or a
script that creates the dynamic document. The server returns the
result of the program or script as a response to the browser that
requested the document. Because a fresh document is created
for each request, the contents of a dynamic document may vary
from one request to another.
A very simple example of a dynamic document is the retrieval of
the time and date from a server.
Eg - scripting languages such as Java Server Pages (JSP) or
Active Server Pages (ASP)
Active Documents –
Some applications require a program or a script to be run at the
client site for interaction with the user. These are called active
documents. When a browser requests an active document, the
server sends a copy of the script. The document is then run at the
client (browser) site. Eg: Java applets and javascripts.
26.1.2 HyperText Transfer Protocol (HTTP)
The HyperText Transfer Protocol (HTTP) is used to define how
the client-server programs can be written to retrieve web pages
from the Web. An HTTP client sends a request; an HTTP server
returns a response. The server uses the port number 80; the
client uses a temporary port number. HTTP uses the services of
TCP.
Nonpersistent versus Persistent Connections
Generally, the hypertext concept require several requests and
responses.
In a nonpersistent connection, one TCP connection is made for
each request/response
1. The client opens a TCP connection and sends a request.
2. The server sends the response and closes the connection.
3. The client reads the data and closes the connection.
Example 26.3: The client needs to access a file that contains one
link to an image. The text file and image are located on the same
server. Here we need two connections.
If the transaction involves retrieving 10 or 20 objects, the round
trip times spent for these handshakes add up to a big overhead.

Persistent Connections - HTTP version 1.1 specifies a persistent

connection by default. In a persistent connection, the server
leaves the connection open for more requests after sending a
response.
The server can close the connection at the request of a client or if
a time-out has been reached.
Example 26.4 - Figure 26.4 shows the same scenario as in
Example 26.3, but using a persistent connection. Only one
connection establishment and connection termination is used, but
the request for the image is sent separately.
Message Formats
The HTTP protocol defines the format of the request and
response messages, as shown in Figure 26.5.
Where sp – space, cr – carriage return and lf – line feed (end of
line, \n).
Method:
There are five HTTP methods:
• GET: The GET method is used when the browser requests an
object, with the requested object identified in the URL field.
• POST: Submits data to the server, often to create a new
resource.
Example: Submitting a form
• PUT: Uploads or replaces a resource at the specified URL.
Example: Updating a user's profile data.
• HEAD: Used to retrieve header information. It is used for
debugging purpose.
• DELETE: The DELETE method allows a user, or an application,
to delete an object on a Web server.
URL: Specifies URL of the requested object
Version: This field represents HTTP version, usually HTTP/1.1
Header line:
Ex: Host:
www.someschool.edu
Connection: close
User-agent: Mozilla/5.0
Accept-language: fr
The header line Host:www.someschool.edu specifies the host on
which the object resides.
By including the Connection:close header line, the browser is
telling the server that it doesn’t want to bother with persistent
connections; it wants the server to close the connection after
sending the requested object.
The User-agent: header line specifies the user agent, that is, the
browser type that is making the request to the server. Here the
user agent is Mozilla/5.0, a Firefox browser.
The Accept-language: header indicates that the user prefers to
receive a French version of the object, if such an object exists on
the server; otherwise, the server should send its default version.
HTTP Response Message
Ex:
The status line has three fields: the protocol version field, a
status code, and a corresponding status message.
Version is HTTP/1.1
The status code and associated phrase indicate the result of the
request. Some common status codes and associated phrases
include:
• 200 OK: Request succeeded, and the information is returned in
the response.
• 301 Moved Permanently: Requested object has been
permanently moved; the new URL is specified in Location:
header of the response message. The client software will
automatically retrieve the new URL.
• 400 Bad Request: This is a generic error code indicating that
the request could not be understood by the server.
• 404 Not Found: The requested document does not exist on this
server.
• 505 HTTP Version Not Supported: The requested HTTP
protocol version is not supported by the server.
Header fields:
• The server uses the Connection: close header line to tell the
client that it is going to close the TCP connection after sending
the message.
• The Date: header line indicates the time and date when the
HTTP response was created and sent by the server.
• The Server: header line indicates that the message was
generated by an Apache Web server; it is analogous to the User-
agent: header line in the HTTP request message.
• The Last-Modified: header line indicates the time and date
when the object was created or last modified.
• The Content-Length: header line indicates the number of bytes
in the object being sent.
• The Content-Type: header line indicates that the object in the
entity body is HTML text.
Example 26.5 This example retrieves a document
We use the GET method to retrieve an image with the path
/usr/bin/image1. The request line shows the method (GET), the
URL, and the HTTP version (1.1). The header has two lines that
show that the client can accept images in the GIF or JPEG
format. The request does not have a body. The response
message contains the status line and four lines of header. The
header lines define the date, server, content encoding (MIME
version, which will be described in electronic mail), and length of
the document. The body of the document follows the header.
Example 26.6- In this example, the client wants to send a web
page to be posted on the server. We use the PUT method. The
request line shows the method (PUT), URL, and HTTP version
(1.1). There are four lines of headers. The request body contains
the web page to be posted. The response message contains the
status line and four lines of headers. The created document,
which is a CGI document, is included as the body

