Chapter 2

Application Layer

A note on the use of these ppt slides: Computer

Networking: A
We’re making these slides freely available to all (faculty, students, readers).
They’re in PowerPoint form so you see the animations; and can add, modify,

Top Down
and delete slides (including this one) and slide content to suit your needs.
They obviously represent a lot of work on our part. In return for use, we only

Approach
ask the following:
❖ If you use these slides (e.g., in a class) that you mention their source (after
all, we’d like people to use our book!)
❖ If you post any slides on a www site, that you note that they are adapted
6th edition
from (or perhaps identical to) our slides, and note our copyright of this Jim Kurose, Keith Ross
material.
Addison-Wesley
Thanks and enjoy! JFK/KWR March 2012
All material copyright 1996-2012
J.F Kurose and K.W. Ross, All Rights Reserved

Application Layer 2-1

Chapter 2: outline
2.1 principles of network
applications
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
▪ SMTP, POP3, IMAP
2.5 DNS
2.6 P2P applications

Application Layer 2-2

Creating a network app application
transport
network
data link

write programs that: physical

❖ run on (different) end

systems
❖ communicate over network
❖ e.g., web server software
communicates with browser
software
application
no need to write software for transport
network
network-core devices data link
physical
application
transport

❖ network-core devices do not

network
data link

run user applications

physical

❖ applications on end systems

allows for rapid app
development, propagation

Application Layer 2-3

 Application architectures

client-server peer-to-peer (P2P)

http://shiriskumar.blogspot.com/2015/07/working-of-torrent-explained.html

Application Layer 2-4

 Client-server architecture
server:
❖ always-on host
❖ permanent IP address
❖ data centers for scaling

clients:
❖ communicate with server
client/server ❖ may be intermittently
connected
❖ may have dynamic IP
addresses
❖ do not communicate directly
with each other

Application Layer 2-5

P2P architecture
❖ no always-on server peer-peer
❖ arbitrary end systems
directly communicate
❖ peers request service from
other peers, provide service
in return to other peers
▪ self scalability – new
peers bring new service
capacity, as well as new
service demands
❖ peers are intermittently
connected and change IP
addresses
▪ complex management

Application Layer 2-6

 Examples Application architectures

client-server peer-to-peer (P2P)

https://www.researchgate.net/figure/
https://techsauce.co/news/google- File-sharing-with-BitTorrent-Every-piece-of-
new-data-center-for-cloud-platform-in-sea the-BitTorrent-file-has-same-size-like-if_fig1_290217680

Application Layer 2-7

Sockets
❖ process sends/receives messages to/from its socket
❖ socket analogous to door
▪ sending process shoves message out door
▪ sending process relies on transport infrastructure on
other side of door to deliver message to socket at
receiving process

application application
proce socket proce controlled by
ss ss app developer

transport transport
network network controlled
link link by OS
Internet
physical physical

Application Layer 2-8

Addressing processes
❖ to receive messages,
process must have
identifier
❖ host device has unique
32-bit IP address
❖ Q: does IP address of host
on which process runs
suffice for identifying the
process?
▪ A: no, many processes
can be running on same
host
❖ identifier includes both IP
address and port numbers
associated with process on
host.
❖ example port numbers:
▪ HTTP server: 80
▪ mail server: 25
❖ to send HTTP message to
gaia.cs.umass.edu web
server:
▪ IP address: 128.119.245.12
▪ port number: 80
❖ Together (IP address and
port number) called Socket
address
Application Layer 2-9
What transport service does an app need?
data integrity throughput
❖ some apps (e.g., file transfer, ❖ some apps (e.g.,
web transactions) require multimedia) require
100% reliable data transfer minimum amount of
❖ other apps (e.g., audio) can
throughput to be
tolerate some loss “effective”
❖ other apps (“elastic apps”)

timing make use of whatever

throughput they get
❖ some apps (e.g., Internet
telephony, interactive security
games) require low delay
to be “effective” ❖ encryption, data integrity,
…

