UNIT-12

Client and Server Interaction

o A client and server networking model is a model in which computers such as
servers provide the network services to the other computers such as clients to
perform a user based tasks. This model is known as client-server networking model.
o The application programs using the client-server model should follow the given
below strategies:

o An application program is known as a client program, running on the local machine

that requests for a service from an application program known as a server program,
running on the remote machine.
o A client program runs only when it requests for a service from the server while the
server program runs all time as it does not know when its service is required.
o A server provides a service for many clients not just for a single client. Therefore, we
can say that client-server follows the many-to-one relationship. Many clients can use
the service of one server.
o Services are required frequently, and many users have a specific client-server
application program. For example, the client-server application program allows the
user to access the files, send e-mail, and so on. If the services are more customized,
then we should have one generic application program that allows the user to access
the services available on the remote computer.
Client
A client is a program that runs on the local machine requesting service from the server. A
client program is a finite program means that the service started by the user and
terminates when the service is completed.
Server
A server is a program that runs on the remote machine providing services to the clients.
When the client requests for a service, then the server opens the door for the incoming
requests, but it never initiates the service.
A server program is an infinite program means that when it starts, it runs infinitely unless
the problem arises. The server waits for the incoming requests from the clients. When the
request arrives at the server, then it responds to the request.
Advantages of Client-server networks:
o Centralized: Centralized back-up is possible in client-server networks, i.e., all the
data is stored in a server.
o Security: These networks are more secure as all the shared resources are centrally
administered.
o Performance: The use of the dedicated server increases the speed of sharing
resources. This increases the performance of the overall system.
o Scalability: We can increase the number of clients and servers separately, i.e., the
new element can be added, or we can add a new node in a network at any time.
 Disadvantages of Client-Server network:
o Traffic Congestion is a big problem in Client/Server networks. When a large
number of clients send requests to the same server may cause the problem of Traffic
congestion.
o It does not have a robustness of a network, i.e., when the server is down, then the
client requests cannot be met.
o A client/server network is very decisive. Sometimes, regular computer hardware
does not serve a certain number of clients. In such situations, specific hardware is
required at the server side to complete the work.
o Sometimes the resources exist in the server but may not exist in the client. For
example, If the application is web, then we cannot take the print out directly on
printers without taking out the print view window on the web.

What is URI?

A URI or Uniform Resource Identifier is a string identifier that refers to a resource on the
internet. It is a string of characters that is used to identify any resource on
the internet using location, name, or both.

A URI has two subsets; URL (Uniform Resource Locator) and URN (Uniform Resource
Number). If it contains only a name, it means it is not a URL. Instead of directly URI, we
mostly see the URL and URN in the real world.

A URI contains scheme, authority, path, query, and a fragment. Some most common URI
schemes are HTTP, HTTPs, ftp, Idap, telnet, etc.

Syntax of URI

The Syntax of URI is given below:

1. scheme:[//authority]path[?query][#fragment]

o Scheme: The first component of URI is scheme that contain a sequence of characters
that can be any combination of letter, digit, plus sign, or hyphen (_), which is
followed by a colon (:). The popular schemes are http, file, ftp, data, and irc. The
schemes should be registered with IANA.
o Authority: The authority component is optional and preceded by two slashes (//).
It contains three sub-components:
o userinfo: It may contain a username and an optional password separated by
a colon. The sub-component is followed by the @ symbol.
 o host: It contains either a registered name or an IP address. The IP address
must be enclosed within [] brackets.
o Port: Optional
o Path: It consists of a sequence of path segments separated by a slash(/). The URI
always specifies it; however, the specified path may be empty or of 0 lengths.
o Query: It is an optional component, which is preceded by a question mark(?). It
contains a query string of non-hierarchical data.
o Fragment: It is also an optional component, preceded by a hash(#) symbol. It
consists of a fragment identifier that provides direction to a secondary resource.
o What is the URL?
o A URL or Uniform Resource Locator is used to find the location of the resource on
the web. It is a reference for a resource and a way to access that resource. A URL
always shows a unique resource, and it can be an HTML page, a CSS document, an
image, etc.
o A URL uses a protocol for accessing the resource, which can be HTTP, HTTPS, FTP,
etc.
o It is mainly referred to as the address of the website, which a user can find in their
address bars. An example of an URL is given below:
o

Syntax of URL

Each HTTP URL follow the syntax of its generic URI. Hence the syntax of the URL is also
similar to the syntax of URI. It is given below:

1. scheme:[//authority]path[?query][#fragment]

The above URL is made up of the following components:

o Scheme: The URL's first component is a scheme, which represents a protocol that a
browser must need to use to request the resource. The commonly used protocols for
websites are HTTP or HTTPS.
 o Authority: The authority includes two sub-components, domain name and Port,
separated by a colon. The domain name can be anything, the registered name of the
resource like javatpoint.com, and port is the technical gate to access the resource
on a webserver. The port number 80 is used for HTTP and 443 is used for HTTPS.
o Path: The path indicates the complete path to the resource on the webserver. It can
be like /software/htp/index.html.
o Query String: It is the string that contains the name and value pair. If it is used in a
URL, it follows the path component and gives the information. Such as "?
key1=value1&key2=value2".
o Fragment: It is also an optional component, preceded by a hash(#) symbol. It
consists of a fragment identifier that provides direction to a secondary resource.

Key differences between URI and URL

o URI contains both URL and URN to identify the name and location or both of a
resource; in contrast, URL is a subset of URI and only identifies the location of the
resource.
o The example of URI is urn:isbn:0-476-27557-4, whereas the example of URL,
is https://google.com.
o The URI can be used to find resources in HTML, XML, and other files also, whereas,
URL can only be used to locate a web page.
o Each URL can be a URI, whereas all URIs cannot always be URLs.

Difference chart between URI and URL

URI URL

URI is an acronym for Uniform Resource URL is an acronym for Uniform Resource
Identifier. Locator.

URI contains two subsets, URN, which tell the URL is the subset of URI, which tells the
name, and URL, which tells the location. only location of the resource.

All URIs cannot be URLs, as they can tell either All URLs are URIs, as every URL can only
name or location. contain the location.

A URI aims to identify a resource and A URL aims to find the location or
differentiate it from other resources by using address of a resource on the web.
the name of the resource or location of the
resource.

An example of a URI can be ISBN 0-486-35557- An example of an URL is

4. https://www.javatpoint.com.
 It is commonly used in XML and tag library files It is mainly used to search the webpages
such as JSTL and XSTL to identify the resources on the internet.
and binaries.

The URI scheme can be protocol, designation, The scheme of URL is usually a protocol
specification, or anything. such as HTTP, HTTPS, FTP, etc.

The four layers of the TCP/IP model are as follows:

1. Datalink layer: The datalink layer defines how data should be sent, handles the physical
act of sending and receiving data, and is responsible for transmitting data between
applications or devices on a network. This includes defining how data should be signaled
by hardware and other transmission devices on a network, such as a computer’s device
driver, an Ethernet cable, a network interface card (NIC), or a wireless network. It is also
referred to as the link layer, network access layer, network interface layer, or physical layer
and is the combination of the physical and data link layers of the Open Systems
Interconnection (OSI) model, which standardizes communications functions on computing
and telecommunications systems.
2. Internet layer: The internet layer is responsible for sending packets from a network and
controlling their movement across a network to ensure they reach their destination. It
provides the functions and procedures for transferring data sequences between
applications and devices across networks.
3. Transport layer: The transport layer is responsible for providing a solid and reliable data
connection between the original application or device and its intended destination. This is
the level where data is divided into packets and numbered to create a sequence. The
transport layer then determines how much data must be sent, where it should be sent to,
and at what rate. It ensures that data packets are sent without errors and in sequence and
obtains the acknowledgment that the destination device has received the data packets.
4. Application layer: The application layer refers to programs that need TCP/IP to help them
communicate with each other. This is the level that users typically interact with, such as
email systems and messaging platforms. It combines the session, presentation, and
application layers of the OSI model.
What is the TCP?
The TCP stands for Transmission Control Protocol. If we want the communication
between two computers and communication should be good and reliable. For example, we
want to view a web page, then we expect that nothing should be missing on the page, or we
want to download a file, then we require a complete file, i.e., nothing should be missing
either it could be a text or an image. This can only be possible due to the TCP. It is one of
the most widely used protocols over the TCP/IP
network.
Features of TCP
The following are the features of the TCP:
o Data delivery
TCP protocol ensures that the data is received correctly, no data is missing and in
order. If TCP protocol is not used, then the incorrect data can be received or out of
order. For example, if we try to view the web page or download a file without using
TCP, then some data or images could be missing.
o Protocol
TCP is a connection-oriented protocol. Through the word connection-oriented, we
understand that the computers first establish a connection and then do the
communication. This is done by using a three-way handshake. In a three-way
 handshake, the first sender sends the SYN message to the receiver then the
receiver sends back the SYN ACK message to confirm that the message has been
received. After receiving the SYN ACK message, the sender sends the
acknowledgment message to the receiver. In this way, the connection is established
between the computers. Once the connection is established, the data will be
delivered. This protocol guarantees the data delivery means that if the data is not
received then the TCP will resend the data.