Conditional Request
A client can add a condition in its request. In this case, the server
will send the requested web page if the condition is met or inform
the client otherwise. One of the most common conditions
imposed by the client is the time and date the web page is
modified. The client can send the header line If-Modified-Since
with the request to tell the server that it needs the page only if it is
modified after a certain point in time.
Cookies
The World Wide Web was originally designed as a stateless
entity. A client sends a request; a server responds. Their
relationship is over.
Today the Web has other functions that need to remember some
information about the clients; eg: Some websites need to allow
access to registered clients only.
For these purposes, the cookie mechanism was devised.
Creating and Storing Cookies
1. When a server receives a request from a client, it stores
information about the client in a file or a string.
2. The server includes the cookie in the response that it sends to
the client.
3. When the client receives the response, the browser stores the
cookie in the cookie directory.
When a client sends a request to a server, the browser looks in
the cookie directory to see if it can find a cookie sent by that
server. If found, the cookie is included in the request. When the
server receives the request, it knows that this is an old client, not
a new one.

Example 26.8
Assume a shopper wants to buy a toy from an electronic store
named BestToys. The shopper browser (client) sends a request
to the BestToys server. The server creates an empty shopping
cart (a list) for the client and assigns an ID to the cart (for
example, 12343). The server then sends a response message,
which contains the images of all toys available, with a link under
each toy. The client displays the images and stores the cookie
value in a file named BestToys. Now the shopper selects one of
the toys and clicks on it. The client sends a request, but includes
the ID 12343 in the Cookie header line. When the server receives
the request and checks the header, it finds the value 12343 as
the cookie. The server knows that the customer is not new; it
searches for a shopping cart with ID 12343. The shopping cart
(list) is opened and the selected toy is inserted in the list. The
server now sends another response to the shopper to tell her the
total price and ask her to provide payment. The shopper provides
information about her credit card and sends a new request with
the ID 12343 as the cookie value. When the request arrives at the
server, it again sees the ID 12343, and accepts the order and the
payment and sends a confirmation in a response.

Web Caching: Proxy Servers

HTTP supports proxy servers. A proxy server is a computer that
keeps copies of responses to recent requests. The HTTP client
sends a request to the proxy server. The proxy server checks its
cache. If the response is not stored in the cache, the proxy server
sends the request to the corresponding server. Incoming
responses are sent to the proxy server and stored for future
requests from other clients. The proxy server reduces the load on
the original server, decreases traffic, and improves latency.

Proxy Server Location- The proxy servers are normally located at

the client site.
When an HTTP request is created by any of the clients
(browsers), the request is first directed to the proxy server. If the
proxy server already has the corresponding web page, it sends
the response to the client. Otherwise, the proxy server sends the
request to the web server in the Internet. When the response is
returned, the proxy server makes a copy and stores it in its cache
before sending it to the requesting client.

Cache Update

A very important question is how long a response should remain

in the proxy server before being deleted and replaced. One
solution is to add some headers to show the last modification
time of the information. The proxy server can then use the
information in this header to guess how long the information
would be valid.