Application Layer 2-10

 Transport service requirements: common apps

application data loss throughput time sensitive

file transfer no loss elastic no

e-mail no loss elastic no
Web documents no loss elastic no
real-time audio/video loss-tolerant audio: 5kbps-1Mbps yes, 100’s msec
video:10kbps-5Mbps
stored audio/video loss-tolerant same as above yes, few secs
interactive games loss-tolerant few kbps up yes, 100’s msec
text messaging no loss elastic yes and no

Application Layer 2-11

Internet transport protocols services
TCP service:
❖ reliable transport between
sending and receiving
process
❖ flow control: sender won’t
overwhelm receiver
❖ congestion control: throttle
sender when network
overloaded
❖ does not provide: timing,
minimum throughput
guarantee, security
❖ connection-oriented: setup
required between client and
server processes
UDP service:
❖ unreliable data transfer
between sending and
receiving process
❖ does not provide:
reliability, flow control,
congestion control,
timing, throughput
guarantee, security,
orconnection setup,
Q: why bother? Why is
there a UDP?
Application Layer 2-12
Internet apps: application, transport protocols

application underlying
application layer protocol transport protocol

e-mail SMTP [RFC 2821] TCP

remote terminal access Telnet [RFC 854] TCP
Web HTTP [RFC 2616] TCP
file transfer FTP [RFC 959] TCP
streaming multimedia HTTP (e.g., YouTube), TCP or UDP
RTP [RFC 1889]
Internet telephony SIP, RTP, proprietary
(e.g., Skype) TCP or UDP

Application Layer 2-13

Securing TCP

TCP & UDP TLS : Transport Layer

❖ no encryption Security (RFC 8446, 2018)
❖ cleartext passwords ❖ provides encrypted
sent into socket TCP connection
traverse Internet in ❖ data integrity
cleartext ❖ end-point
authentication
❖ cleartext passwds sent
into socket traverse
Internet encrypted

Application Layer 2-14

Chapter 2: outline
2.1 principles of network 2.6 P2P applications
applications 2.7 socket programming
▪ app architectures with UDP and TCP
▪ app requirements
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
▪ SMTP, POP3, IMAP
2.5 DNS

Application Layer 2-15

Web and HTTP
First, a review…
❖ web page consists of objects
❖ object can be HTML file, JPEG image, Java applet,
audio file,…
❖ web page consists of base HTML-file which
includes several referenced objects
❖ each object is addressable by a URL, e.g.,
www.someschool.edu/someDept/pic.gif

host name path name

Application Layer 2-16

HTTP overview
HTTP: hypertext
transfer protocol HT
❖ Web’s application layer TP
re que
protocol PC running HT st
TP
❖ client/server model Firefox browser re spo
nse
▪ client: browser that
requests, receives, st
(using HTTP protocol) r
ue
eq server
and “displays” Web T P
po
n se
HT running
objects Pr
e s
Apache Web
T
▪ server: Web server HT server
sends (using HTTP
protocol) objects in iphone running
response to requests Safari browser

Application Layer 2-17

HTTP overview (continued)
uses TCP:
❖ client initiates TCP
connection (creates socket)
to server, port 80
❖ server accepts TCP
connection from client
❖ HTTP messages
(application-layer protocol
messages) exchanged
between browser (HTTP
client) and Web server
(HTTP server)
❖ TCP connection closed
HTTP is “stateless”
❖ server maintains no
information about
past client requests
asid
protocols that maintain e
“state” are complex!
❖ past history (state) must be
maintained
❖ if server/client crashes, their
views of “state” may be
inconsistent, must be
reconciled
Application Layer 2-18
 HTTP request message

❖ two types of HTTP messages: request, response

❖ HTTP request message:
▪ ASCII (human-readable format)
carriage return character
line-feed character
request line
(GET, POST, GET /index.html HTTP/1.1\r\n
HEAD commands) Host: www-net.cs.umass.edu\r\n
User-Agent: Firefox/3.6.10\r\n
Accept:
header text/html,application/xhtml+xml\r\n
lines Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip,deflate\r\n
carriage return, Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n
line feed at start Keep-Alive: 115\r\n
Connection: keep-alive\r\n
of line indicates \r\n
end of header lines
Application Layer 2-19
Uploading form input
POST method:
❖ web page often includes
form input
❖ input is uploaded to
server in entity body