What is UDP?
The UDP stands for User Datagram Protocol. Its working is similar to the TCP as it is also
used for sending and receiving the message. The main difference is that UDP is a
connectionless protocol. Here, connectionless means that no connection establishes prior
to communication. It also does not guarantee the delivery of data packets. It does not even
care whether the data has been received on the receiver's end or not, so it is also known as
the "fire-and-forget" protocol. It is also known as the "fire-and-forget" protocol as it sends
the data and does not care whether the data is received or not. UDP is faster than TCP as it
does not provide the assurance for the delivery of the packets.

Differences between the TCP and UDP

o Type of protocol
Both the protocols, i.e., TCP and UDP, are the transport layer protocol. TCP is a
connection-oriented protocol, whereas UDP is a connectionless protocol. It means
that TCP requires connection prior to the communication, but the UDP does not
require any connection.
o Reliability
TCP is a reliable protocol as it provides assurance for the delivery of the data. It
follows the acknowledgment mechanism. In this mechanism, the sender receives the
acknowledgment from the receiver and checks whether the acknowledgment is
positive or negative. If the ACK is positive means, the data has been received
successfully. If ACK is negative, then TCP will resend the data. It also follows the
flow and error control mechanism.
UDP is an unreliable protocol as it does not ensure the delivery of the data.
o Flow Control
TCP follows the flow control mechanism that ensures a large number of packets are
not sent to the receiver at the same time, while UDP does not follow the flow control
mechanism.
o Ordering
TCP uses ordering and sequencing techniques to ensure that the data packets are
 received in the same order in which they are sent. On the other hand, UDP does not
follow any ordering and sequencing technique; i.e., data can be sent in any sequence.
o Speed
Since TCP establishes a connection between a sender and receiver, performs error
checking, and also guarantees the delivery of data packets while UDP neither creates
a connection nor it guarantees the delivery of data packets, so UDP is faster than
TCP.
o Flow of data
In TCP, data can flow in both directions means that it provides the full-duplex
service. On the other hand, UDP is mainly suitable for the unidirectional flow of data.
Let's look at the differences between the TCP and UDP in a tabular form.
TCP UDP

Full form It stands for Transmission Control It stands for User Datagram
Protocol. Protocol.

Type of It is a connection-oriented protocol, It is a connectionless protocol,

connection which means that the connection which means that it sends the data
needs to be established before the without checking whether the
data is transmitted over the network. system is ready to receive or not.

Reliable TCP is a reliable protocol as it UDP is an unreliable protocol as it

provides assurance for the delivery does not take the guarantee for the
of data packets. delivery of packets.

Speed TCP is slower than UDP as it UDP is faster than TCP as it does
performs error checking, flow not guarantee the delivery of data
control, and provides assurance for packets.
the delivery of

Header size The size of TCP is 20 bytes. The size of the UDP is 8 bytes.

Acknowledgment TCP uses the three-way-handshake
concept. In this concept, if the sender
receives the ACK, then the sender
will send the data. TCP also has the
ability to resend the lost data.
UDP does not wait for any
acknowledgment; it just sends the
data.

Flow control It follows the flow control This protocol follows no such
mechanism mechanism in which too many mechanism.
packets cannot be sent to the
receiver at the same time.

Error checking TCP performs error checking by It does not perform any error
using a checksum. When the data is checking, and also does not resend
corrected, then the data is the lost data packets.
retransmitted to the receiver.

Applications This protocol is mainly used where a This protocol is used where fast
secure and reliable communication communication is required and
process is required, like military does not care about the reliability
 services, web browsing, and e-mail. like VoIP, game streaming, video
and music streaming, etc.

Multiplexing Using TCP Port Numbers

Port Number Protocol Application

20 TCP FTP data
21 TCP FTP control
23 TCP Telnet
25 TCP SMTP
53 UDP, TCP DNS
67, 68 UDP DHCP
69 UDP TFTP
80 TCP HTTP (WWW)
110 TCP POP3
161 UDP SNMP

Multiplexing and Demultiplexing using port numbers

Transport Layer protocols (TCP and UDP) are responsible for supporting multiple network
applications at the same instance and these applications can send and receive network data
simultaneously. Transport Layer Protocols are capable of doing this by making use of
application level addressing, known as port numbers. The data from different applications
operating on a network device are multiplexed at the sending device using port numbers
and demultiplexed at the receiving device, again using port numbers.
TCP UDP Port Numbers
The two 16 bit fields in the TCP Header, Source port and Destination port identifies the
port number which the application is listening at the sending device and receiving device.
Since port number is a 16 bit number, the maximum possible value is 65535 ((2^16)-1).
The port numbers are divided into three ranges.
 The Well Known Ports are those in the range 0 – 1023. The Well Known Ports are
assigned by the IANA for major protocols.
 The Registered Ports are those in the range 1024 – 49151.
 The Private Ports are those in the range 49152 – 65535.

Port Number Description

1 TCP Port Service Multiplexer (TCPMUX)
5 Remote Job Entry (RJE)
7 ECHO
18 Message Send Protocol (MSP)
20 FTP – Data
21 FTP – Control
22 SSH Remote Login Protocol
23 Telnet
25 Simple Mail Transfer Protocol (SMTP)
29 MSG ICP
37 Time
42 Host Name Server (Nameserv)
43 WhoIs
49 Login Host Protocol (Login)
53 Domain Name System (DNS)
69 Trivial File Transfer Protocol (TFTP)
70 Gopher Services
79 Finger
80 HTTP
103 X.400 Standard
108 SNA Gateway Access Server
109 POP2
110 POP3
115 Simple File Transfer Protocol (SFTP)
118 SQL Services
119 Newsgroup (NNTP)
137 NetBIOS Name Service
139 NetBIOS Datagram Service
143 Interim Mail Access Protocol (IMAP)
150 NetBIOS Session Service
156 SQL Server
161 SNMP
179 Border Gateway Protocol (BGP)
190 Gateway Access Control Protocol (GACP)
194 Internet Relay Chat (IRC)
197 Directory Location Service (DLS)
389 Lightweight Directory Access Protocol (LDAP)
396 Novell Netware over IP
443 HTTPS
444 Simple Network Paging Protocol (SNPP)
445 Microsoft-DS
458 Apple QuickTime
546 DHCP Client
547 DHCP Server
563 SNEWS
569 MSN
1080 Socks

Popular TCP/IP Applications

The World Wide Web (WWW) application exists through web browsers accessing the
content available on web servers. Although it’s often thought of as an end-user application,
you’ll actually use WWW to manage a router or switch. You enable an internet server
function within the router or switch and use a browser to access the router or switch. The
domain name System (DNS) allows users to use names to ask computers, with
DNS getting used to seek out the corresponding IP addresses. DNS also uses a client/server
model, with DNS servers being controlled by networking personnel and DNS client
functions being part of most any device that uses TCP/IP today. The client simply asks
the DNS server to provide the IP address that corresponds to a given name. Simple
Network Management Protocol (SNMP) is an application layer protocol used specifically
for network device management. for instance , Cisco supplies a large sort of network
management products, many of them within the Cisco Prime network management
software package family. they will be wont to query, compile, store, and display
information about a network’s operation. to question the network devices, Cisco Prime
software mainly uses SNMP protocols. Traditionally, to maneuver files to and from a router
or switch, Cisco used Trivial File Transfer Protocol (TFTP) . TFTP defines a protocol for
basic file transfer—hence the word trivial. Alternatively, routers and switches can use File
Transfer Protocol (FTP), which may be a far more functional protocol, to transfer files.
Both work well for moving files into and out of Cisco devices. FTP allows more features,
making it an honest choice for the overall end-user population. TFTP client and server
applications are very simple, making them good tools as embedded parts of networking
devices.

