15.

Network Services and

Applications

1. File Transfer Protocols

File transfer between hosts is a fundamental function of IP networks,
enabling users to share and manage files.

In the early days of the internet, file transfers were done through
command-line interfaces using protocols like File Transfer Protocol (FTP)
and Trivial File Transfer Protocol (TFTP), which remain important for
specific networking and system tasks.

FTP is a protocol used to transfer files between clients and servers over a
network, supporting two types of file transfer modes and two transfer
processes (active and passive).

It uses TCP to ensure reliable delivery.

1.1 Basic Concepts of FTP

Architecture:

FTP uses a client-server (C/S) architecture.

The client establishes a TCP connection with the server to upload or

download files.

Ports: FTP typically uses two ports:

Port 21: For control commands, establishing and managing the session.

Port 20: For actual file (data) transfers.

1.2 Transfer Modes in FTP

FTP supports two main file transfer modes depending on file types:

1. ASCII Mode:

Used for text files (e.g., .TXT , .LOG , .CFG ).

15. Network Services and Applications 1

 Transfers text files by converting character encoding to the ASCII
format for better transfer efficiency.

Recommended for files like configuration and log files.

2. Binary Mode:

Used for binary files (e.g., .BIN , .EXE , .PNG ).

Transfers files in binary format without altering the file.

Recommended for transferring system version files or

executables.

1.3 FTP Transfer Processes

FTP can operate in two modes, active mode and passive mode, which
differ in how they establish control and data connections:

1. Active Mode (PORT):

1. The client initiates a connection from a random port (>1024) to the

server's port 21.

2. The server responds and establishes a control connection with the

client for command transfer.

3. The client begins listening on another random port (>1024) and

uses the PORT command to inform the server of this port.

4. When data needs to be transferred, the server initiates a

connection from its port 20 to the client’s specified port.

Note: NAT challenges often arise with active mode. If the client is
behind a NAT, the IP/port information may not match, leading to a failed
connection.

2. Passive Mode (PASV):

1. The client initiates a connection from a random port (>1024) to

server’s port 21.

2. The server establishes a control connection and, on receiving a

PASV command, opens a random port (>1024) and informs the
client.

3. The client then initiates a connection from its listening port to the
server’s new port for data transfer.

15. Network Services and Applications 2

 Note: Passive mode is more NAT-friendly but may face issues if the FTP server
is in a restricted firewall zone.

2. TFTP (Trivial File Transfer Protocol)

TFTP is a simplified version of FTP, commonly used for transferring small
files like boot files or device configuration files.

Unlike FTP, it’s a lighter protocol with fewer features and operates over UDP
(User Datagram Protocol) on port 69, making it simpler but less reliable
than FTP due to the lack of error correction.

2.1 Basic Concepts of TFTP

No Authentication: TFTP does not require user authentication, simplifying
the process.

Limited Capabilities: Users can only request or upload files; directory

listings or browsing on the server are not supported.

Five Packet Types:

RRQ (Read Request): Initiates a file download from the server.

WRQ (Write Request): Initiates a file upload to the server.

DATA: Transmits file data packets.

ACK (Acknowledgment): Acknowledges successful receipt of each

data packet.

ERROR: Reports errors in the transfer process.

2.2 Differences Between FTP and TFTP

Feature FTP TFTP

Protocol TCP (Reliable) UDP (Unreliable)

Port 21 for control, 20 for data 69

Authentication Required Not required

Directory Limited to file download/upload

Can list and browse directories
Access only

File Size Support Large file support Primarily for small files

15. Network Services and Applications 3

 Control messages, data
Packet Types RRQ, WRQ, DATA, ACK, ERROR
packets

3. Telnet
Telnet is a network protocol used for remote device management, allowing
administrators to manage network devices over an IP network using
command-line access.

Since Telnet operates over TCP on port 23, any device capable of
accessing the Telnet server’s IP address and communicating over port 23
can remotely manage the server.

3.1 Application Scenarios of Telnet

Telnet is commonly used to remotely configure, monitor, and troubleshoot
network devices.

Here are some typical application scenarios for Telnet:

Remote Device Management: Network administrators can manage

routers, switches, access points (APs), firewalls, servers, and other
network devices from anywhere, as long as they have network access
to the Telnet server’s IP address.

Command-Based Management: Telnet provides command-line access,

making it useful for scenarios where administrators need to execute
multiple commands to configure or troubleshoot devices.