URL method:
❖ uses GET method
❖ input is uploaded in URL
field of request line:
www.somesite.com/animalsearch?monkeys&banan
a Application Layer 2-20
 HTTP response message
status line
(protocol
status code HTTP/1.1 200 OK\r\n
status phrase) Date: Sun, 26 Sep 2010 20:09:20 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
Last-Modified: Tue, 30 Oct 2007 17:00:02
GMT\r\n
header ETag: "17dc6-a5c-bf716880"\r\n
lines Accept-Ranges: bytes\r\n
Content-Length: 2652\r\n
Keep-Alive: timeout=10, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html;
charset=ISO-8859-1\r\n
\r\n
data, e.g., data data data data data ...
requested
HTML file
Application Layer 2-21
HTTP response status codes
❖ status code appears in 1st line in
server-to-client response message.
❖ some sample codes:
200 OK
▪ request succeeded, requested object later in this msg
301 Moved Permanently
▪ requested object moved, new location specified later in this msg
(Location:)
400 Bad Request
▪ request msg not understood by server
404 Not Found
▪ requested document not found on this server
505 HTTP Version Not Supported

Application Layer 2-22

User-server state: cookies
example:
many Web sites use cookies ❖ Susan always access Internet
four components: from PC
1) cookie header line of ❖ visits specific e-commerce
HTTP response site for first time
message ❖ when initial HTTP requests
2) cookie header line in arrives at site, site creates:
next HTTP request ▪ unique ID
message ▪ entry in backend
3) cookie file kept on database for ID
user’s host, managed
by user’s browser
4) back-end database at
Web site
Application Layer 2-23
 Cookies: keeping “state” (cont.)
client server

ebay 8734
usual http request msg Amazon server
cookie file creates ID
usual http response 1678 for user create backend
ebay 8734
set-cookie: 1678 entry database
amazon 1678
usual http request msg
cookie: 1678 cookie- access
specific
usual http response msg action

one week later:

access
ebay 8734 usual http request msg
amazon 1678 cookie: 1678 cookie-
specific
usual http response msg action
Application Layer 2-24
Cookies (continued)
aside
what cookies can be cookies and privacy:
used for: ❖ cookies permit sites to
❖ authorization learn a lot about you
❖ shopping carts
❖ you may supply name and
❖ recommendations
e-mail to sites
❖ user session state (Web
e-mail)

how to keep “state”:

❖ protocol endpoints: maintain state at
sender/receiver over multiple
transactions
❖ cookies: http messages carry state

Application Layer 2-25

Web caches (proxy server)
goal: satisfy client request without involving origin server
❖ user sets browser: Web
accesses via cache
❖ browser sends all HTTP proxy
requests to cache HT
TP
server u e st
re que req
▪ object in cache: cache clientHTTP
res
s t HT
T P
p o nse
origin
res
returns object pon
se HT
TP server
t
▪ else cache requests req
ues
e
object from origin HT
T P
p o ns
es
server, then returns TTP
r
H
object to client
client origin
server

Application Layer 2-26

Caching example:
assumptions:
❖ avg object size: 100K bits origin
❖ avg request rate from browsers to servers
origin servers:15/sec public
❖ avg data rate to browsers: 1.50 Mbps Internet
❖ RTT from institutional router to any
origin server: 2 sec
❖ access link rate: 1.54 Mbps 1.54 Mbps
consequences: access link
❖ LAN utilization: 15% problem! institutional
❖ access link utilization = 99% network
1 Gbps LAN
❖ total delay = Internet delay +
access delay + LAN delay
= 2 sec + minutes + usecs

Application Layer 2-27

Caching example: install local cache
Calculating access link
utilization, delay with cache: origin
❖ suppose cache hit rate is 0.4 servers
▪ 40% requests satisfied at cache, public
60% requests satisfied at origin Internet

❖ access link utilization:

