UNIT I – Application Layer

HTTP – FTP – Email– DNS – SNMP

1
 HyperText Transfer Protocol (HTTP)
• It is an application protocol that is used to retrieve Web pages from remote servers.
• All the web browsers use HTTP protocol to communicate with Web servers over the
Internet.
• The main goal of the Web is to organize and retrieve information over the internet.
– HyperText (Interlinked documents) is used for this purpose.
– Hypertext is a document can link to another document
• HTTP – Protocol used to retrieve hypertext

• HTML – Document language or Markup language used to create hypertext

• To organize information into a system of linked documents or objects, we need to be able

to retrieve one document to get started.

CS8591 2
 HyperText Transfer Protocol (HTTP)
• To organize information into a system of linked documents or objects, we need to be able
to retrieve one document to get started.
• A hypertext document can be retrived by “opening a URL”
• URL: Location of a resource on the internet.
• Example: http://www.cs.princeton.edu/index.html
• Web browser would open a TCP connection to the Web server at a machine called
www.cs.princeton.edu and immediately retrieve and display the file called index.html.
• Most files on the Web contain images and text and many have other objects such as
audio and video clips, pieces of code, etc.
• They also frequently include URLs that point to other files that may be located on other
machines, which is the core of the “hypertext” part of HTTP and HTML.

CS8591 3
 HyperText Transfer Protocol (HTTP)
• When a user select a page to view, browser (the client) fetches the page from the server
using HTTP running over TCP.
• HTTP is a request/response protocol, where every message has the general

form START_LINE <CRLF>

MESSAGE_HEADER <CRLF>

<CRLF>

MESSAGE_BODY <CRLF>
• START_LINE – indicates, whether it is a request or response

Request Messages
• The first line of an HTTP request message specifies three things: the operation to be
performed, the Web page the operation should be performed on, and the version of HTTP
being used.
• START_LINE - GET http://www.xyz.com/index.html HTTP/1.1
CS8591 4
 HyperText Transfer Protocol (HTTP)
START_LINE - GET index.html HTTP/1.1

MESSAGE_HEADER – host: www.xyz.com

CS8591 5
 HyperText Transfer Protocol (HTTP)
Response Messages
• Response messages begin with a single START LINE and that line specifies the version
of HTTP being used, a three-digit code indicating whether or not the request was
successful, and a text string giving the reason for the response.

HTTP/1.1 202 Accepted

or

HTTP/1.1 404 Not Found

or

HTTP/1.1 301 Moved Permanently

Message Header - Location : http://www.xyz1.com/index.html

CS8591 6
 HyperText Transfer Protocol (HTTP)

CS8591 7
 HyperText Transfer Protocol (HTTP)
TCP Connections
• The original version of HTTP (1.0) established a separate TCP connection for each
data item retrieved from the server.
• But it is inefficient: connection setup and teardown messages had to be exchanged
between the client and server even if all the client wanted to do was verify that it had the
most recent copy of a page.
• Thus, retrieving a page that included some text and a dozen icons or other small graphics
would result in 13 separate TCP connections being established and closed.
• HTTP 1.1,

• Persistent Connection: The client and server can exchange

multiple request/response messages over the same TCP connection.

CS8591 8
 HyperText Transfer Protocol (HTTP)
Advantages of Persistent Connection
• Eliminate the connection setup overhead.
o Thereby reducing the load on the server, the load on the network caused by the
additional TCP packets, and the delay perceived by the user.
• A client can send multiple request messages down a single TCP connection.
o TCP’s congestion window mechanism is able to operate more efficiently. This is
because it’s not necessary to go through the slow start phase for each page.

HTTP 1.1 Behavior with

persistent Connection
11/15/2020
CS8591 KAVIYA P, AP/IT, 18
HTTP 1.0 KCET
 HyperText Transfer Protocol
Caching (HTTP)
• Benefits of caching

– Client: Page can be retrieved from a nearby cache can be displayed much more
quickly than if it has to be fetched from across the world.
– Server: Reduces the load on the server.

