1. CS8591 COMPUTER NETWORKS
UNIT – V
Dr.A.Kathirvel, Professor & Head, Computer Science & Engg.
M N M Jain Engineering College, Chennai
2. Unit - V
APPLICATION LAYER
WWW and HTTP – FTP – Email –Telnet
–SSH – DNS – SNMP.
Behrouz A. Forouzan, Data Communications and Networking, Fifth Edition
TMH, 2013
3. 26-1 WORLD WIDE WEB AND HTTP
In this section, we first introduce the World
Wide Web (abbreviated WWW or Web). We
then discuss the Hyper-Text Transfer Protocol
(HTTP), the most common client-server
application program used in relation to the
Web.
26.3
3
6. The Server Side
A multithreaded Web server with a front end
and processing modules.
6 6
7. 26.26.1 World Wide Web
The idea of the Web was first proposed by Tim
Berners-Lee in 1989 at CERN, the European
Organization for Nuclear Research, to allow several
researchers at different locations throughout
Europe to access each others’ researches. The
commercial Web started in the early 1990s.
7
8. Assume we need to retrieve a scientific document that
contains one reference to another text file and one reference
to a large image. Figure 26.1 shows the situation.
The main document and the image are stored in two
separate files in the same site (file A and file B); the
referenced text file is stored in another site (file C). Since
we are dealing with three different files, we need three
transactions if we want to see the whole document.
Example 26.1
8
11. 26.26.2 HyperText Transfer Protocol
The HyperText Transfer Protocol (HTTP) is used to
define how the client-server programs can be written
to retrieve web pages from the Web. An HTTP client
sends a request; an HTTP server returns a response.
The server uses the port number 80; the client uses a
temporary port number. HTTP uses the services of
TCP, which, as discussed before, is a connection-
oriented and reliable protocol.
11
12. The World Wide Web - HTTP
❑ Hypertext Transfer Protocol (HTTP) is a
communications protocol used to transfer or convey
information on intranets and the World Wide Web. Its
original purpose was to provide a way to publish and
retrieve hypertext pages, mainly scientific paper. Created in
CERN, Geneva.
❑ Development of HTTP was coordinated by the W3C
(World Wide Web Consortium) and the IETF (Internet
Engineering Task Force), culminating in the publication of a
series of RFCs, most notably
RFC 2616 (June 1999), which defines HTTP/1.1, the
current version.
❑ HTTP is a request/response protocol between a client and
a server. It works on the well known TCP port 80.
12
13. Figure 26.3 shows an example of a nonpersistent connection. The client needs to
access a file that contains one link to an image. The text file and image are located
on the same server. Here we need two connections. For each connection, TCP
requires at least three handshake messages to establish the connection, but the
request can be sent with the third one. After the connection is established, the object
can be transferred. After receiving an object, another three handshake messages are
needed to terminate the connection.
Example 26.3
13
Figure 26.3: Example 26.3
14. Figure 26.4 shows the same scenario as in Example 26.3, but using a
persistent connection. Only one connection establishment and
connection termination is used, but the request for the image is sent
separately.
Example 26.4
14
Figure 26.4: Example 26.4
19. This example retrieves a document (see Figure 26.6). We use the GET method to
retrieve an image with the path /usr/bin/image26. The request line shows the method
(GET), the URL, and the HTTP version (26.1). The header has two lines that show that
the client can accept images in the GIF or JPEG format. The request does not have a
body. The response message contains the status line and four lines of header. The
header lines define the date, server, content encoding (MIME version, which will be
described in electronic mail), and length of the document. The body of the document
follows the header..
Example 26.5
19
Figure 26.6:
Example 26.5
20. In this example, the client wants to send a web page to be posted on the server.
We use the PUT method. The request line shows the method (PUT), URL, and
HTTP version (26.1). There are four lines of headers. The request body
contains the web page to be posted. The response message contains the status
line and four lines of headers. The created document, which is a CGI
document, is included as the body (see Figure 26.7).
Example 26.6
Figure 26.7:
Example 26.6
20
21. Figure 26.8 shows a scenario in which an electronic store
can benefit from the use of cookies. Assume a shopper
wants to buy a toy from an electronic store named BestToys.