▪ 60% of requests use access link
❖ data rate to browsers over access link 1.54 Mbps
= 0.6*1.50 Mbps = .9 Mbps access link
▪ utilization = 0.9/1.54 = .58 institutional
❖ total delay network
1 Gbps LAN
▪ = 0.6 * (delay from origin servers) +0.4
* (delay when satisfied at cache) local web
▪ = 0.6 (2.01) + 0.4 (~msecs) cache
▪ = ~ 1.2 secs
▪ less than with 154 Mbps link (and
cheaper too!)
Application Layer 2-28
More about Web caching
❖ cache acts as both why Web caching?
client and server ❖ reduce response time
▪ server for original for client request
requesting client
▪ client to origin server ❖ reduce traffic on an
❖ typically cache is institution’s access link
installed by ISP ❖ Internet dense with
(university, company, caches: enables “poor”
residential ISP) content providers to
effectively deliver
content (so too does
P2P file sharing)

Application Layer 2-29

Chapter 2: outline
2.1 principles of network 2.6 P2P applications
applications 2.7 socket programming
▪ app architectures with UDP and TCP
▪ app requirements
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
▪ SMTP, POP3, IMAP
2.5 DNS

Application Layer 2-30

FTP: the file transfer protocol
file transfer
FTP FTP FTP
user client server
interface
user
at host remote file
local file system
system

❖ transfer file to/from remote host

❖ client/server model
▪ client: side that initiates transfer (either to/from remote)
▪ server: remote host
❖ ftp: RFC 959
❖ ftp server: port 21
Application Layer 2-31
FTP: separate control, data connections

❖ FTP client contacts FTP server TCP control connection,

server port 21
at port 21, using TCP
❖ client authorized over control TCP data connection,
connection FTP server port 20 FTP
client server
❖ client browses remote
directory, sends commands
over control connection ❖ server opens another TCP
❖ when server receives file data connection to transfer
transfer command, server another file
opens 2nd TCP data ❖ control connection: “out of
connection (for file) to client band”
❖ after transferring one file, ❖ FTP server maintains
server closes data connection “state”: current directory,
earlier authentication

Application Layer 2-32

FTP commands, responses
sample commands:
❖ sent as ASCII text over
control channel
❖ USER username
❖ PASS password
❖ LIST return list of file in
current directory
❖ RETR filename
retrieves (gets) file
❖ STOR filename stores
(puts) file onto remote
host
sample return codes
❖ status code and phrase (as
in HTTP)
❖ 331 Username OK,
password required
❖ 125 data
connection already
open; transfer
starting
❖ 425 Can’t open
data connection
❖ 452 Error writing
file
Application Layer 2-33
Chapter 2: outline
2.1 principles of network 2.6 P2P applications
applications 2.7 socket programming
▪ app architectures with UDP and TCP
▪ app requirements
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
▪ SMTP, POP3, IMAP
2.5 DNS

Application Layer 2-34

Electronic mail outgoing
message queue
user mailbox
Three major user

components: agent

❖ user agents mail user

server
❖ mail servers agent

❖ simple mail transfer SMTP mail user

protocol: SMTP server agent
SMTP
User Agent SMTP user
❖ a.k.a. “mail reader” mail
agent

❖ composing, editing, reading server

user
mail messages agent
❖ e.g., Outlook, Thunderbird, user
iPhone mail client agent
❖ outgoing, incoming
messages stored on server Application Layer 2-35
Electronic mail: mail servers
mail servers: user
agent
❖ mailbox contains incoming
messages for user mail user
server
❖ message queue of outgoing agent
(to be sent) mail messages SMTP mail user
❖ SMTP protocol between server agent
mail servers to send email SMTP
messages
▪ client: sending mail SMTP user
agent
mail
server server
▪ “server”: receiving mail user
agent
server
user
agent

Application Layer 2-36

Electronic Mail: SMTP [RFC 2821]
❖ uses TCP to reliably transfer email message from
client to server, port 25
❖ direct transfer: sending server to receiving
server
❖ three phases of transfer
▪ handshaking (greeting)
▪ transfer of messages
▪ closure
❖ command/response interaction (like HTTP, FTP)
▪ commands: ASCII text
▪ response: status code and phrase
❖ messages must be in 7-bit ASCI
Application Layer 2-37
Scenario: Alice sends message to Bob
1) Alice uses UA to compose 4) SMTP client sends Alice’s
message “to” message over the TCP
[email protected] connection
2) Alice’s UA sends message to 5) Bob’s mail server places the
her mail server; message message in Bob’s mailbox
placed in message queue 6) Bob invokes his user agent
3) client side of SMTP opens to read message
TCP connection with Bob’s
mail server