Some of these applications use TCP, and a few use UDP. for instance , Simple Mail
Transfer Protocol (SMTP) and Post Office Protocol version 3 (POP3), both used for
transferring mail, require guaranteed delivery, in order that they use TCP. no matter which
transport layer protocol is employed , applications use a well known port number in order
that clients know which port to aim to attach to. Table 5-3 lists several popular applications
and their well-known port numbers.

Connection Establishment and Termination

TCP connection establishment occurs before any of the opposite TCP features can begin
their work. Connection establishment refers to the method of initializing Sequence and
Acknowledgment fields and agreeing on the port numbers used. Figure 5-5 shows an
example of connection establishment flow.
This three-way connection establishment flow (also called a three-way handshake) must
complete before data transfer can begin. The connection exists between the 2 sockets,
although the TCP header has no single socket field. Of the three parts of a socket, the IP
addresses are implied based on the source and destination IP addresses within the IP
header. TCP is implied because a TCP header is in use, as specified by the protocol field
value within the IP header. Therefore, the only parts of the socket that require to be
encoded within the TCP header are the port numbers. TCP signals connection
establishment using 2 bits inside the flag fields of the TCP header. Called the SYN and ACK
flags, these bits have a very interesting meaning. SYN means “synchronize the sequence
numbers,” which is one necessary component in initialization for TCP. Figure 5-6 shows
TCP connection termination. This four-way termination sequence is simple and uses a
further flag, called the FIN bit. (FIN is short for “finished,” as you would possibly guess.)

TCP establishes and terminates connections between the endpoints, whereas UDP doesn’t .
Many protocols operate under these same concepts, therefore the terms connection-
oriented and connectionless are wont to ask the overall idea of every . More formally, these
terms are often defined as follows :
 Connection-oriented protocol: A protocol that needs an exchange of messages
before data transfer begins, or that features a required pre-established correlation
between two endpoints.
 Connectionless protocol: A protocol that doesn’t require an exchange of messages
which doesn’t require a pre-established correlation between two endpoints.

User Datagram Protocol (UDP)?

User Datagram Protocol (UDP) is a communications protocol that is primarily used to
establish low-latency and loss-tolerating connections between applications on the internet.

UDP speeds up transmissions by enabling the transfer of data before an agreement is

provided by the receiving party. As a result, UDP is beneficial in time-sensitive
communications, including voice over IP (VoIP), domain name system (DNS) lookup, and
video or audio playback.

UDP is an alternative to Transmission Control Protocol (TCP). Both UDP and TCP run on
top of IP and are sometimes referred to as UDP/IP or TCP/IP. However, there are
important differences between the two. For example, UDP enables process-to-process
communication, while TCP supports host-to-host communication.

TCP sends individual packets and is considered a reliable transport medium. On the other
hand, UDP sends messages, called datagrams, and is considered a best-effort mode of
communications. This means UDP doesn't provide any guarantees that the data will be
delivered or offer special features to retransmit lost or corrupted messages.

UDP provides two services not provided by the IP layer. It provides port numbers to help
distinguish different user requests. It also provides an optional checksum capability to
verify that the data arrived intact.

User Datagram Protocol features

User Datagram Protocol has attributes that make it beneficial for use with applications that
can tolerate lost data. Below are some examples:

 It allows packets to be dropped and received in a different order than they were
transmitted, making it suitable for real-time applications where latency might be a
concern.
 It can be used for transaction-based protocols, such as DNS or Network Time Protocol
(NTP).
 It can be used where a large number of clients are connected and where real-time error
correction isn't necessary, such as gaming, voice or video conferencing, and streaming
media.
UDP header composition
UDP uses headers when packaging message data to transfer over network connections.
UDP headers contain a set of parameters -- called fields -- defined by the technical
specifications of the protocol.

The User Datagram Protocol header has four fields, each of which is 2 bytes. They are the
following:

 source port number, which is the number of the sender;

 destination port number, the port to which the datagram is addressed;
 length, the length in bytes of the UDP header and any encapsulated data; and
 checksum, which is used in error checking -- its use is required in IPv6 and optional
in IPv4.
How UDP works
UDP uses IP to get a datagram from one computer to another. UDP works by gathering data
in a UDP packet and adding its own header information to the packet. This data consists of
the source and destination ports on which to communicate, the packet length and a
checksum. After UDP packets are encapsulated in an IP packet, they're sent off to their
destinations.

Unlike TCP, UDP doesn't guarantee the packets will get to the right destinations. This
means UDP doesn't connect to the receiving computer directly, which TCP does. Rather, it
sends the data out and relies on the devices in between the sending and receiving
computers to correctly get the data where it's supposed to go.

Most applications wait for any replies they expect to receive as a result of packets sent
using UDP. If an application doesn't receive a reply within a certain time frame, the
application sends the packet again, or it stops trying.

UDP uses a simple transmission model that doesn't include handshaking dialogues to
provide reliability, ordering or data integrity. Consequently, UDP's service is unreliable.
Packets may arrive out of order, appear to have duplicates or disappear without warning.

Although this transmission method doesn't guarantee that the data being sent will reach its
destination, it does have low overhead and is popular for services that don't absolutely
have to work the first time.

Applications of UDP
Lossless data transmission
UDP can be used in applications that require lossless data transmission. For example, an
application that is configured to manage the process of retransmitting lost packets and
correctly arrange received packets might use UDP. This approach can help to improve the
data transfer rate of large files compared to TCP.

In the Open Systems Interconnection (OSI) communication model, UDP is in Layer 4, the
transport layer. UDP works in conjunction with higher-level protocols to help manage data
transmission services, including Trivial File Transfer Protocol (TFTP), Real Time Streaming
Protocol (RTSP) and Simple Network Management Protocol (SNMP).
Gaming, voice and video
UDP is an ideal protocol for network applications in which perceived latency is critical,
such as in gaming, voice and video communications. These examples can suffer some data
loss without adversely affecting perceived quality. In some cases, however, forward error
correction techniques are used in addition to UDP to improve audio and video quality,
despite some loss.
Services that don't need fixed packet transmission
UDP can also be used for applications that depend on the reliable exchange of information
but should have their own methods to answer packets. These services are advantageous
because they're not bound to fixed patterns to guarantee the completeness and correctness
of the data packets sent. Users can decide how and when to respond to information that's
not correct or sorted.
Multicasting and routing update protocols
UDP can also be used for multicasting because it supports packet switching. In addition,
UDP is used for some routing update protocols, such as Routing Information Protocol (RIP).
Fast applications
UDP can be used in applications where speed rather than reliability is critical. For instance, it
might be prudent to use UDP in an application sending data from a fast acquisition where it's
OK to lose some data points.
UDP characteristics include the following:
 It is a connectionless protocol.
 It is used for VoIP, video streaming, gaming and live broadcasts.
 It is faster and needs fewer resources.
 The packets don't necessarily arrive in order.
 It allows missing packets -- the sender is unable to know whether a packet has been
received.
 It is better suited for applications that need fast, efficient transmission, such as games.

Port Numbers : TCP and UDP

Transport
PORT Service Description Protocol

Port just echoes whatever is sent to it.

This feature can be used in many attacks, TCP and
7 Echo such as Smurf/Fraggle. UDP

File Transfer Port used by FTP protocol to send data to

20 /21 Protocol (FTP) the client TCP

Used as secure replacement protocol for TCP and

22 Secure Shell (SSH) Telnet UDP

Port used by Telnet to remotely connect

23 Telnet to a workstation or server(unsecured) TCP

Simple Mail Transfer

25 Protocol (SMTP) Used to send E-Mail over internet TCP
 Transport
PORT Service Description Protocol

Domain Name Port for DNS requests, network routing, TCP and
53 System (DNS) and zone transfers UDP

Dynamic Host
Configuration Used on networks that do not use static
67 /68 Protocol (DHCP) IP address assignment. UDP

Hypertext Transfer Used for browsing web-pages on a

80 Protocol (HTTP) browser TCP

Post Office Protocol Port used to retrieve complete contents

110 (POP3) of a server mailbox TCP

Internet Message Internet Message Access Protocol

Access Protocol (IMAP4) is a new protocol to read an TCP and
143 (IMAP4) email with a wider range of operations UDP

allows communication in form of text

between multiple parties, one or more
Internet Relay Chat clients can connect to a centralized TCP and
194 Protocol(IRC) server. UDP

HTTP with Secure TCP and

443 Sockets Layer (SSL) Port used for secure web traffic UDP

Remote Desktop Port used by remote desktop to remotely TCP and

3389 Protocol(RDP) manage other windows system UDP

Socket Pairs: Connection Identification

So, the exchange of data between a pair of devices consists of a series of messages sent
from a socket on one device to a socket on the other. Each device will normally have
multiple such simultaneous conversations going on. In the case of TCP, a connection is
established for each pair of devices for the duration of the communication session. These
connections must be managed, and this requires that they be uniquely identified. This is
done using the pair of socket identifiers for each of the two devices that are connected.