The shopper browser (client) sends a request to the BestToys
server. The server creates an empty shopping cart (a list) for
the client and assigns an ID to the cart (for example, 12343).
The server then sends a response message, which contains
the images of all toys available, with a link under each toy
that selects the toy if it is being clicked. This response
message also includes the Set-Cookie header line whose
value is 12343. The client displays the images and stores the
cookie value in a file named BestToys.
Example 26.8
22
23. Figure 26.9 shows an example of a use of a proxy server in a local network, such as
the network on a campus or in a company. The proxy server is installed in the local
network. When an HTTP request is created by any of the clients (browsers), the
request is first directed to the proxy server If the proxy server already has the
corresponding web page, it sends the response to the client. Otherwise, the proxy
server acts as a client and sends the request to the web server in the Internet. When
the response is returned, the proxy server makes a copy and stores it in its cache
before sending it to the requesting client.
Example 26.9
24
Figure 26.9: Example
of a proxy server
24. HTML – HyperText Markup Language
❑ In 1980, physicist Tim Berners-Lee, who was an
independent contractor at CERN, proposed and
prototyped ENQUIRE, a hypertext system for CERN
researchers to use to share documents.
❑ In 1989, Berners-Lee and CERN data systems
engineer Robert Cailliau each submitted separate
proposals for an Internet-based hypertext system
providing similar functionality.
❑ In 1990, they collaborated on a joint proposal, the
World Wide Web (W3) project, which was accepted
by CERN.
25
25. HTML
A selection of common HTML tags. some can have additional
parameters (attributes).
26
26. 26-2 FTP
File Transfer Protocol (FTP) is the standard protocol provided by
TCP/IP for copying a file from one host to another. Although
transferring files from one system to another seems simple and
straightforward, some problems must be dealt with first.
27
Control
connection
Data
connection
27. File Transfer Protocol (FTP)
❑ File Transfer Protocol (FTP) is the standard mechanism
provided by TCP/IP for copying of any kind of files from one
host to another.
❑ Defined in RFC 959 (1985).
❑ FTP uses the services of TCP. It needs two TCP
connections.
❑ The well-known TCP port 21 is used for the control
connection and the well-known port 20 for the data
connection.
28
28. 26.2.1 Two Connections
The two connections in FTP have different lifetimes. The control
connection remains connected during the entire interactive FTP session.
The data connection is opened and then closed for each file transfer
activity. It opens each time commands that involve transferring files are
used, and it closes when the file is transferred.
26.2.2 Control Connection
For control communication, FTP uses the same approach as TELNET
(discussed later). It uses the NVT ASCII character set as used by
TELNET. Communication is achieved through commands and responses.
This simple method is adequate for the control connection because we
send one command (or response) at a time. Each line is terminated with a
two-character (carriage return and line feed) end-of-line token.
29
30. Table 26.4 : Some FTP commands (continued)
Table 26.5: Some responses in FTP
31
31. 26.2.3 Data Connection
The data connection uses the well-known port 20 at the
server site. However, the creation of a data connection is
different from the control connection. The following shows
the steps:
1.The client, not the server, issues a passive open using an
ephemeral port.
2.Using the PORT command the client sends this
port number to the server.
3. The server receives the port number and issues
an active open using the well-known port 20 and
the received ephemeral port number.
32
32. Figure 26.11 shows an example of using
FTP for retrieving a file. The figure
shows only one file to be transferred.
The control connection remains open all
the time, but the data connection is
opened and closed repeatedly. We
assume the file is transferred in six
sections. After all records have been
transferred, the server control process
announces that the file transfer is done.
Since the client control process has no
file to retrieve, it issues the QUIT
command, which causes the service
connection to be closed.
Example 26.10
Figure 26.11:
Example 26.12
33
33. The following shows an actual FTP session that lists
the directories.
Example 26.11
34
34. 26.2.4 Security for FTP
The FTP protocol was designed when security was
not a big issue. Although FTP requires a password,
the password is sent in plaintext (unencrypted),
which means it can be intercepted and used by an
attacker. The data transfer connection also transfers
data in plaintext, which is insecure. To be secure,
one can add a Secure Socket Layer between the FTP
application layer and the TCP layer. In this case
FTP is called SSL-FTP. We also explore some secure
file transfer applications when we discuss SSH later
in the chapter.