1user mail user

mail agent
agent server server
2 3 6
4
5
Alice’s mail server Bob’s mail server
Application Layer 2-38
Mail message format

SMTP: protocol for

exchanging email msgs header
blank
RFC 822: standard for text line
message format:
❖ header lines, e.g.,
▪ To: body
▪ From:
▪ Subject:
different from SMTP MAIL
FROM, RCPT TO:
commands!
❖ Body: the “message”
▪ ASCII characters only

Application Layer 2-39

Mail access protocols
user mail access user
SMTP SMTP protocol
agent agent
(e.g., POP,
IMAP)

sender’s mail receiver’s mail

server server

❖ SMTP: delivery/storage to receiver’s server

❖ mail access protocol: retrieval from server
▪ POP: Post Office Protocol [RFC 1939]: authorization,
download
▪ IMAP: Internet Mail Access Protocol [RFC 1730]: more
features, including manipulation of stored msgs on
server
▪ HTTP: gmail, Hotmail, Yahoo! Mail, etc.

Application Layer 2-40

Chapter 2: outline
2.1 principles of network 2.6 P2P applications
applications
▪ app architectures
▪ app requirements
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
▪ SMTP, POP3, IMAP
2.5 DNS

Application Layer 2-41

DNS: domain name system
people: many identifiers: Domain Name System:
▪ SSN, name, passport # ❖ distributed database
Internet hosts, routers: implemented in hierarchy of
▪ IP address (32 bit) - many name servers
used for addressing ❖ application-layer protocol:
datagrams hosts, name servers
▪ “name”, e.g., communicate to resolve
www.yahoo.com - names (address/name
used by humans translation)
Q: how to map between IP ▪ note: core Internet function,
address and name, and implemented as
vice versa ? application-layer protocol
▪ complexity at network’s
“edge”

Application Layer 2-42

DNS: services, structure
DNS services why not centralize DNS?
❖ hostname to IP address ❖ single point of failure
translation ❖ traffic volume
❖ host aliasing ❖ distant centralized database
❖ mail server aliasing ❖ maintenance
❖ load distribution
▪ replicated Web A: doesn’t scale!
servers: many IP
addresses correspond
to one name

Application Layer 2-43

DNS: a distributed, hierarchical database
Root DNS Servers

… …

com DNS servers org DNS servers edu DNS servers

pbs.org poly.edu umass.edu

yahoo.com amazon.com
DNS servers DNS serversDNS servers
DNS servers DNS servers

client wants IP for www.amazon.com; 1st approx:

❖ client queries root server to find com DNS server
❖ client queries .com DNS server to get amazon.com DNS server
❖ client queries amazon.com DNS server to get IP address for
www.amazon.com

Application Layer 2-44

 DNS: root name servers
❖ contacted by local name server that can not resolve name
❖ root name server:
▪ contacts authoritative name server if name mapping not known
▪ gets mapping
▪ returns mapping to local name server

c. Cogent, Herndon, VA (5 other sites)

d. U Maryland College Park, MD k. RIPE London (17 other sites)
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites ) i. Netnod, Stockholm (37 other sites)

e. NASA Mt View, CA m. WIDE Tokyo

f. Internet Software C. (5 other sites)
Palo Alto, CA (and 48 other
sites)

a. Verisign, Los Angeles CA 13 root name

(5 other sites)
b. USC-ISI Marina del Rey, CA
“servers”
l. ICANN Los Angeles, CA worldwide
(41 other sites)
g. US DoD Columbus,
OH (5 other sites)

Application Layer 2-45

TLD, authoritative servers
top-level domain (TLD) servers:
▪ responsible for com, org, net, edu, aero, jobs, museums,
and all top-level country domains, e.g.: uk, fr, ca, jp
▪ Network Solutions maintains servers for .com TLD
▪ Educause for .edu TLD
authoritative DNS servers:
▪ organization’s own DNS server(s), providing authoritative
hostname to IP mappings for organization’s named hosts
▪ can be maintained by organization or service provider