Let's return to the example we used in the previous topic (Figure 199). We are sending an
HTTP request from our client at 177.41.72.6 to the Web site at 41.199.222.3. The server for
that Web site will use well-known port number 80, so its socket is 41.199.222.3:80, as we
saw before. We have been ephemeral port number 3,022 for our Web browser, so the client
socket is 177.41.72.6:3022. The overall connection between these devices can be described
using this socket pair:
(41.199.222.3:80, 177.41.72.6:3022)
Unlike TCP, UDP is a connectionless protocol, so it obviously doesn't use connections. The
pair of sockets on the sending and receiving devices can still be used to identify the two
processes exchanging data, but since there are no connections the socket pair doesn't have
the significance that it does in TCP.

netstat Command
The netstat command generates displays that show network status and protocol statistics.
You can display the status of TCP and UDP endpoints in table format, routing table
information, and interface information.
netstat displays various types of network data depending on the command line option
selected. These displays are the most useful for system administration. The syntax for this
form is:
netstat [-m] [-n] [-s] [-i | -r] [-f address_family]
The most frequently used options for determining network status are: s, r, and i. See
the netstat(1M) man page for a description of the options.

 Application Layer Services

Application Layer
The application layer in the OSI model is the closest layer to the end user which means that
the application layer and end user can interact directly with the software application. The
application layer programs are based on client and servers.

The Application layer includes the following functions:

o Identifying communication partners: The application layer identifies the
availability of communication partners for an application with data to transmit.
o Determining resource availability: The application layer determines whether
sufficient network resources are available for the requested communication.
o Synchronizing communication: All the communications occur between the
applications requires cooperation which is managed by an application layer.

 Common Network Application Services

o Network Virtual terminal: An application layer allows a user to log on to a remote
host. To do so, the application creates a software emulation of a terminal at the
remote host. The user's computer talks to the software terminal, which in turn, talks
to the host. The remote host thinks that it is communicating with one of its own
terminals, so it allows the user to log on.
o File Transfer, Access, and Management (FTAM): An application allows a user to
access files in a remote computer, to retrieve files from a computer and to manage
files in a remote computer. FTAM defines a hierarchical virtual file in terms of file
structure, file attributes and the kind of operations performed on the files and their
attributes.
o Addressing: To obtain communication between client and server, there is a need
for addressing. When a client made a request to the server, the request contains the
server address and its own address. The server response to the client request, the
request contains the destination address, i.e., client address. To achieve this kind of
addressing, DNS is used.
o Mail Services: An application layer provides Email forwarding and storage.
o Directory Services: An application contains a distributed database that provides
access for global information about various objects and services.
Authentication: It authenticates the sender or receiver's message or both.
  Domain Name System
An application layer protocol defines how the application processes running on different
systems, pass the messages to each other.
o DNS stands for Domain Name System.
o DNS is a directory service that provides a mapping between the name of a host on
the network and its numerical address.
o DNS is required for the functioning of the internet.
o Each node in a tree has a domain name, and a full domain name is a sequence of
symbols specified by dots.
o DNS is a service that translates the domain name into IP addresses. This allows the
users of networks to utilize user-friendly names when looking for other hosts
instead of remembering the IP addresses.
o For example, suppose the FTP site at EduSoft had an IP address of 132.147.165.50,
most people would reach this site by specifying ftp.EduSoft.com. Therefore, the
domain name is more reliable than IP address.

DNS is a TCP/IP protocol used on different platforms. The domain name space is divided
into three different sections: generic domains, country domains, and inverse domain.

Generic Domains
o It defines the registered hosts according to their generic behavior.
o Each node in a tree defines the domain name, which is an index to the DNS database.
o It uses three-character labels, and these labels describe the organization type.

Label Description

aero Airlines and aerospace companies

biz Businesses or firms

com Commercial Organizations

coop Cooperative business Organizations

edu Educational institutions

gov Government institutions

info Information service providers

int International Organizations

 mil Military groups

museum Museum & other nonprofit organizations

name Personal names

net Network Support centers

org Nonprofit Organizations

pro Professional individual Organizations

Country Domain
The format of country domain is same as a generic domain, but it uses two-character
country abbreviations (e.g., us for the United States) in place of three character
organizational abbreviations.

Inverse Domain
The inverse domain is used for mapping an address to a name. When the server has
received a request from the client, and the server contains the files of only authorized
clients. To determine whether the client is on the authorized list or not, it sends a query to
the DNS server and ask for mapping an address to the name.

Working of DNS
o DNS is a client/server network communication protocol. DNS clients send requests
to the. server while DNS servers send responses to the client.
o Client requests contain a name which is converted into an IP address known as a
forward DNS lookups while requests containing an IP address which is converted
into a name known as reverse DNS lookups.
o DNS implements a distributed database to store the name of all the hosts available
on the internet.
o If a client like a web browser sends a request containing a hostname, then a piece of
software such as DNS resolver sends a request to the DNS server to obtain the IP
address of a hostname. If DNS server does not contain the IP address associated
with a hostname, then it forwards the request to another DNS server. If IP address
has arrived at the resolver, which in turn completes the request over the internet
protocol.

 Domain Name Translation

 Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain
names to IP addresses so browsers can load Internet resources. Each device connected to
the Internet has a unique IP address which other machines use to find the device.

 DNS server
A DNS server is a computer server that contains a database of public IP addresses and
their associated hostnames, and in most cases serves to resolve, or translate, those
names to IP addresses as requested. DNS servers run special software and communicate
with each other using special protocols.

The Purpose of DNS Servers

It's easier to remember a domain or hostname like lifewire.com than it is to remember

the site's IP address numbers 151.101.2.114. So when you access a website, like
Lifewire, all you have to type is the URL https://www.lifewire.com.

However, computers and network devices don't work well with domain names when
trying to locate each other on the internet. It's far more efficient and precise to use an IP
address, which is the numerical representation of what server in the network (internet)
the website resides on.

How DNS Servers Resolve a DNS Query

When you type a website address into your browsers address bar and press Enter, a DNS
server goes to work to find the address that you want to visit. It does this by sending a
DNS query to several servers, each of which translates a different part of the domain
name you entered. The different servers queried are:

 A DNS Resolver: Receives the request to resolve the domain name with the IP
address. This server does the grunt work in figuring out where the site you want
to go actually resides on the internet.
 A Root Server: The root server receives the first request, and returns a result to
let the DNS resolver know what the address of the Top Level Domain (TLD)
server that stores the information about the site. A top level domain is the
equivalent of the .com or .net portion of the domain name you entered into the
address bar.
 A TLD Server: The DNS resolver then queries this server, which will return the
Authoritative Name Server where the site is actually returned.
 An Authoritative Name Server: Finally, the DNS resolver queries this server to
learn the actual IP address of the website you're trying to deliver.

Once the IP address is returned, the website you wanted to visit is then displayed in your
web browser.

It sounds like a lot of back and forth, and it is, but it all happens very quickly with little
delay in returning the site you want to visit.

The process described above happens the first time you visit a site. If you visit the same site
again, before the cache on your web browser is cleared, there's no need to go through all
these steps. Instead, the web browser will pull the information from the cache to serve
the website to your browser ever faster.
 Primary and Secondary DNS Servers

In most cases, a primary and a secondary DNS server are configured on your router or
computer when you connect to your internet service provider . There are two DNS
servers in case one of them happens to fail, in which case the second is used to resolve
hostnames you enter.

Several publicly accessible DNS servers are available for you to use. If you want to change the
DNS servers your network connects to, see our Free & Public DNS Servers List for an up-
to-date listing, and How Do I Change DNS Servers? .