HTTP does not provide security. HTTP over the Secure Socket
Layer referred to as HTTPS provides security.

26.2 FTP
File Transfer Protocol (FTP) is the standard protocol provided by
TCP/IP for copying a file from one host to another.

Figure 26.10 shows the basic model of FTP.

The client has three components: the user interface, the client
control process, and the client data transfer process. The server
has two components: the server control process and the server
data transfer process. The control connection is made between
the control processes. The data connection is made between the
data transfer processes.

The control connection remains connected during the entire

interactive FTP session. The data connection is opened and then
closed for each file transfer.
During this control connection, commands are sent from the client
to the server and responses are sent from the server to the client.
Some FTP commands:
ABOR Abort the previous command
MKD Directory name Create a new directory
DELE File name Delete a file
QUIT Log out of the system

Some responses in FTP

225 Data connection open
500 Syntax error; unrecognized command
226 Closing data connection
501 Syntax error in parameters or arguments

Data connection is used to transfer files. Before sending the file

through the data connection, we prepare for transmission through
the control connection. The client must define the type of file to
be transferred, the structure of the data, and the transmission
mode.

File Type
FTP can transfer one of the following file types across the data
connection: ASCII file, EBCDIC file, or image file.

Data Structure
The following data structures are supported - file structure, record
structure, or page structure
[The file structure format (used by default) has no structure. It is a
continuous stream of bytes. In the record structure, the file is
divided into records. This can be used only with text files. In the
page structure, the file is divided into pages, with each page
having a page number and a page header]

Transmission Mode
Three transmission modes: stream mode, block mode, or
compressed mode.
The stream mode is the default mode; data are delivered from
FTP to TCP as a continuous stream of bytes. In the block mode,
data can be delivered from FTP to TCP in blocks.
The FTP protocol was designed when security was not a big
issue. To be secure, one can add a Secure Socket Layer
between the FTP application layer and the TCP layer. In this case
FTP is called SSL-FTP.

Example 26.10 Figure 26.11 shows an example of using FTP for

retrieving one file.
26.3 ELECTRONIC MAIL
To explain the architecture of e-mail, we give a common scenario,
as shown in Figure 26.12.

Alice and Bob respectively, are connected via a LAN or a WAN to

two mail servers. The administrator has created one mailbox for
each user where the received messages are stored. A mailbox is
part of a server hard drive, a special file with permission
restrictions. Only the owner of the mailbox has access to it.

Alice and Bob use three different agents: a user agent (UA), a
message transfer agent (MTA), and a message access agent
(MAA). When Alice needs to send a message to Bob, she runs a
UA program to prepare the message and send it to her mail
server. The message, however, needs to be sent through the
Internet from Alice’s site to Bob’s site using an MTA. Bob later
uses an MAA client to retrieve the message from an MAA server
running on the second server

The first component of an electronic mail system is the user

agent (UA). It provides service to the user to make the process of
sending and receiving a message easier. A user agent is a
software package (program) that composes, reads, replies to,
and forwards messages. It also handles local mailboxes on the
user computers. Some examples – outlook

Mail format - The header of the message defines the sender, the
receiver, the subject of the message, and some other information.
The body of the message contains the actual information to be
read by the recipient.

Message Transfer Agent: SMTP

The formal protocol that defines the MTA client and server in the
Internet is called Simple Mail Transfer Protocol (SMTP). SMTP is
used two times, between the sender and the sender’s mail server
and between the two mail servers. MTA client-server program is a
push program: the client pushes the message to the server
SMTP uses commands and responses to transfer messages
between an MTA client and an MTA server. The command is from
an MTA client to an MTA server; the response is from an MTA
server to the MTA client.

Mail Transfer Phases

1. Connection Establishment
After a client has made a TCP connection to the well known port
25, the SMTP server starts the connection phase. This phase
involves the following three steps: 1. The server sends code 220
(service ready) to tell the client that it is ready to receive mail. If
the server is not ready, it sends code 421 (service not available).
2. The client sends the HELO message to identify itself, using its
domain name address. 3. The server responds with code 250
(request command completed).