Alternative to Console Port Access: Unlike console access, which

requires a physical cable connection to the console port of the device,
Telnet doesn’t require direct physical access. It’s often preferred for
remote management in distributed networks.

3.2 Advantages and Considerations

Advantages: Telnet provides convenience and flexibility by allowing remote
access without specialized cables or physical presence.

Security Considerations: Since Telnet transmits data (including

passwords) in plain text, it’s generally considered insecure over public
networks. SSH (Secure Shell), which encrypts data, is often used as a

15. Network Services and Applications 4

 secure alternative. Telnet is more suitable for internal network management
where security is controlled.

3.3 Telnet Architecture

In Telnet, the device to be managed is known as the Telnet Server, and the
device connecting to it is the Telnet Client.

Both the server and client roles can often be fulfilled by network devices
like:

Access Controllers (ACs)

Access Points (APs)

Firewalls

Routers

Switches

Servers

3.4 VTY User Interface

When a Telnet connection is established, the Virtual Type Terminal (VTY)
user interface on the device manages and monitors the Telnet session
between the client and server.

Each VTY interface is configured to define access control parameters,

including:

Authentication Mode: Defines how users will authenticate when

logging into the device.

User Privilege Level: Determines the level of access the user will have
after logging in, which affects the commands they can execute.

The VTY interface is essential for setting up Telnet access control and session
management.

3.5 Configuration Elements in VTY Interface

1. User Interface View: When a Telnet session starts, the system allocates a
VTY user interface, and specific settings can be applied within this
interface.

15. Network Services and Applications 5

 Authentication Settings: Defines if authentication is required and the
type (e.g., password or username and password).

Privilege Levels: Controls access rights to different commands. A

higher privilege level provides more control over the device, while lower
levels may restrict command access.

2. Managing Multiple Sessions: A device can typically support multiple VTY

sessions simultaneously. The number of allowable VTY sessions is
determined by the device configuration. For example, many devices
support up to 5 VTY sessions by default, meaning up to 5 users can log in
simultaneously.

4. DHCP
4.1 Challenges of Manual IP Configuration:
Manual IP configuration involves manually assigning network parameters to
each device on the network, which leads to several challenges:

Too Many Complex Parameters:

Users often need to configure parameters like IP address, subnet

mask, gateway, and DNS servers.

Errors are common and can result in IP address conflicts and

network access issues.

High Workload for Administrators:

Network administrators must manually assign IP addresses and

other parameters, which is time-consuming and repetitive,
especially in large networks.

Low IP Utilization:

When each device has a fixed IP address, some IPs may go unused
for extended periods, leading to inefficient IP address utilization.

Lack of Flexibility:

In environments like WLANs, devices often move across network

segments.

Without DHCP, administrators would have to reconfigure IP

addresses manually whenever a device moves.

15. Network Services and Applications 6

 4.2 Basic Concepts of DHCP
Dynamic Host Configuration Protocol (DHCP) was developed to automate
the IP address assignment process, overcoming the drawbacks of static IP
configurations.

It follows a client-server (C/S) architecture, where the DHCP server

dynamically assigns IP addresses to DHCP clients upon request.

Key Elements in DHCP:

IP Address Pool: The DHCP server maintains a pool of available IP

addresses, from which it assigns addresses to clients.

Lease Mechanism: IP addresses are assigned for a specific lease

period, allowing the DHCP server to reclaim and reassign addresses
efficiently.

4.3 Advantages of DHCP

DHCP provides several benefits that make network management more
efficient:

Unified Management:

All IP addresses are centrally managed by the DHCP server,

simplifying IP management and reducing conflicts.

Efficient IP Utilization with IP Leases:

DHCP defines a lease time for each IP address assignment,

enhancing IP utilization.

If a device disconnects without renewing its lease, the IP address

returns to the pool and can be reassigned.

Plug-and-Play Connectivity:

Devices connected to the network automatically receive an IP

address, requiring no manual configuration from users.

4.4 DHCP Working Principle

DHCP follows a series of steps when assigning an IP address to a client,
commonly called the DORA process:

1. DHCP Discover:

15. Network Services and Applications 7

 When a client device connects to the network, it sends a broadcast
DHCP Discover packet to locate available DHCP servers.