Why You Might Change Your DNS Server Settings

Some DNS servers can provide faster access times than others. This is often a function of
how close you are to those servers. If your ISP's DNS servers are closer to you than
Google's, for example, you may find domain names are resolved quicker using the default
servers from your ISP than with an external server.

If you experience connection problems where it seems no websites will load, it's possible
there's an error with the DNS server. If the DNS server isn't able to find the correct IP
address that's associated with the hostname you enter, the website can't be located and
loaded.

A computer or device, including smartphones and tablets, connected to your router can use a
different set of DNS servers to resolve internet addresses. These will supersede those
configured on your router and will be used instead.

How to Obtain Internet Server Information

The nslookup command is used to query your DNS server on Windows PCs.

Start by opening the Command Prompt tool and then typing the following:

nslookup lifewire.com

This command should return something like this:

Name: lifewire.com
Addresses: 151.101.2.114
151.101.66.114
151.101.130.114
151.101.194.114
In the example above, the nslookup command tells you the IP address, or several IP
addresses in this case, that the lifewire.com address translates to.
DNS Root Servers
There are 13 important DNS root servers on the internet that store a complete database
of domain names and their associated public IP addresses. These top-tier DNS servers
are named A through M for the first 13 letters of the alphabet. Ten of these servers are in
the US, one in London, one in Stockholm, and one in Japan.
The Internet Assigned Numbers Authority (IANA) keeps this list of DNS root servers if
you're interested.
Malware Attacks That Change DNS Server Settings
Malware attacks against DNS servers are not at all uncommon. Always run an antivirus
program because malware can attack your computer in a way that changes the DNS
server settings.

For example, if your computer uses Google's DNS servers (8.8.8.8 and 8.8.4.4) and you
open your bank's website, you naturally expect that when you enter its familiar URL,
you'll be sent to the bank's website.

Protecting Yourself From DNS Attacks

There are two things you should do to avoid becoming a victim of a DNS settings attack.
The first is to install antivirus software so that malicious programs are caught before
they can do any damage.
The second is to pay close attention to the appearance of important websites you visit
regularly. If you visit one and the site looks off in some way—maybe the images are all
different or the site's colors have changed, or menus don't look right, or you find
misspellings (hackers can be dreadful spellers)—or you get an "invalid certificate"
message in your browser, it might be a sign that you're on a faked website.

How DNS Redirection Can Be Positively Used

This ability to redirect traffic can be used for positive purposes. For
example, OpenDNS can redirect traffic to adult websites, gambling websites, social media
websites, or other sites network administrators or organizations don't want their users
visiting. Instead, they may be sent to a page with a "Blocked" message.

 HTTP

o HTTP stands for HyperText Transfer Protocol.

o It is a protocol used to access the data on the World Wide Web (www).
o The HTTP protocol can be used to transfer the data in the form of plain text,
hypertext, audio, video, and so on.
o This protocol is known as HyperText Transfer Protocol because of its efficiency that
allows us to use in a hypertext environment where there are rapid jumps from one
document to another document.
o HTTP is similar to the FTP as it also transfers the files from one host to another host.
But, HTTP is simpler than FTP as HTTP uses only one connection, i.e., no control
connection to transfer the files.
o HTTP is used to carry the data in the form of MIME-like format.
o HTTP is similar to SMTP as the data is transferred between client and server. The
HTTP differs from the SMTP in the way the messages are sent from the client to the
server and from server to the client. SMTP messages are stored and forwarded
while HTTP messages are delivered immediately.
Features of HTTP:

o Connectionless protocol: HTTP is a connectionless protocol. HTTP client initiates a

request and waits for a response from the server. When the server receives the
request, the server processes the request and sends back the response to the HTTP
client after which the client disconnects the connection. The connection between
client and server exist only during the current request and response time only.
o Media independent: HTTP protocol is a media independent as data can be sent as
long as both the client and server know how to handle the data content. It is
required for both the client and server to specify the content type in MIME-type
header.
o Stateless: HTTP is a stateless protocol as both the client and server know each
other only during the current request. Due to this nature of the protocol, both the
client and server do not retain the information between various requests of the web
pages.

HTTP Transactions

The above figure shows the HTTP transaction between client and server. The client
initiates a transaction by sending a request message to the server. The server replies to the
request message by sending a response message.

Messages

HTTP messages are of two types: request and response. Both the message types follow the
same message format.

Request Message: The request message is sent by the client that consists of a request line,
headers, and sometimes a body.
Response Message: The response message is sent by the server to the client that consists
of a status line, headers, and sometimes a body.

Uniform Resource Locator (URL)

o A client that wants to access the document in an internet needs an address and to
facilitate the access of documents, the HTTP uses the concept of Uniform Resource
Locator (URL).
o The Uniform Resource Locator (URL) is a standard way of specifying any kind of
information on the internet.
o The URL defines four parts: method, host computer, port, and path.

o Method: The method is the protocol used to retrieve the document from a server.
For example, HTTP.
o Host: The host is the computer where the information is stored, and the computer is
given an alias name. Web pages are mainly stored in the computers and the
computers are given an alias name that begins with the characters "www". This field
is not mandatory.
o Port: The URL can also contain the port number of the server, but it's an optional
field. If the port number is included, then it must come between the host and path
and it should be separated from the host by a colon.
o Path: Path is the pathname of the file where the information is stored. The path
itself contain slashes that separate the directories from the subdirectories and files.
 Web Clients and server

Based on Client Server

Basic Client relies on the services of Server authorizes the client's

functionality server, and generates requests for requests and facilitates them with
various services. the requested services.

Configuration The configuration of client systems The configuration of the server is

is simple. Their tasks are limited to more complex and sophisticated.
generating requests. It has a basic Server has advanced hardware
hardware configuration. configuration.

Efficiency The efficiency of client is limited. The performance of server is high,

and they are highly efficient.

Tasks The common tasks for client are The complex tasks like fulfilling
simple and mostly include client requests, storing and
requesting services. processing large datasets, data
analysis are common for server.

Switch off The client systems can be switch off Switching off servers may be
without any fear. disastrous for client systems that
continuously request the services.

Login Support There can be single user logins. Server support multiple user login
and request processing
simultaneously.

Examples Examples of clients are Examples of servers are web

smartphones, desktops, laptops, servers, file servers, database
etc. servers, etc.

 FTP

o FTP stands for File transfer protocol.

o FTP is a standard internet protocol provided by TCP/IP used for transmitting the
files from one host to another.
o It is mainly used for transferring the web page files from their creator to the
computer that acts as a server for other computers on the internet.
o It is also used for downloading the files to computer from other servers.

Objectives of FTP

o It provides the sharing of files.

o It is used to encourage the use of remote computers.
o It transfers the data more reliably and efficiently.

Why FTP?
Although transferring files from one system to another is very simple and straightforward,
but sometimes it can cause problems. For example, two systems may have different file
conventions. Two systems may have different ways to represent text and data. Two
systems may have different directory structures. FTP protocol overcomes these problems
by establishing two connections between hosts. One connection is used for data transfer,
and another connection is used for the control connection.

Mechanism of FTP

The above figure shows the basic model of the FTP. The FTP client has three components:
the user interface, control process, and data transfer process. The server has two
components: the server control process and the server data transfer process.

There are two types of connections in FTP:

o Control Connection: The control connection uses very simple rules for
communication. Through control connection, we can transfer a line of command or
line of response at a time. The control connection is made between the control
processes. The control connection remains connected during the entire interactive
FTP session.
o Data Connection: The Data Connection uses very complex rules as data types may
vary. The data connection is made between data transfer processes. The data
connection opens when a command comes for transferring the files and closes when
the file is transferred.

FTP Clients

o FTP client is a program that implements a file transfer protocol which allows you to
transfer files between two hosts on the internet.
o It allows a user to connect to a remote host and upload or download the files.
o It has a set of commands that we can use to connect to a host, transfer the files
between you and your host and close the connection.
 o The FTP program is also available as a built-in component in a Web browser. This
GUI based FTP client makes the file transfer very easy and also does not require to
remember the FTP commands.

Advantages of FTP:

o Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest
way to transfer the files from one computer to another computer.
o Efficient: It is more efficient as we do not need to complete all the operations to get
the entire file.
o Security: To access the FTP server, we need to login with the username and
password. Therefore, we can say that FTP is more secure.
o Back & forth movement: FTP allows us to transfer the files back and forth.
Suppose you are a manager of the company, you send some information to all the
employees, and they all send information back on the same server.