35
35. 26-3 ELECTRONIC MAIL
Electronic mail (or e-mail) allows users to exchange messages. The
nature of this application is different from other applications discussed
so far. This means that the idea of client/server programming should
be implemented in another way: using some intermediate computers
(servers).
36
To explain the architecture of e-mail, we give a common scenario, as
shown in Figure 26.12. Another possibility is the case in which Alice
or Bob is directly connected to the corresponding mail server, in which
LAN or WAN connection is not required, but this variation in the
scenario does not affect our discussion.
26.3.1 Architecture
42. To show the three mail transfer
phases, we show all of the steps
described above using the
information depicted in Figure
26.16. In the figure, we have
separated the messages related to
the envelope, header, and body in
the data transfer section. Note that
the steps in this figure are repeated
two times in each e-mail transfer:
once from the e-mail sender to the
local mail server and once from
the local mail server to the remote
mail server. The local mail server,
after receiving the whole e-mail
message, may spool it and send it
to the remote mail server at
another time.
Example 26.12
Fig. 26.16:Example 26.12
43
49. 26.3.2 E-Mail Security
The protocol
discussed in this
section does not
provide any security
provisions. However,
e-mail exchanges can
be secured using two
application-layer
securities designed in
particular for e-mail
systems. Two of these
protocols, Pretty
Good Privacy (PGP)
and
Secure/Multipurpose
Internet Mail
Extensions
(S/MIME).
Figure 26.22: Web-based e-mail, cases I and II
50
50. 26-4 TELNET
It is impossible to have a client/server pair for each
type of service we need; the number of servers soon
becomes intractable. The idea is not scalable. The
solution is to have a specific client/server program
for a set of common scenarios, but to have some
generic client/server programs for the rest.
51
51. Trivial FTP (TFTP)
❑A very simple file transfer protocol, with the functionality of a very basic
form of FTP. Defined in 1980.
❑TFTP uses UDP port 69 (not TCP!)
❑An ex. of TFTP usage for remote boot through BOOTP protocol in a LAN:
52
52. FTP pros and cons
❑ Advantages:
❑ Simple implementation
❑ Universal application
❑ Wide used and standartized
❑ Disadvantages:
❑ Clear text passwords, unencrypted data.
❑ Multiple TCP/IP connections are used = > Firewalls problems.
❑ Hard to filter active mode FTP traffic on the client side by using a
firewall.
❑ It is possible to abuse the protocol's built-in proxy features to tell a server
to send data to an arbitrary port of a third computer;
❑ High latency.
❑ No integrity check on the receiver side.
❑ No date/timestamp attribute transfer.
53
53. 26.4.1 Local versus Remote Logging
We first discuss the concept of local and remote logging as
shown in Figure 26.23.
Figure 26.23: Local versus remote logging
54
55. 26-5 SECURE SHELL (SSH)
Although Secure Shell (SSH) is a secure
application program that can be used today for
several purposes such as remote logging and file
transfer, it was originally designed to replace
TELNET. There are two versions of SSH. The first
version, SSH-1, is now deprecated because of
security flaws in it. In this section, we discuss only
SSH-2.
56
56. 26.5.1 Components
SSH is an application-layer protocol with three
components, as shown in Figure 26.25.
Figure 26.25: Components of SSH
57
57. Although SSH is often thought of as a replacement for
TELNET, SSH is, in fact, a general-purpose protocol that provides a
secure connection between a client and server.
26.5.2 Applications
Fig 26.26: Port Forwarding
Figure 26.27: SSH Packet Format
58. DNS : Domain Name System
❑ To map a hostname to an IP-address and vice
versa.
Example:
www.acad.bg 194.141.0.9
❑ Each hostname may has zero or more corresponding IP-
addresses.
❑ Each IP-address may correspond to zero or more
hostnames.
59
59. DNS
❑ Host name to address mappings were maintained by the Network
Information Center (NIC) in a single file (HOSTS.TXT) which was
transferred to all hosts using FTP (about 25 years ago).
Disadvantages:
❑ Ineffective – Bandwidth consumed in distributing a new version by
this scheme is proportional to the square of the number of hosts in the
network.
❑ The network population was also changing in character.