2. DHCP Offer:

Upon receiving the DHCP Discover packet, DHCP servers respond

with a DHCP Offer message, which includes an available IP address
and other network parameters (subnet mask, gateway, DNS
servers).

3. DHCP Request:

The client selects an IP address from the received offers and

broadcasts a DHCP Request packet to confirm its choice.

4. DHCP Acknowledgment (ACK):

The DHCP server responds with a DHCP ACK, finalizing the lease
and confirming the IP address and network settings for the client.

4.5 DHCP Lease Renewal

The IP address lease has a predefined duration.

To prevent disruption, DHCP clients attempt to renew their lease before

expiration, following these two renewal intervals:

1. T1 (50% of Lease Time): At 50% of the lease period, the client sends a
unicast DHCP Request to the original DHCP server to renew the lease.
If successful, the server renews the lease and the client can continue
using the IP address.

2. T2 (87.5% of Lease Time): If the client does not receive a response by

T1, it waits until 87.5% of the lease has elapsed, then enters the
rebinding state and broadcasts a DHCP Request. Any DHCP server that
receives this request can respond with a DHCP ACK to renew the lease.

If the client fails to renew its lease by the end of the lease period, it must
release the IP address and restart the DORA process to acquire a new IP.

5. HTTP
Hypertext Transfer Protocol (HTTP) is an application-layer protocol that
enables communication between a client (like a browser) and a web server.

15. Network Services and Applications 8

 HTTP is crucial to web browsing as it defines how data is requested and
delivered over the internet.

Client/Server Architecture:

HTTP follows a client-server (C/S) model, where the client initiates

requests, and the server responds.

Transmission Protocol:

HTTP uses TCP as its transport layer protocol, ensuring reliable data
transfer.

Stateless:

HTTP is a stateless protocol, meaning each request is independent and

has no memory of previous requests.

This characteristic simplifies communication but can require additional

mechanisms (e.g., cookies) to maintain session information.

5.1 Components of the World Wide Web (WWW)

The World Wide Web (WWW), or simply the Web, is a system for sharing
information over the internet, consisting of three main components:

HTML (Hypertext Markup Language):

A markup language used for creating and formatting the content

displayed in a web browser.

HTTP (Hypertext Transfer Protocol):

The protocol for transferring HTML documents and other data between
the client and server.

URL (Uniform Resource Locator):

A unique identifier used to locate resources, such as HTML pages, on

the internet.

5.2 Understanding URLs

A Uniform Resource Locator (URL) is used to specify the location of a web
resource, such as a webpage, image, or file. URLs help browsers and other
programs locate and retrieve resources on the internet.

URL Structure:

15. Network Services and Applications 9

 1. Protocol (HTTP/HTTPS): Specifies the protocol to use, typically HTTP
or HTTPS.

2. Domain Name: The website’s name (e.g., www.example.com ), which is

translated to an IP address using DNS (Domain Name System).

3. Path: The location of the specific resource on the server (e.g.,

/web/index.html ).

File Extension: Typically .html or .htm for hypertext documents.

For example, the URL www.example.com/web/index.html indicates the use of HTTP,

with example.com as the domain and /web/index.html as the specific file path.

5.3 HTTP Request and Response Process

When you enter a URL in a browser, an HTTP request is sent to the server,
and a series of steps occurs:

Example: Accessing www.servs_app.com/web/index.html

1. DNS Resolution:

The browser sends a request to a DNS server to resolve

www.servs_app.com into its corresponding IP address.

DNS replies with the IP address, allowing the browser to connect

directly to the web server.

2. HTTP Request:

The client (browser) initiates a TCP connection to the server’s IP

address, using port 80 for HTTP (or port 443 for HTTPS).

After the connection is established, the client sends an HTTP

request message to the server, specifying the resource
( /web/index.html ) requested.

3. Server Response:

The server locates the requested file, index.html , on its system.

It then sends an HTTP response back to the client, including the

requested HTML file’s contents and a status code (e.g., 200 OK if
successful).

If the resource is not found, the server sends a 404 Not Found
response.

15. Network Services and Applications 10

 4. Rendering the Webpage:

The client’s browser parses the received HTML document and

processes any additional resources required (e.g., CSS, JavaScript,
images).

The browser then renders and displays the page content to the
user.

5.4 HTTP Message Structure

HTTP communication between the client and server uses structured
messages:

Request messages from the client.

Response messages from the server.