Disadvantages of FTP:

o The standard requirement of the industry is that all the FTP transmissions should
be encrypted. However, not all the FTP providers are equal and not all the providers
offer encryption. So, we will have to look out for the FTP providers that provides
encryption.
o FTP serves two operations, i.e., to send and receive large files on a network.
However, the size limit of the file is 2GB that can be sent. It also doesn't allow you to
run simultaneous transfers to multiple receivers.
o Passwords and file contents are sent in clear text that allows unwanted
eavesdropping. So, it is quite possible that attackers can carry out the brute force
attack by trying to guess the FTP password.
o It is not compatible with every system.

 Network Virtual Terminal (NVT)

o The network virtual terminal is an interface that defines how data and
commands are sent across the network.
o In today's world, systems are heterogeneous. For example, the operating
system accepts a special combination of characters such as end-of-file token
running a DOS operating system ctrl+z while the token running a UNIX
operating system is ctrl+d.
 o TELNET solves this issue by defining a universal interface known as network
virtual interface.
o The TELNET client translates the characters that come from the local
terminal into NVT form and then delivers them to the network. The Telnet
server then translates the data from NVT form into a form which can be
understandable by a remote computer.

 Telnet

o The main task of the internet is to provide services to users. For example, users
want to run different application programs at the remote site and transfers a result
to the local site. This requires a client-server program such as FTP, SMTP. But this
would not allow us to create a specific program for each demand.
o The better solution is to provide a general client-server program that lets the user
access any application program on a remote computer. Therefore, a program that
allows a user to log on to a remote computer. A popular client-server program
Telnet is used to meet such demands. Telnet is an abbreviation for Terminal
Network.
o Telnet provides a connection to the remote computer in such a way that a local
terminal appears to be at the remote side.

There are two types of login:

Local Login

o When a user logs into a local computer, then it is known as local login.
o When the workstation running terminal emulator, the keystrokes
entered by the user are accepted by the terminal driver. The terminal
driver then passes these characters to the operating system which in
turn, invokes the desired application program.
o However, the operating system has special meaning to special
characters. For example, in UNIX some combination of characters have
special meanings such as control character with "z" means suspend.
Such situations do not create any problem as the terminal driver knows
the meaning of such characters. But, it can cause the problems in
remote login.
 Remote login

o When the user wants to access an application program on a remote

computer, then the user must perform remote login.

How remote login occurs

At the local site

The user sends the keystrokes to the terminal driver, the characters are then sent to
the TELNET client. The TELNET client which in turn, transforms the characters to a
universal character set known as network virtual terminal characters and delivers
them to the local TCP/IP stack

At the remote site

The commands in NVT forms are transmitted to the TCP/IP at the remote machine.
Here, the characters are delivered to the operating system and then pass to the
TELNET server. The TELNET server transforms the characters which can be
understandable by a remote computer. However, the characters cannot be directly
passed to the operating system as a remote operating system does not receive the
characters from the TELNET server. Therefore it requires some piece of software
that can accept the characters from the TELNET server. The operating system then
passes these characters to the appropriate application program.

 SSH Meaning| SSH Protocol Definition

SSH stands for Secure Shell or Secure Socket Shell. It is a cryptographic network protocol
that allows two computers to communicate and share the data over an insecure network
such as the internet. It is used to login to a remote server to execute commands and data
transfer from one machine to another machine.

The SSH protocol was developed by SSH communication security Ltd to safely
communicate with the remote machine.

Secure communication provides a strong password authentication and encrypted

communication with a public key over an insecure channel. It is used to replace
unprotected remote login protocols such as Telnet, rlogin, rsh, etc., and insecure file
transfer protocol FTP

Its security features are widely used by network administrators for managing systems and
applications remotely.

Nested Structure in C in Hindi

Keep Watching
The SSH protocol protects the network from various attacks such as DNS spoofing
, IP source routing, and IP spoofing.

A simple example can be understood, such as suppose you want to transfer a package to
one of your friends. Without SSH protocol, it can be opened and read by anyone. But if you
will send it using SSH protocol, it will be encrypted and secured with the public keys, and
only the receiver can open it.

Before SSH:

After SSH:

Usages of SSH protocol

The popular usages of SSH protocol are given below:

o It provides secure access to users and automated processes.

o It is an easy and secure way to transfer files from one system to another over an
insecure network.
o It also issues remote commands to the users.
o It helps the users to manage the network infrastructure and other critical system
components.
o It is used to log in to shell on a remote system (Host), which replaces Telnet and
rlogin and is used to execute a single command on the host, which replaces rsh.
 o It combines with rsync utility to backup, copy, and mirror files with complete
security and efficiency.
o It can be used for forwarding a port.
o By using SSH, we can set up the automatic login to a remote server such as OpenSSH.
o We can securely browse the web through the encrypted proxy connection with the
SSH client, supporting the SOCKS protocol.

How does SSH Works?

The SSH protocol works in a client-server model, which means it connects a secure shell
client application (End where the session is displayed) with the SSH server (End where
session executes).

As discussed above, it was initially developed to replace insecure login protocols such as
Telnet, rlogin, and hence it performs the same function.

The basic use of SSH is to connect a remote system for a terminal session and to do this,
following command is used:

1. ssh [email protected]
The above command enables the client to connect to the server,
named server.test.com, using the ID UserName.
If we are connecting for the first time, it will prompt the remote host's public key
fingerprint and ask to connect. The below message will be prompt:
1. The authenticity of host 'sample.ssh.com' cannot be established.
2. DSA key fingerprint is 01:23:45:67:89:ab:cd:ef:ff:fe:dc:ba:98:76:54:32:10.
3. Are you sure you want to continue connecting (yes/no)?

To continue the session, we need to click yes, else no. If we click yes, then the host key will
be stored in the known_hosts file of the local system. The key is contained within the
hidden file by default, which is /.ssh/known_hosts in the home directory. Once the host
key is stored in this hidden file, there is no need for further approval as the host key will
automatically authenticate the connection.

History of SSH Protocol

There are 3 versions of SSH, which are given below:

 o Version 1.x: The first version of SSH was launched in the year 1995 and designed
by Tatu Ylönen, who was the researcher at the Helsinki University of Technology,
Finland. It was known as SSH-1. In this version, there were several issues, and hence
it got depreciated.
o Version 2.x: The second version is known as SSH-2, the current version of the SSH
protocol. In 2006, it was opted as a Standards Track specification by the Internet
Engineering Task Force (IETF). This version is not compatible with the SSH-1
protocol. It has better security features compared to SSH-1.
o Version 1.99: Version 1.99 is specified as the proto version of 2.1. It is not the
actual version but a way to identify the backward compatibility.

The architecture of SSH Protocol

The SSH architecture is made-up of three well-separated layers. These layers are:

1. Transport Layer
2. User-authentication layer
3. Connection Layer

The SSH protocol architecture is an open architecture; hence it provides great flexibility
and enables SSH use for many other purposes instead of only a secure shell. In the
architecture, the transport layer is similar to the transport layer security (TLS). The User-
authentication layer can be used with the custom authentication methods, and the
connection layer allows multiplexing different secondary sessions into a single SSH
connection.

Transport Layer

The transport layer is the top layer of the TCP/IP protocol suite. For SSH-2, this layer is
responsible for handling initial key exchange, server authentication, set up encryption,
compression, and integrity verification. It works as an interface for sending and receiving
plaintext packets with sizes up to 32, 768bytes.

User authentication Layer

As its name suggests, the user authentication layer is responsible for handling client
authentication and provides various authentication methods. The authentication is done at
the client-side; hence when a prompt occurs for a password, it usually for an SSH client
rather than a server, and the server responds to these authentications.

This layer includes various methods of authentication; these methods are:

o Password: Password authentication is a straightforward way of authentication. It

includes the feature to change the password for easy access. But it is not used by all
the applications.
o Public-key: The public-key is a public key-based authentication method, which
supports DSA, ECDSA, or RSA keypairs.
o Keyboard-interactive: It is one of the versatile authentication methods. In this, the
server sends a prompt to enter information & the client sends it back with keyed-in
 responses by the user. It is used to provide a one-time password or OTP
authentication.
o GSSAPI: In this method, the authentication is performed by external methods such
as Kerberos 5 or NTLM, which provide the single sign-on capability to SSH sessions.