2. Message Transfer
After connection has been established between the SMTP client
and server, a single message between a sender and one or more
recipients can be exchanged. This phase involves eight steps.
The client sends the MAIL FROM message to introduce the
sender of the message.
The server responds with code 250 (Request command
completed)
The client sends s the mail address of the recipient.
The server responds with code 250
The client sends the DATA message to initialize the message
transfer.
The server responds with code 354 (Start mail input)
The client sends the contents of the message in consecutive
lines.
The server responds with code 250 (OK) after receiving all the
lines and end of mail command

3. Connection Termination After the message is transferred

successfully, the client terminates the connection.
Figure 26.16 shows the three mail transfer phases
The first and second stages of mail delivery use SMTP. However,
SMTP is not involved in the third stage because SMTP is a push
protocol; it pushes the message from the client to the server.
Message Access Agent: POP and IMAP
the third stage needs a pull protocol; the client must pull
messages from the server.
Currently two message access protocols are available: Post
Office Protocol, version 3 (POP3) and Internet Mail Access
Protocol, version 4 (IMAP4).
POP3
Post Office Protocol, version 3 (POP3) is simple but limited in
functionality. The client POP3 software is installed on the
recipient computer; the server POP3 software is installed on the
mail server.
Mail access starts with the client when the user needs to
download its e-mail from the mailbox on the mail server.
It then sends its user name and password to access the mailbox.
The user can then list and retrieve the mail messages, one by
one. Figure 26.17 shows an example of downloading using
POP3.
POP3 has two modes: the delete mode and the keep mode. In
the delete mode, the mail is deleted from the mailbox after each
retrieval. In the keep mode, the mail remains in the mailbox after
retrieval. The delete mode is normally used when the user is
working at her permanent computer and can save and organize
the received mail after reading or replying. The keep mode is
normally used when the user accesses her mail away from her
primary computer.

IMAP4 Another mail access protocol is Internet Mail Access

Protocol, version 4 (IMAP4). IMAP4 is similar to POP3, but it has
more features; IMAP4 is more powerful and more complex.

POP3 is deficient in several ways. It does not allow the user to

organize her mail on the server; the user cannot have different
folders on the server. In addition, POP3 does not allow the user
to partially check the contents of the mail before downloading.
IMAP4 provides the following extra functions:
❑ A user can check the e-mail header prior to downloading.
❑ A user can search the contents of the e-mail for a specific
string of characters prior to downloading.
❑ A user can partially download e-mail. This is especially useful if
bandwidth is limited and the e-mail contains multimedia with high
bandwidth requirements.
❑ A user can create, delete, or rename mailboxes on the mail
server.
❑ A user can create a hierarchy of mailboxes in a folder for e-
mail storage.

MIME
Electronic mail cannot be used for languages other than English
(such as French, German, Hebrew, Russian, Chinese, and
Japanese). Also, it cannot be used to send binary files or video or
audio data.
Multipurpose Internet Mail Extensions (MIME) is a supplementary
protocol that allows non-ASCII data to be sent through e-mail.
MIME as a set of software functions that transforms non-ASCII
data to ASCII data and vice versa, as shown in Figure 26.18.

MIME defines five headers

MIME-Version - The current version is 1.1
Content-Type - The content type and the content subtype are
separated by a slash. MIME allows seven different types of data.
Content-Transfer-Encoding - encode the messages into 0s and
1s. The five types of encoding methods.
Content-ID - This header uniquely identifies the whole message
in a multiple message environment.
Content-Description - This header defines whether the body is
image, audio, or video.

26.3.2 Web-Based Mail

Websites that provide email service are - Hotmail, Yahoo, and
Google mail.
Suppose Alice and Bob use web servers, but not necessarily the
same server. Alice sends the message to the web server using
HTTP transactions. Alice sends an HTTP request message to her
web server using the name and address of Bob’s mailbox as the
URL. The server at the Alice site passes the message to the
SMTP client and sends it to the server at the Bob site using
SMTP protocol. Bob receives the message using HTTP
transactions. However, the message from the server at the Alice
site to the server at the Bob site still takes place using SMTP
protocol.