5.5 HTTP Request Message

An HTTP request typically includes:

Request Line:

Specifies the HTTP method (e.g., GET or POST), the resource path, and
the HTTP version (e.g., HTTP/1.1).

Headers:

Additional information such as Host , User-Agent , Accept , and Connection

headers.

Body:

Contains data in the case of methods like POST (not included in a GET
request).

Example:

GET /web/index.html HTTP/1.1

Host: www.servs_app.com
Connection: keep-alive

5.6 HTTP Response Message

An HTTP response from the server includes:

15. Network Services and Applications 11

 Status Line: Contains the HTTP version, a status code (e.g., 200, 404), and
a status message.

Headers: Information about the response, such as Content-Type , Content-

Length , and Server .

Body: The actual content (e.g., HTML) requested by the client.

Example:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 256
Server: Apache

<HTML content here>

5.7 HTTP Status Codes

Understanding HTTP status codes is essential for troubleshooting:

200 OK: The request succeeded, and the server returned the requested
resource.

301 Moved Permanently: The resource has been moved to a new URL, and
clients should update their bookmarks.

404 Not Found: The requested resource is not available on the server.

500 Internal Server Error: A generic error indicating a server-side issue.

6. DNS
Domain Name System (DNS) is a protocol that translates domain names
into IP addresses.

Allowing users to access websites and other network services using easy-
to-remember names instead of numeric IP addresses.

For example, when you type www.example.com in your browser, DNS resolves it
to an IP address that the browser can use to connect to the web server
hosting that domain.

6.1 Why DNS is Needed

15. Network Services and Applications 12

 Human Readability: IP addresses (e.g., 192.0.2.1 ) are challenging to
remember. DNS allows us to use alphanumeric domain names (e.g.,
example.com ) instead.

Scalability: As the internet expanded, managing and updating a central file

for name-to-address mappings (like the original HOSTS.txt ) became
impractical. DNS uses a distributed architecture, allowing multiple servers
to handle different parts of the name-resolution process.

6.2 DNS Components

DNS has three main components that enable the resolution of domain
names:

1. Domain Names: Alphanumeric names representing a website or host

(e.g., example.com ).

2. DNS Server: A server that stores the mappings between domain names
and IP addresses, responding to queries from clients (DNS resolvers).
DNS servers are part of a hierarchical, distributed architecture.

3. DNS Resolver: A client-side application or service that sends DNS

queries to DNS servers to resolve a domain name into an IP address.

DNS uses a distributed architecture, meaning no single server stores all

domain records.

Instead, different servers store portions of the DNS database, which helps
manage and distribute the query load effectively.

6.3 DNS Domain Name Format and Hierarchy

Domain names have a hierarchical structure divided by periods ( . ) into
levels.

Here’s an example format:

hostname.second-level-domain.top-level-domain.root-domain

Example Breakdown: www.example.com.

Root Domain ( . ): The top of the DNS hierarchy, represented by an empty

label or dot.

15. Network Services and Applications 13

 Top-Level Domain (TLD): The next level, such as .com , .org , .net , or
country codes like .us or .uk .

Second-Level Domain: The domain name registered by an organization,

such as example .

Hostname: The specific server or service name within the domain, such as
www (for web servers).

The hierarchical nature of DNS allows it to efficiently distribute

responsibility for domain resolution across various servers.

6.4 DNS Query Modes

When a client (like a browser) needs to resolve a domain name, it sends a
query to a DNS resolver.

If the DNS resolver doesn’t have the requested IP in its cache, it will use
one of the following query methods to resolve the name:

i. Recursive Query
In a recursive query, the DNS server queried by the client takes on the
full responsibility of resolving the domain name.

The DNS server will query other DNS servers on behalf of the client
until it finds the IP address or an error.

Once found, the DNS server returns the result to the client.

Example: A user enters a domain name, and their DNS resolver queries
the local DNS server, which will continue querying other DNS servers if
necessary until it finds the IP address.

ii. Iterative Query

In an iterative query, the DNS server provides the best answer it has. If
it doesn’t know the IP, it will refer the client to another DNS server
closer to the answer.

The client then queries this new DNS server and repeats the process
until it receives the answer.

Example: A DNS resolver might tell the client, “I don’t know the IP, but
try this other DNS server.” The client then sends another query to the
referred DNS server.