Connection Layer

The connection layer defines various channels through which SSH services are provided. It
defines the concept of channels, channel requests, and global requests. One SSH connection
can host different channels simultaneously and can also transfer data in both directions
simultaneously. Channel requests are used in the connection layer to relay out-of-band
channel-specific data, for example, the altered size of a terminal window or the exit code of
a server-side process. The standard channel types of connection layer are:

o shell: It is used for terminal shells, SFTP, and exec requests.

o direct-tcpip: It is used for the client-to-server forwarded connections.
o forwarded-tcpip: It is used for the server-to-client forwarded connections.

What can be transferred with SSH protocol?

The SSH protocol can transfer the following:

o Data
o Text
o Commands
o Files

The files are transferred using the SFTP(Secure file transfer protocol), the encrypted
version of FTP that provides security to prevent any threat.

Difference between SSH and Telnet

o Telnet was the first internet application protocol used to create and maintain a
terminal session on a remote host.
o Both SSH and Telnet have the same functionality. Still, the main difference is that
SSH protocol is secured with public-key cryptography that authenticates endpoint
while setting up a terminal session. On the other hand, no authentication is provided
in Telnet for the user's authentication, making it less secure.
o SSH sends the encrypted data, while Telnet sends data in plain text.
o Due to high security, SSH is the preferred protocol for public networks, while due to
less security, Telnet is suitable for private networks.
o SSH runs on port no 22 by default, but it can be changed, while Telnet uses port
number 23, specifically designed for the Local area network.

SSH Encryption Techniques

To make a secure transmission, SSH uses three different encryption techniques at various
points during a transmission. These techniques are:
 1. Symmetrical Encryption
2. Asymmetrical Encryption
3. Hashing

Symmetrical Encryption

Only one key can be used in symmetric encryption techniques to encrypt & decrypt
messages sent and received from the destination. This technique is also known as shared
key encryption because both devices use the same key to encrypt the data they send and
decrypt the received data.

This technique encrypts the entire SSH connection to prevent man-in-middle attacks. In
this technique, one issue arises at the time of initial key exchange. As per this problem, if a
third party is present during the key exchange, they could know the key and read the entire
message.

The Key exchange algorithm is used to prevent this problem. With this algorithm, the
secret keys can be securely exchanged without an interception.

Asymmetrical encryption is required to implement the key exchange algorithm.

Asymmetrical Encryption

In asymmetrical encryption, two different keys are used for encryption and decryption,
private and public keys. The private key is private to the user only and cannot be shared
with any other user, whereas the public key is shared publicly. The public key is saved on
the SSH server, whereas the private key is saved locally on the SSH client; these two keys
form a key pair. The message encrypted with the public key can only decrypt with the
corresponding private key.

It is a much secure technique as if a third party gets the public key, and they cannot decrypt
the message because they don't know the private key.

The asymmetrical encryption does not encrypt the complete SSH session. Instead, it is
mainly used for the key exchange algorithm of symmetric encryption. In this, before
establishing a connection, both systems (client and server) generate public-private key
pairs temporarily and then share their private keys to generate the shared secret key.

After establishing a secure symmetric connection, the server uses the public key to
transmit it to the client for authentication. The client can only decrypt the data if it has the
private key, and hence the SSH session establishes.

Hashing

In SSH, one-way hashing is used as the encryption technique, which is another form of
cryptography. The hashing technique is different from the above two methods, as it is not
meant by decryption. It generates the signature or summary of information. SSH
uses HMAC(Hash-based Message authentication) to ensure that messages are reached in
complete and unmodified form.
In this technique, each transmitted message must have a MAC, which uses three
components: symmetric key, packet sequence number, and message content. These
three components form the hash function that generates a string that doesn't have any
meaning, and this string is sent to the host. The host also has the same information, so they
also generate a hash function, and if the generated hash matches with the received hash, it
means the message is not tempered.

 Security issues with telnet

User ID and password are transmitted without any encryption. This leads to security risk in
Telnet protocol as eavesdropping and snooping are easier to implement by intruders or
hackers.
➨It is not possible to run GUI based tools over Telnet connection as it is character based
communication tool. It is not possible to transmit cursor movements and other GUI
information.
➨It is very inefficient protocol.
➨Each keystrokes require several context switches before it reaches the other end.
➨It is expensive due to slow typing speeds.

 SMTP

o SMTP stands for Simple Mail Transfer Protocol.

o SMTP is a set of communication guidelines that allow software to transmit an
electronic mail over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers, and
it also supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between servers.
The servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. They also have a way of handling the
errors such as incorrect email address. For example, if the recipient address is
wrong, then receiving server reply with an error message of some kind.

Components of SMTP

o First, we will break the SMTP client and SMTP server into two components such as
user agent (UA) and mail transfer agent (MTA). The user agent (UA) prepares the
 message, creates the envelope and then puts the message in the envelope. The mail
transfer agent (MTA) transfers this mail across the internet.

o SMTP allows a more complex system by adding a relaying system. Instead of just
having one MTA at sending side and one at receiving side, more MTAs can be added,
acting either as a client or server to relay the email.

o The relaying system without TCP/IP protocol can also be used to send the emails to
users, and this is achieved by the use of the mail gateway. The mail gateway is a
relay MTA that can be used to receive an email.

Working of SMTP

1. Composition of Mail: A user sends an e-mail by composing an electronic mail

message using a Mail User Agent (MUA). Mail User Agent is a program which is used
to send and receive mail. The message contains two parts: body and header. The
body is the main part of the message while the header includes information such as
the sender and recipient address. The header also includes descriptive information
such as the subject of the message. In this case, the message body is like a letter and
header is like an envelope that contains the recipient's address.
2. Submission of Mail: After composing an email, the mail client then submits the
completed e-mail to the SMTP server by using SMTP on TCP port 25.
 3. Delivery of Mail: E-mail addresses contain two parts: username of the recipient
and domain name. For example, [email protected], where "vivek" is the username of
the recipient and "gmail.com" is the domain name.
If the domain name of the recipient's email address is different from the sender's
domain name, then MSA will send the mail to the Mail Transfer Agent (MTA). To
relay the email, the MTA will find the target domain. It checks the MX record from
Domain Name System to obtain the target domain. The MX record contains the
domain name and IP address of the recipient's domain. Once the record is located,
MTA connects to the exchange server to relay the message.
4. Receipt and Processing of Mail: Once the incoming message is received, the
exchange server delivers it to the incoming server (Mail Delivery Agent) which
stores the e-mail where it waits for the user to retrieve it.
5. Access and Retrieval of Mail: The stored email in MDA can be retrieved by using
MUA (Mail User Agent). MUA can be accessed by using login and password.

 POP Protocol

The POP protocol stands for Post Office Protocol. As we know that SMTP is used as a
message transfer agent. When the message is sent, then SMPT is used to deliver the
message from the client to the server and then to the recipient server. But the message is
sent from the recipient server to the actual server with the help of the Message Access
Agent. The Message Access Agent contains two types of protocols, i.e., POP3 and IMAP.

How is mail transmitted?

Suppose sender wants to send the mail to receiver. First mail is transmitted to the sender's
mail server. Then, the mail is transmitted from the sender's mail server to the receiver's
mail server over the internet. On receiving the mail at the receiver's mail server, the mail is
then sent to the user. The whole process is done with the help of Email protocols. The
transmission of mail from the sender to the sender's mail server and then to the receiver's
mail server is done with the help of the SMTP protocol. At the receiver's mail server, the
POP or IMAP protocol takes the data and transmits to the actual user.

Since SMTP is a push protocol so it pushes the message from the client to the server. As we
can observe in the above figure that SMTP pushes the message from the client to the
recipient's mail server. The third stage of email communication requires a pull protocol,
and POP is a pull protocol. When the mail is transmitted from the recipient mail server to
the client which means that the client is pulling the mail from the server.

What is POP3?
The POP3 is a simple protocol and having very limited functionalities. In the case of the
POP3 protocol, the POP3 client is installed on the recipient system while the POP3 server is
installed on the recipient's mail server.

History of POP3 protocol

The first version of post office protocol was first introduced in 1984 as RFC 918 by
the internet engineering task force. The developers developed a simple and effective email
protocol known as the POP3 protocol, which is used for retrieving the emails from the
server. This provides the facility for accessing the mails offline rather than accessing the
mailbox offline.

In 1985, the post office protocol version 2 was introduced in RFC 937, but it was replaced
with the post office protocol version 3 in 1988 with the publication of RFC 1081. Then,
POP3 was revised for the next 10 years before it was published. Once it was refined
completely, it got published on 1996.