26.4 TELNET
TELNET, which is an abbreviation for TErminaL NETwork, is one
of the remote logging protocols.
Because of the security issues, the use of TELNET has
diminished, and Secure Shell (SSH) is more commonly used.
Although TELNET is almost replaced by SSH, we briefly discuss
TELNET here for two reasons:
1. The simple plaintext architecture of TELNET allows us to
explain the issues and challenges related to the concept of
remote logging, which is also used in SSH.
2. Network administrators often use TELNET for diagnostic and
debugging purposes.

26.4.1 Local versus Remote Logging

When a user logs into a local system, it is called local logging. As
a user types at a terminal, the keystrokes are accepted by the
terminal driver. The terminal driver passes the characters to the
operating system. The operating system, in turn, interprets the
combination of characters and invokes the desired application
program or utility.

When a user wants to access an application program on a

remote machine, she performs remote logging. The user sends
the keystrokes to the terminal driver. The characters are sent to
the TELNET client, which transforms the characters into a
universal character set called Network Virtual Terminal (NVT)
characters. The commands or text, in NVT form, travel through
the Internet and arrive at the TCP/IP stack at the remote
machine. Here the characters are passed to the TELNET server,
which changes the characters to the corresponding characters
understandable by the remote computer. However, the characters
cannot be passed directly to the operating system because the
remote operating system is not designed to receive characters
from a TELNET server; A software called a pseudoterminal driver
is used, which pretends that the characters are coming from a
terminal. The operating system then passes the characters to the
appropriate application program.

Network Virtual Terminal (NVT)

In remote logging, we are dealing with heterogeneous systems.
The command formats vary in different types of systems. End-of-
file command in a computer with DOS operating system is Ctrl+z,
while the UNIX operating system recognizes Ctrl+d.
TELNET solves this problem by defining a universal interface
called the Network Virtual Terminal (NVT) character set. Via this
interface, the client TELNET translates characters (data or
commands) that come from the local terminal into NVT form and
delivers them to the network. The server TELNET, on the other
hand, translates data and commands from NVT form into the
form acceptable by the remote computer.
NVT uses two sets of characters, one for data and one for
control. Both are 8-bit bytes.

26.5 SECURE SHELL (SSH)

Although Secure Shell (SSH) is a secure application program that
can be used today for several purposes such as remote logging
and file transfer, it was originally designed to replace TELNET.

SSH is an application-layer protocol with three components, as

shown in Figure 26.25.
SSH Transport-Layer Protocol (SSH-TRANS)
SSH first uses a protocol that creates a secured channel on top
of the TCP. This new layer is an independent protocol referred to
as SSH-TRANS.
List the services provided by this protocol:
1. Privacy or confidentiality of the message exchanged
2. Data integrity, which means that it is guaranteed that the
messages exchanged between the client and server are not
changed by an intruder
3. Server authentication, which means that the client is now sure
that the server is the one that it claims to be
4. Compression of the messages, which improves the efficiency
of the system and makes attack more difficult

SSH Authentication Protocol (SSH-AUTH)

Used to authenticate the client for the server.
Authentication starts with the client, which sends a request
message to the server. The request includes the user name,
server name, the method of authentication, and the required data.
The server responds with either a success message, which
confirms that the client is authenticated, or a failed message
SSH Connection Protocol (SSH-CONN)
After the secured channel is established and both server and
client are authenticated for each other, SSH can call SSH-CONN.
One of the services provided by the SSH-CONN protocol is
multiplexing. SSH-CONN takes the secure channel established
by the two previous protocols and lets the client create multiple
logical channels over it. Each channel can be used for a different
purpose, such as remote logging, file transfer, and so on.

26.5.2 Applications
SSH for Remote Logging - Several free and commercial
applications use SSH for remote logging. Among them, we can
mention PuTTy, by Simon Tatham, which is a client SSH program
that can be used for remote logging.
Putty is used to connect to remote computers using protocols like
SSH, Telnet, and more.
SSH for File Transfer - One of the application programs that is
built on top of SSH for file transfer is the Secure File Transfer
Program (sftp). The sftp application program uses one of the
channels provided by the SSH to transfer files.