15. Network Services and Applications 14

 Key Difference:

Recursive queries require the DNS server to handle the full resolution
process, while iterative queries require the client to query each DNS
server step-by-step until it finds the result.

7. NTP
Accurate time synchronization is essential across various network
applications, especially in enterprise campus networks.

Consistent clocks across network devices ensure proper operation,

coordination, and logging.

Here are some scenarios where time synchronization is crucial:

Network Management: Accurate timestamps in logs help

administrators analyze events, troubleshoot issues, and maintain logs
consistently across multiple devices.

Billing and Charging Systems: Synchronized clocks across billing

systems and devices ensure accurate tracking and charging.

Coordinated System Operations: When multiple systems work together

on complex tasks, they must reference the same time to maintain the
correct sequence of operations.

Incremental Backups: Backups between a backup server and clients

require consistent time to ensure that only recent changes are backed
up.

System Time Tracking: Applications need precise time to log when

users log in and when files are modified.

7.1 Overview of Network Time Protocol (NTP)

Network Time Protocol (NTP) is a protocol designed to synchronize the
clocks of network devices automatically.

It ensures that all devices reference the same accurate time, which
improves the consistency and reliability of the network.

Application Layer Protocol: NTP operates at the application layer within

the TCP/IP suite and synchronizes time across distributed servers and
clients.

15. Network Services and Applications 15

 UDP-Based: NTP uses UDP as its transport layer protocol and operates
over port 123. This lightweight approach minimizes overhead and is
suitable for fast time updates.

Device Roles: Mainstream network devices like access controllers

(ACs), access points (APs), firewalls, routers, switches, and servers
can act as NTP clients. Some devices may also serve as NTP servers,
distributing time to other devices.

7.2 NTP Network Structure and Hierarchical Stratum Model

NTP uses a hierarchical structure with stratum levels to organize time
distribution and maintain accuracy.

7.3 Hierarchical Stratum Model

The stratum indicates the accuracy of a device’s clock, with lower stratum
values indicating higher precision.

The stratum value ranges from 1 to 15, with 1 representing the most
accurate clocks and 15 representing the least accurate (not
synchronized).

7.4 Types of NTP Servers

1. Primary Time Server (Stratum 1)

A stratum-1 server has the highest precision, as it is directly

synchronized with a reference clock.

The reference clock is often synchronized via radio or GPS, making

stratum-1 servers the primary sources of accurate time on the network.

These servers act as the foundation of the NTP hierarchy, providing

precise time to stratum-2 servers and other clients.

2. Secondary Time Server (Stratum 2)

Stratum-2 servers obtain their time from stratum-1 servers or other

stratum-2 servers.

These servers, often part of a Local Area Network (LAN), distribute

time to client devices within their network, ensuring consistency without
requiring a direct connection to a reference clock.

15. Network Services and Applications 16

 Stratum-2 servers can synchronize with multiple servers, improving
redundancy and time accuracy.

3. Lower Stratum Servers (Stratum 3-15)

These servers synchronize their time from higher-stratum servers

(usually stratum-2 servers) and provide time to other clients or devices
within the network.

As the stratum level increases, the accuracy slightly decreases, but it is

still within acceptable ranges for most applications.

7.5 NTP Synchronization Process

The NTP synchronization process consists of several steps to maintain
accuracy across network devices:

1. Initial Time Query:

A client sends an NTP request to an NTP server.

The NTP server responds with a time update based on its clock,
including information such as stratum level and time accuracy.

2. Clock Adjustment:

The client compares the received time with its current clock.

NTP algorithms calculate any offset (time difference) and adjust the
client’s clock accordingly, gradually aligning it with the server’s time.

3. Regular Updates:

NTP clients periodically query NTP servers to maintain time

consistency, compensating for any drift (gradual deviation of the
client’s clock).

This periodic adjustment keeps clocks synchronized over time.

7.6 NTP Security Considerations

While NTP is widely used, it can be vulnerable to certain attacks if not secured.
It is recommended to use authenticated NTP where possible to prevent
unauthorized time updates. Common threats include:

Spoofing Attacks: An attacker could manipulate the time on client devices

by pretending to be a legitimate NTP server.

15. Network Services and Applications 17

 DDoS Reflection Attacks: NTP can be exploited in Distributed Denial-of-
Service attacks due to its UDP-based nature. Rate limiting and access
control lists (ACLs) can mitigate these attacks.

15. Network Services and Applications 18