Although the POP3 protocol has undergone various enhancements, the developers
maintained a basic principle that it follows a three-stage process at the time of mail
retrieval between the client and the server. They tried to make this protocol very simple,
and this simplicity makes this protocol very popular today.

Let's understand the working of the POP3 protocol.

To establish the connection between the POP3 server and the POP3 client, the POP3 server
asks for the user name to the POP3 client. If the username is found in the POP3 server, then
it sends the ok message. It then asks for the password from the POP3 client; then the POP3
client sends the password to the POP3 server. If the password is matched, then the POP3
server sends the OK message, and the connection gets established. After the establishment
of a connection, the client can see the list of mails on the POP3 mail server. In the list of
mails, the user will get the email numbers and sizes from the server. Out of this list, the
user can start the retrieval of mail.

Once the client retrieves all the emails from the server, all the emails from the server are
deleted. Therefore, we can say that the emails are restricted to a particular machine, so it
would not be possible to access the same mails on another machine. This situation can be
overcome by configuring the email settings to leave a copy of mail on the mail server.

Advantages of POP3 protocol

The following are the advantages of a POP3 protocol:

o It allows the users to read the email offline. It requires an internet connection only
at the time of downloading emails from the server. Once the mails are downloaded
from the server, then all the downloaded mails reside on our PC or hard disk of our
computer, which can be accessed without the internet. Therefore, we can say that
the POP3 protocol does not require permanent internet connectivity.
o It provides easy and fast access to the emails as they are already stored on our PC.
o There is no limit on the size of the email which we receive or send.
o It requires less server storage space as all the mails are stored on the local machine.
o There is maximum size on the mailbox, but it is limited by the size of the hard disk.
o It is a simple protocol so it is one of the most popular protocols used today.
o It is easy to configure and use.

Disadvantages of POP3 protocol

The following are the advantages of a POP3 protocol:

o If the emails are downloaded from the server, then all the mails are deleted from the
server by default. So, mails cannot be accessed from other machines unless they are
configured to leave a copy of the mail on the server.
o Transferring the mail folder from the local machine to another machine can be
difficult.
o Since all the attachments are stored on your local machine, there is a high risk of a
virus attack if the virus scanner does not scan them. The virus attack can harm the
computer.
o The email folder which is downloaded from the mail server can also become
corrupted.
o The mails are stored on the local machine, so anyone who sits on your machine can
access the email folder.

 IMAP Protocol

IMAP stands for Internet Message Access Protocol. It is an application layer protocol
which is used to receive the emails from the mail server. It is the most commonly used
protocols like POP3 for retrieving the emails.

It also follows the client/server model. On one side, we have an IMAP client, which is a
process running on a computer. On the other side, we have an IMAP server, which is also a
process running on another computer. Both computers are connected through a network.

The IMAP protocol resides on the TCP/IP transport layer which means that it implicitly
uses the reliability of the protocol. Once the TCP connection is established between the
IMAP client and IMAP server, the IMAP server listens to the port 143 by default, but this
port number can also be changed.

By default, there are two ports used by IMAP:

o Port 143: It is a non-encrypted IMAP port.

o Port 993: This port is used when IMAP client wants to connect through IMAP
securely.

Why should we use IMAP instead of POP3 protocol?

POP3 is becoming the most popular protocol for accessing the TCP/IP mailboxes. It
implements the offline mail access model, which means that the mails are retrieved from
the mail server on the local machine, and then deleted from the mail server. Nowadays,
millions of users use the POP3 protocol to access the incoming mails. Due to the offline mail
access model, it cannot be used as much. The online model we would prefer in the ideal
world. In the online model, we need to be connected to the internet always.

The biggest problem with the offline access using POP3 is that the mails are permanently
removed from the server, so multiple computers cannot access the mails. The solution to
this problem is to store the mails at the remote server rather than on the local server. The
POP3 also faces another issue, i.e., data security and safety.

The solution to this problem is to use the disconnected access model, which provides the
benefits of both online and offline access. In the disconnected access model, the user can
retrieve the mail for local use as in the POP3 protocol, and the user does not need to be
connected to the internet continuously. However, the changes made to the mailboxes are
synchronized between the client and the server.

The mail remains on the server so different applications in the future can access it. When
developers recognized these benefits, they made some attempts to implement the
disconnected access model. This is implemented by using the POP3 commands that provide
the option to leave the mails on the server.

This works, but only to a limited extent, for example, keeping track of which messages are
new or old become an issue when both are retrieved and left on the server. So, the POP3
lacks some features which are required for the proper disconnected access model.

In the mid-1980s, the development began at Stanford University on a new protocol that
would provide a more capable way of accessing the user mailboxes. The result was the
development of the interactive mail access protocol, which was later renamed as Internet
Message Access Protocol.

IMAP History and Standards

The first version of IMAP was formally documented as an internet standard was IMAP
version 2, and in RFC 1064, and was published in July 1988. It was updated in RFC 1176,
August 1990, retaining the same version. So they created a new document of version 3
known as IMAP3. In RFC 1203, which was published in February 1991. However, IMAP3
was never accepted by the market place, so people kept using IMAP2. The extension to the
protocol was later created called IMAPbis, which added support for Multipurpose Internet
Mail Extensions (MIME) to IMAP. This was a very important development due to the
usefulness of MIME. Despite this, IMAPbis was never published as an RFC. This may be due
to the problems associated with the IMAP3. In December 1994, IMAP version 4, i.e., IMAP4
was published in two RFCs, i.e., RFC 1730 describing the main protocol and RFC 1731
describing the authentication mechanism for IMAP 4. IMAP 4 is the current version of
IMAP, which is widely used today. It continues to be refined, and its latest version is
actually known as IMAP4rev1 and is defined in RFC 2060. It is most recently updated in
RFC 3501.

IMAP Features

IMAP was designed for a specific purpose that provides a more flexible way of how the user
accesses the mailbox. It can operate in any of the three modes, i.e., online, offline, and
disconnected mode. Out of these, offline and disconnected modes are of interest to most
users of the protocol.

The following are the features of an IMAP protocol:

o Access and retrieve mail from remote server: The user can access the mail from the
remote server while retaining the mails in the remote server.
o Set message flags: The message flag is set so that the user can keep track of which
message he has already seen.
o Manage multiple mailboxes: The user can manage multiple mailboxes and transfer
messages from one mailbox to another. The user can organize them into various
categories for those who are working on various projects.
o Determine information prior to downloading: It decides whether to retrieve or not
before downloading the mail from the mail server.
o Downloads a portion of a message: It allows you to download the portion of a
message, such as one body part from the mime-multi part. This can be useful when
there are large multimedia files in a short-text element of a message.
o Organize mails on the server: In case of POP3, the user is not allowed to manage the
mails on the server. On the other hand, the users can organize the mails on the
server according to their requirements like they can create, delete or rename the
mailbox on the server.
o Search: Users can search for the contents of the emails.
o Check email-header: Users can also check the email-header prior to downloading.
o Create hierarchy: Users can also create the folders to organize the mails in a
hierarchy.

IMAP General Operation

 1. The IMAP is a client-server protocol like POP3 and most other TCP/IP application
protocols. The IMAP4 protocol functions only when the IMAP4 must reside on the
server where the user mailboxes are located. In c the POP3 does not necessarily
require the same physical server that provides the SMTP services. Therefore, in the
case of the IMAP protocol, the mailbox must be accessible to both SMTP for
incoming mails and IMAP for retrieval and modifications.
2. The IMAP uses the Transmission Control Protocol (TCP) for communication to
ensure the delivery of data and also received in the order.
3. The IMAP4 listens on a well-known port, i.e., port number 143, for an incoming
connection request from the IMAP4 client.

Let's understand the IMAP protocol through a simple example.

The IMAP protocol synchronizes all the devices with the main server. Let's suppose we
have three devices desktop, mobile, and laptop as shown in the above figure. If all these
devices are accessing the same mailbox, then it will be synchronized with all the devices.
Here, synchronization means that when mail is opened by one device, then it will be
marked as opened in all the other devices, if we delete the mail, then the mail will also be
deleted from all the other devices. So, we have synchronization between all the devices. In
IMAP, we can see all the folders like spam, inbox, sent, etc. We can also create our own
folder known as a custom folder that will be visible in all the other devices.