Port Forwarding - The SSH port forwarding mechanism creates a

tunnel through which the messages belonging to other protocols
can travel. For this reason, this mechanism is sometimes referred
to as SSH tunneling. Applications such as TELNET and Simple
Mail Transfer Protocol (SMTP) can use the services of the SSH
port forwarding mechanism. This helps to use the secured
channels available in SSH to access an application program that
does not provide security services.
Format of the SSH Packets

The length field defines the length of the packet. One to eight
bytes of padding is added to the packet to make the security
attack more difficult. The cyclic redundancy check (CRC) field is
used for error detection. The type field designates the type of the
packet used in different SSH protocols. The data field is the data
transferred by the packet in different protocols.

26.6 DOMAIN NAME SYSTEM (DNS)

• All the hosts connected to network is identified by IP address.

But it is difficult for human beings to remember these IP address
to access a particular host. Hence hosts are identified by
hostnames. Ex: google.com
• But the routers require IP address to forward the packet.
• In order to map hostname with the IP address DNS is used.
This is analogous to the telephone network.
The DNS is a distributed database implemented in a hierarchy of
DNS servers
For eg,
Consider what happens when a browser running on some user’s
host, requests the URL www.google.com.
In order for the user’s host to be able to send an HTTP request
message to the web server www.google.com, the user’s host
must first obtain the IP address of www.google.com.
This is done as follows.
1. The same user machine runs the client side of the DNS
application.
2. The browser extracts the hostname, www.google.com, from
the URL and passes the hostname to the client side of the DNS
application.
3. The DNS client sends a query containing the hostname to a
DNS server.
4. The DNS client eventually receives a reply, which includes the
IP address for the hostname.
5. Once the browser receives the IP address from DNS, it can
initiate a TCP connection to the HTTP server process located at
port 80 at that IP address.

26.6.1 Name Space

The names used must be unique. A name space maps each
address to a unique name. DNS uses domain name space, which
is a hierarchical name space. Eg: ceasar.first.com and
ceasar.second.com
Each node in the tree has a domain name. A full domain name is
a sequence of labels separated by dots (.).

The information contained in the domain name space must be

stored. However, it is very inefficient and also not reliable to have
just one computer store such a huge amount of information. It is
inefficient because responding to requests from all over the world
places a heavy load on the system. It is not reliable because any
failure makes the data inaccessible.

Hierarchy of Name Servers

The solution to these problems is to distribute the information
among many computers called DNS servers. Each server can be
responsible (authoritative) for either a large or small domain. In
other words, we have a hierarchy of servers in the same way that
we have a hierarchy of names.
Since the complete domain name hierarchy cannot be stored on
a single server, it is divided among many servers. What a server
is responsible for or has authority over is called a zone.

A root server is a server whose zone consists of the whole tree. A

root server usually does not store any information about domains
but delegates its authority to other servers, keeping references to
those servers. There are several root servers, each covering the
whole domain name space. The root servers are distributed all
around the world.
DNS defines two types of servers: primary and secondary.
The primary and secondary servers are both authoritative for the
zones they serve. The idea is to create redundancy for the data
so that if one server fails, the other can continue serving clients.

26.6.2 DNS in the Internet

DNS is a protocol that can be used in different platforms.
In the Internet, the domain name space (tree) was originally
divided into three different sections: generic domains, country
domains, and the inverse domains. The inverse domains are now
deprecated.

Generic Domains - The generic domains define registered hosts

according to their generic behaviour.
Eg: com Commercial organizations, edu Educational institutions,
org Nonprofit organizations

Country Domains - The country domains section uses two-

character country abbreviations. e.g., us for United States

26.6.3 Resolution
Mapping a name to an address is called name-address
resolution.
A host that needs to map an address to a name or a name to an
address calls a DNS client called a resolver. The resolver
accesses the closest DNS server with a mapping request. If the
server has the information, it satisfies the resolver; otherwise, it
either refers the resolver to other servers or asks other servers to
provide the information. After the resolver receives the mapping,
delivers the result to the process that requested it. A resolution
can be either recursive or iterative.