• Caching can be implemented on,

– User’s Browser: Cache recently accessed pages, and simply display the cached
copy if the user visits the same page again.
– Single site-wide cache: The users within the site most likely know what machine is
caching pages on behalf of the site, and they configure their browsers to connect
directly to the caching host. This node is sometimes called a proxy.
– Middle of the Internet: ISP can cache the pages.

CS8591
 File Transfer Protocol (FTP)
• FTP is the standard protocol provided by TCP/IP for copying a file from one host to
another.

• The client has three components: the user interface, the client control process, and the
client data transfer process.
• The server has two components: the server control process and the server data transfer
process.
• The control connection is made between the control processes.
• The data connection is made between the data transfer processes.

CS8591
 File Transfer Protocol (FTP)
• Separation of commands and data transfer makes FTP more efficient.
• The control connection uses very simple rules of communication. (i.e.) only a line of
command or a line of response at a time.
• Thedata connection needs more complex rules due to the variety of data
types
transferred.

Two Connections
• When a user starts an FTP session, the control connection opens.
• While the control connection is open, the data connection can be opened and closed
multiple times if several files are transferred.
• FTP uses two well-known TCP ports: port 21 is used for the control connection, and
port 20 is used for the data connection.

CS8591
 File Transfer Protocol (FTP)
Control Connection
• Communication is achieved through commands and responses.
• Commands are sent from the client to the server and responses are sent from the server to
the client.

CS8591
 File Transfer Protocol (FTP)
Control Connection
• Every FTP command generates at least one response.
• A response has two parts: a three-digit number followed by
text.

CS8591
 File Transfer Protocol (FTP)
Data Connection
• The data connection uses the well-known port 20 at the server site.
• The creation of a data connection is different from the control connection.
• The following shows the steps:

1. The client, not the server, issues a passive open using an ephemeral port. This must be
done by the client because it is the client that issues the commands for transferring files.

2. Using the PORT command the client sends this port number to the server.

3. The server receives the port number and issues an active open using the well-known
port 20 and the received ephemeral port number.

CS8591
 File Transfer Protocol (FTP)
Data Connection – Communication over Data Connection
• The client must define the type of file to be transferred, the structure of the data, and the
transmission mode.
• File Type: ASCII file, EBCDIC file, or image file.
• Data Structure: FTP can transfer a file across the data connection using one of the
following interpretations of the structure of the data: file structure, record structure, or
page structure.
• Transmission Mode: FTP can transfer a file across the data connection using one of the
following three transmission modes: stream mode, block mode, or compressed mode.
• File Transfer: File transfer in FTP means one of three things: retrieving a file (server to
client), storing a file (client to server), and directory listing (server to client).
• Security in FTP: One can add a Secure Socket Layer between the FTP application layer
and the TCP layer.
CS8591
 Electronic Mail (E-Mail)
• Electronic mail (or e-mail) allows users to exchange messages.
• Client / Server model.
• To understand E-Mail,
– Distinguish the user interface (Mail reader) from the underlying message transfer
protocol (SMTP).
– Distinguish between the transfer protocol and companion protocol (MIME).
• Protocols Used
• SMTP (Simple Mail Transfer Protocol) – Used for message transfer.
• IMAP (Internet Message access Protocol) – Used to retrieve message.
• POP (Post office Protocol) – Used to retrieve Message.
• MIME (Multipurpose Internet Mail Extensions) – Used to define the format of
the message being exchanged.

CS8591
 Electronic Mail (E-Mail)
Multipurpose Internet Mail Extension (MIME)

Message Format
•RFC 822 defines two parts: Header and Body.

Header
• Series of <CRLF> terminated lines.
• The header is separated from the message by a
blank line.
• Each header line contains,
– Type: To, From, MIME - Version, Content
- Type, Subject, Date
– Value

• Type and value is separated by a colon.