❑ The applications on the Internet were getting more sophisticated and
creating a need for general purpose name service.
60
60. DNS design goals
❑The primary goal is a consistent name space which will be
used for referring to resources.
❑The database which holds the names must be distributed.
❑The costs of implementing such a facility dictate that it be
generally useful, and not restricted to a single application.
❑Use the same name space with different protocol families
or management.
❑Name server transactions must be independent of the
communications system that carries them.
❑The system should be useful across a wide spectrum of
host capabilities. Both personal computers and large
timeshared hosts (mainframes) should be able to use the
system, though perhaps in different ways. 61
61. DNS Elements: 3 main components
1. The DOMAIN NAME SPACE and RESOURCE RECORDS,
which are specifications for a tree structured name space and data
associated with the names.
2. NAME SERVERS are server programs which hold information
about the domain tree's structure and set information.
3. RESOLVERS are programs that extract information from name
servers in response to client requests.
These three components roughly correspond to the three layers or
views of the DNS:
❑ From the user's point of view, the domain system is accessed through
a simple procedure.
❑ From the resolver's point of view, the domain system is composed of
an unknown number of name servers.
❑ From a name server's point of view, the domain system consists of
separate sets of local information called zones.
62
62. Name space specifications and terminology
❑ The domain name space is a tree structure composed by nodes.
❑ Each node has a label, which is zero to 63 octets in length.
❑ The domain name of a node is the list of the labels on the path from
the node to the root of the tree.
❑ The name of the root node is empty string (zero length) – “”.
❑ Internally, programs that manipulate domain names should represent
them as sequences of labels, where each label is a length octet
followed by an octet string.
❑ Domain names are case-insensitive using the ASCII codes with high
order zero bit.
❑ When a user types a domain name, the length of each label is omitted
and the labels are separated by dots ("."). Since a complete domain
name ends with the root label, this leads to a printed form which ends
in a dot.
63
63. Example Name Space
(a graphical tree view)
com edu bg eu info
ucla
physics
yahoo
joe
acad
amigo val
see-
grid
www
kevinmary
Top Level Domains (TLD)
One Root domain (“”)
test
sigma
book
mail
Delegation
2nd Level Domains
Up to 127 levels
3
rd Level Domains
ICANN, IANA
64
64. Top Level Domains
❑ Generic domains (gTLD): com, org, net, int (all around the world);
edu, gov, mil (located in USA only); aero, biz, coop, info,
museum, name, pro(new domains,since 2000)
❑ Country code domains (ccTLD): bg, uk, fr, it, ...
❑ Special infrastructure domain: arpa
❑ Loopback domains: localhost, localdomain
❑ And the domain eu for European Union!
ResourceRecords
❑ The distributed database which holds the
names consists of several Resource Records.
❑ Resource record - Set of resource information
associated with a particular name.
65
65. DNS server
A computer with software which:
❑ Holds and maintains specified part of the distributed database of
resource records.
❑ Responds to the name queries.
❑ Exchanges the zone information with other DNS servers.
These tasks are described in the DNS protocol (RFC 1035) located on
the Application Layer of the “TCP/IP reference model”.
Delegation:
❑ ICANN organization delegates root DNS servers.
❑ The root servers delegate TLD DNS servers.
❑ A TLD DNS server delegates Second Level DNS server etc. 66
66. The root DNS servers
At the heart of the DNS are 13 special computers, called root
servers. They are coordinated by ICANN and are distributed
around the world.
A.ROOT-SERVERS.NET. 198.41.0.4
B.ROOT-SERVERS.NET. 192.228.79.201
C.ROOT-SERVERS.NET. 192.33.4.12
D.ROOT-SERVERS.NET. 128.8.10.90
E.ROOT-SERVERS.NET. 192.203.230.10
F.ROOT-SERVERS.NET. 192.5.5.241
G.ROOT-SERVERS.NET. 192.112.36.4
H.ROOT-SERVERS.NET. 128.63.2.53
I.ROOT-SERVERS.NET. 192.36.148.17
J.ROOT-SERVERS.NET. 192.58.128.30
K.ROOT-SERVERS.NET. 193.0.14.129
L.ROOT-SERVERS.NET. 199.7.83.42
M.ROOT-SERVERS.NET. 202.12.27.33
67
68. DNS servers
Primary DNS server for a given domain – holds resource records for the zone.