Recursive Resolution
For example, assume some.anet.com needs to find the IP
address of another host named engineering.mcgraw-hill.com to
send a message to.
The application program on the source host calls the DNS
resolver (client) to find the IP address of the destination host. The
resolver, which does not know this address, sends the query to
the local DNS server running at the Anet ISP site (event 1).
It sends the query to a root DNS server (event 2). Root server will
send the query to the correct top-level-domain server, i.e., com
server (event 3). The query is forwarded to the local DNS server
in the McGraw-Hill company (for example, dns.mcgraw-hill.com)
(event 4). This knows the IP address. The IP address is now sent
back to the top-level DNS server (event 5), then back to the root
server (event 6), then back to the ISP DNS server, which may
cache it for the future queries (event 7), and finally back to the
source host (event 8).

Iterative Resolution
In iterative resolution, each server that does not know the
mapping sends the IP address of the next server back to the one
that requested it.
Explain each event.

26.6.4 Caching
When a server asks for a mapping from another server and
receives the response, it stores this information in its cache
memory before sending it to the client. Using cache memory
increases efficiency and reduces search time. Next, if the same
or another client asks for the same mapping, it can check its
cache memory and resolve the problem. However, it informs the
client that the response is coming from the cache memory and
not from an authoritative source, the server marks the response
as unauthoritative.
Caching speeds up resolution, but it can also be problematic. If a
server caches a mapping for a long time, the information may
become outdated. To counter this, the authoritative server always
adds information to the mapping called time to live (TTL). It
defines the time in seconds that the receiving server can cache
the information. After that time, the mapping is invalid and any
query must be sent again to the authoritative server. The cache
memory must be searched periodically and those mappings with
an expired TTL must be deleted.
26.6.5 Resource Records
A DNS server stores a database of resource records. A resource
record is a 5-tuple structure, as shown below:
(Domain Name, Type, Class, TTL, Value)
The domain name field is what identifies the resource record. The
value defines the information kept about the domain name. The
TTL defines the number of seconds for which the information is
valid. The class defines the type of network. class IN means
Internet.

26.6.6 DNS Messages

To retrieve information about hosts, DNS uses two types of
messages: query and response. Both types have the same
format as shown in Figure 26.38.
The identification field is used by the client to match the response
with the query.
The flag field defines whether the message is a query or
response.
The next four fields in the header define the number of each
record type in the message.
The question section consists of one or more question records.
The answer section consists of one or more resource records.
It is present only in response messages.
The authoritative section gives information (domain name) about
one or more authoritative servers for the query.
The additional information section provides additional information
that may help the resolver.

Eg:
(from DNS Message — How to Read Query and Response
Message | by Carson | Medium)

Encapsulation
DNS can use either UDP or TCP.
DNS used port 53.
UDP is used when the size of the response message is less than
512 bytes.
If the size of the response message is more than 512 bytes, a
TCP connection is used.

26.6.7 Registrars
How are new domains added to DNS? This is done through a
registrar.
A registrar first verifies that the requested domain name is unique
and then enters it into the DNS database. A fee is charged.
For example, a new commercial organization needs to give the
following information to one of the registrars for registering its
domain:

26.6.8 DDNS
In DNS, when there is a change, such as adding a new host,
removing a host, or changing an IP address, the DNS master file
must be updated dynamically. The Dynamic Domain Name
System (DDNS) is used for this purpose.

26.6.9 Security of DNS

DNS is one of the most important systems in the Internet
infrastructure; it provides crucial services to Internet users.
Applications such as Web access or e-mail are heavily
dependent on the proper operation of DNS. DNS can be attacked
in several ways including:
1. The attacker may read the response of a DNS server to find
the nature or names of sites the user mostly accesses.
2. The attacker may intercept the response of a DNS server
and change it or create a totally new bogus response to
direct the user to the site or domain the attacker wishes the
user to access.
 3. The attacker may flood the DNS server to overwhelm it or
eventually crash it.
To protect DNS, IETF has devised a technology named DNS
Security (DNSSEC) that provides message origin authentication
and message integrity using a security service called digital
signature