Application Layer 2-46

Local DNS name server
❖ does not strictly belong to hierarchy
❖ each ISP (residential ISP, company, university) has
one
▪ also called “default name server”
❖ when host makes DNS query, query is sent to its
local DNS server
▪ has local cache of recent name-to-address translation
pairs (but may be out of date!)
▪ acts as proxy, forwards query into hierarchy

Application Layer 2-47

 DNS name root DNS server

resolution example
2
❖ host at cis.poly.edu 3
TLD DNS server
wants IP address for 4
gaia.cs.umass.edu
5

iterated query: local DNS server

dns.poly.edu
❖ contacted server 7 6
1 8
replies with name of
server to contact
authoritative DNS server
❖ “I don’t know this dns.cs.umass.edu
name, but ask this requesting host
server” cis.poly.edu

gaia.cs.umass.edu

Application Layer 2-48

DNS name root DNS server

resolution example
2 3
7 6 TLD DNS server

recursive query: local DNS server

dns.poly.edu
5 4

❖ Contacts root server

1 8
then the TLD DNS
server, and authorative
authoritative DNS server
DNS server dns.cs.umass.edu
❖ “I don’t know this requesting host
name, but ask this cis.poly.edu

server”
gaia.cs.umass.edu

Application Layer 2-49

DNS: caching, updating records
❖ once (any) name server learns mapping, it caches
mapping
▪ cache entries timeout (disappear) after some time (TTL)
▪ TLD servers typically cached in local name servers
• thus root name servers not often visited
❖ cached entries may be out-of-date (best effort
name-to-address translation!)
▪ if name host changes IP address, may not be known
Internet-wide until all TTLs expire
❖ update/notify mechanisms proposed IETF standard
▪ RFC 2136

Application Layer 2-50

Attacking DNS
DDoS attacks Redirect attacks
❖ Bombard root servers ❖ Man-in-middle
with traffic ▪ Intercept queries
▪ Not successful to date ❖ DNS poisoning
▪ Traffic Filtering ▪ Send bogus replies to
▪ Local DNS servers DNS server, which
cache IPs of TLD caches
servers, allowing root
Exploit DNS for DDoS
server bypass
❖ Bombard TLD servers ❖ Send queries with
spoofed source
▪ Potentially more
dangerous address: target IP
❖ Requires amplification
Application Layer 2-51
Chapter 2: outline
2.1 principles of network 2.6 P2P applications
applications
▪ app architectures
▪ app requirements
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
▪ SMTP, POP3, IMAP
2.5 DNS

Application Layer 2-52

Pure P2P architecture
❖ no always-on server
❖ arbitrary end systems
directly communicate
❖ peers are intermittently
connected and change IP
addresses
examples:
▪ file distribution
(BitTorrent)
▪ Streaming (KanKan)
▪ VoIP (Skype)

How Bit Torrent works

https://www.youtube.com/watch?v=6PWUCFmOQwQ
Application Layer 2-53
Chapter 2: summary
our study of network apps now complete!
❖ application architectures ❖ specific protocols:
▪ client-server ▪ HTTP
▪ P2P ▪ FTP
❖ application service
requirements: ▪ SMTP, POP, IMAP
▪ reliability, bandwidth, delay ▪ DNS
❖ Internet transport service ▪ P2P: BitTorrent
model
▪ connection-oriented,
reliable: TCP
▪ unreliable, datagrams: UDP

Application Layer 2-54

Chapter 2: summary
most importantly: learned about protocols!

❖ typical request/reply important themes:

message exchange:
❖ control vs. data msgs
▪ client requests info or
service ▪ in-band, out-of-band
▪ server responds with ❖ centralized vs. decentralized
data, status code ❖ stateless vs. stateful
❖ message formats:
❖ reliable vs. unreliable msg
▪ headers: fields giving
info about data transfer
▪ data: info being ❖ “complexity at network
communicated edge”

Application Layer 2-55