The zone configuration is written by the system administrator.
Secondary DNS server for a given domain – it exists for the case when the
Primary DNS server is failed or overloaded. The Secondary server
downloads the zone information from the Primary periodically or by
notification.
➢ Every domain must have one Primary DNS server and at least one
Secondary.
The Primary and Secondary DNS servers are also called authoritative for
their domain and non-authoritative for the rest of domains in the world.
E.g. the authoritative servers always hold up to date zone information for
the domain.
➢ Caching only DNS servers – they cache DNS queries and answers for
speed-up the service. These servers are not authoritative for any domain.
Most of the authoritative DNS servers are caching too. 69
69. DNS query flow
1. A DNS client forms the query and sends it according the OS configuration.
2. The local resolver opens a special file called hosts and looks in case the
answer is already written here. If not then next:
3. The client calls one of the OS configured DNS servers.
4. If the DNS server knows (or already cached) the answer, then returns it.
5. If the DNS server doesn’t know the answer, it sends a recursive query
through the DNS hierarchy, starting from the root domain. The recursive
query consists of several sub-queries to the corresponding DNS servers.
6. The DNS servers returns the result – the answer or error message.
70
70. Reverse DNS query
❑ The reverse query uses the special infrastructure domain in-
addr.arpa
❑ The IP is written before this special domain in reverse order of
numbers separated with dots.
❑ Example: 194.141.0.0 corresponds to 0.0.141.194.in-
addr.arpa
❑ The reverse query starts from a root DNS server and follows the
delegation path.
❑ Example in Unix/Linux:dig 0.0.141.194.in-addr.arpa +trace
❑ (It traces and shows the delegation path from the root name
servers down to SOA DNS server)
71
71. DNS protocol details
❑ The protocol uses two transport protocols from the lower layer:
❑ UDP on port 53 and
❑ TCP on port 53.
❑ The queries and answers are transferred using the unreliable protocol
UDP for speed. But it is preferred because the OS configured DNS
servers are near, usually in the same LAN.
❑ The zone transfers between the DNS servers are performed through
TCP, because it must be reliable.
❑ Each resource record consists of the following data fields
( in text readable format! ): owner type class TTL RDATA
72
72. Resource Records
The data fields
owner - A string which is the domain name where the RR is found.
type - which is an encoded 16 bit value that specifies the type of the resource in this
resource record. Types refer to abstract resources. Each abstract resource has memo
name:
A - a host address
CNAME - identifies the canonical name of an alias
MX - identifies a mail exchange for the domain
PTR - a pointer to another part of the domain name space etc.
class - which is an encoded 16 bit value which identifies a protocol family or instance
of a protocol. This memo uses the following classes:
IN - the Internet system or CH - the Chaos system
TTL - which is the time to live of the RR. This field is a 32 bit integer in units of
seconds, an is primarily used by resolvers when they cache RRs. The TTL describes
how long a RR can be cached before it should be discarded.
RDATA - which is the type and sometimes class dependent data which describes the
resource.
73
73. Resource Records
Example
(in text readable format!)
acad.bg. IN A 194.141.0.9
acad.bg. IN MX 10 mx-a.acad.bg.
IN MX 20 mx-b.acad.bg.
IN NS amigo.acad.bg.
IN NS unicom.acad.bg.
localhost IN A 127.0.0.1
poseidon IN A 194.141.0.1
backbone IN A 194.141.252.2
iris IN A 194.141.0.2
amigo IN AAAA 2001:4b58:acad::3
unicom IN AAAA 2001:4b58:acad::9
bis-21++ IN CNAME unicom.acad.bg.
3 IN PTR amigo.acad.bg.
... 74
75. DNS protocol details
DNS message data fields
❑ The IDENTIFICATION field is set by the client and returned by the server.
❑ The 16-bit PARAMETER consists of:
❑ 0-th bit field: 0 means the message is a query,1 means it's a response.
❑ 1-4 bit fields - OPCODE:
❑ 0000 - is a normal value (Standard query).
❑ 0001 - an inverse query.
❑ 0010 - the server status request.
❑ 5-th bit field - Authoritative answer. The name server is authoritative for the
domain in the question section.
❑ 6-th bit field is set if message truncated. With UDP this means that the total size
of the reply exceeded 512 bytes, and only the first 512 bytes the of the reply
were returned.
❑ 7-th bit field - Recursion Desired. This bit can be set in a query and is then
returned in the response.
❑ 8-th bit field - Recursion Available.
❑ 9-11 -th bits field has to be 0.
❑ 12-15 -th bits field - Return Code. 0- no error, 3- name error.
76
76
76. DNS protocol details
DNS message data fields
❑ The fields labeled NUMBER OF ... give each a count of entries in the
corresponding sections in the message.
❑ The QUESTION SECTION contains queries for which answers are
desired. The client fills in only the question section; the server returns
the question and answers with its response. Each question has Query
Domain Name followed by Query Type and Query Class fields (as
depicted in the next slides)
❑ ANSWER,AUTHORITY,ADDITIONAL INFORMATION sections
consist of a set of resource records that describe domain names and
mappings. Each resource record describes one name (as depicted in
the next slides)
77
77. DNS protocol details
The QUESTION section format in the DNS message
The DOMAIN NAME has variable length.
Clients fill in the questions; servers return them along with the answers.
78
79. Simple Network Management Protocol (SNMP)
❑ Application layer protocol within the OSI model. It
uses UDP as transport.
❑ “The protocol that specifies how a network
management station communicates with agent
software in remote devices such as routers. SNMP
defines the format of messages and their meaning.”
- Computer Networks and Internets by Douglas E.
Comer.
80
80
80. SNMP – Version history
❑ Size and number of networks required a standard
protocol in order to communicate with devices on
the network.
❑ 1970’s - SNMPv1, the first network management
protocol.
❑ Originally designed as a “quick-fix” .
❑ 1988 - SNMPv2 standard designed.
❑ 2004 – SNMPv3, the current version
❑ RFC 3411 – RFC 3418 (also known as STD0062).
81
81. SNMP Technology
❑ Exchanges network information through PDU’s.
❑ Part of the Internet Network Management Architecture
❑ Internet Management Model
❑ Network elements
❑ Agents
❑ Managed objects
❑ MIB’s (Management Information Bases)
❑ Syntax notation
❑ SMI (Structure of Management Info)
❑ NMS (Network-management systems)
❑ Parties
❑ Management protocols
Agent Agent Agent
MIB MIB MIB
Network
Management
Application
User
Interface
SNMPSNMPSNMP
Managed Device Managed DeviceManaged Device
NMS
82
82. SNMP Operations
❑ SNMP is a simple “request/response” protocol which uses
six operations:
❑ Get
❑ GetNext
❑ GetBulk
❑ Set
❑ Trap
❑ Inform
83
83
83. SNMP v1 Packet Format
❑ SNMP v1 packets contain two parts:
❑ First part contains version and community name.
❑ Second part contains PDU.
Version Community SNMP PDU
PDU
Type
Request
ID
Error
Status
Error
Index
Object 1,
Value 1
Object 2,
Value 2
Object X,
Value X ...
84
84. SNMP v2 Packet Format
❑ Like SNMP v1, SNMP v2 contain two parts:
❑ First part is called a wrapper which contains authentication,
privacy information and a context.
❑ Second contains a PDU with similarities to SNMP v1.
85
Wrapper SNMP PDU
PDU
Type
Request
ID
Error
Status
Error
Index
Object 1,
Value 1
Object X,
Value X ...
OR OR
85
86. The new SNMP v3
❑ Structure, components and architecture similar to v1 and v2.
❑ New features include:
❑ Authentication and privacy.
❑ Authorization and access control.
❑ Naming of entities.
❑ People and policies.
❑ Usernames and key management.
❑ Notification destinations.
❑ Remotely configurable via SNMP operations.
87
87. SNMP Conclusion
❑ The goals: Integrated network management,
Interoperability, Standards.
❑ Network management applications based on SNMP rely on
the standards based TCP/IP protocol to effectively oversee
large heterogeneous networks.
❑ SNMP sits on the application layer and uses UDP protocol
to communicate with each network device.
❑ SNMP is essential in order to effectively maintain
today’s large networks. 88