• E-mail message can have many different types
of data (like images, videos, documents,
CS8591
audio, etc…).
 Electronic Mail (E-Mail)
Multipurpose Internet Mail Extension (MIME) – contains three parts.
• First piece of information: Collection of header lines that augments the original set
defined by RFC822.
– It describes the data being carried in the message.

– It contains MIME-Version, Content- From, To, Content-Description

Type,
(Subject), Date.
• Second piece of information: Defines the content type of the message. i.e., “Content-
Type” field.

– Examples: image/jpeg, image/gif

text/plain, text/richtext

audio/basic, multipart/mixed

video/mpeg, video/quicktime
application/pdf,
CS8591 application/zip,
 Electronic Mail (E-Mail)
Multipurpose Internet Mail Extension (MIME) – contains three parts.
• Third piece of information: Defines the content encoding scheme for the message. i.e.,
“Content-Transfer-Encoding” field.

– Example: 7 bit, base 64, quoted-printable.

CS8591
 Electronic Mail (E-Mail)
Simple Mail Transfer Protocol (SMTP)
• SMTP is used to transfer message from one host to another host.

• Key players:

– Mail reader: Web browser

– Mail daemon: Process runs on host

• Mail Daemon

– Act as a Mail Transfer Agent (MTA).

– The daemon uses SMTP running over TCP to transmit the message to a daemon
running on another machine, and the daemon puts incoming messages into the user’s
mailbox.
– MTA on a sender’s machine establishes an SMTP/TCP connection to the MTA on
the recipient’s mail server, in many cases the mail traverses one or more mail
gateways on its route from the sender’s host to the receiver’s host.
CS8591
 Electronic Mail (E-Mail)
Simple Mail Transfer Protocol (SMTP)
• Mail Daemon

– Job of the gateway is to store and forward email messages, much like an “IP
gateway”.
– But the difference is, mail gateway typically buffers messages on disk and is willing
to try retransmitting them to the next machine for several days, while an IP router
buffers datagrams in memory and is only willing to retry transmitting them for a
fraction of a second.

• Some of the commands used by the client are HELO, MAIL, RCPT, DATA, QUIT.
• Server response with code.
CS8591
 Electronic Mail (E-Mail)
Mail Reader
• Users actually retrieve his or her messages from the mailbox, read them, reply to them,
and possibly save a copy for future reference.
• The user performs all these actions by interacting with a mail reader.

• The reader was a program running on the same machine as the user’s mailbox, in which
case it could simply read and write the file that implements the mailbox.
• Protocols used to retrieve mails are,

– POP (Post Office Protocol)

– IMAP (Internet Message Access Protocol)

CS8591
 Electronic Mail (E-Mail)
Post Office Protocol (POP3)
• It is simple but limited in functionality.
• The client POP3 software is installed on the recipient computer.
• The server POP3 software is installed on the mail server.
• Mail access starts with the client when the user needs to download its e-mail from the
mailbox on the mail server.
• The client opens a connection to the server on TCP port 110.
• It then sends its user name and password to access the mailbox.
• The user can then list and retrieve the mail messages, one by one.
• POP3 has two modes: the delete mode and the keep mode.
• In the delete mode, the mail is deleted from the mailbox after each retrieval.
• In the keep mode, the mail remains in the mailbox after retrieval.

CS8591
 Electronic Mail (E-Mail)
Post Office Protocol (POP3)
 Electronic Mail (E-Mail)
Internet Message Access Protocol (IMAP)
• It is a client/server protocol running over TCP
• The client (running on the user’s desktop machine) issues commands in the form of
<CRLF> - terminated ASCII text lines and the mail server (running on the machine that
maintains the user’s mailbox) responds in-kind.
• The exchange begins with the client authenticating him or herself, and identifying the
mailbox he or she wants to access.
• Commands used by IMAP are:
– LOGIN

– AUTHENDICATE

– SELECT

– EXAMINE

– CLOSE & LOGOUT

CS8591
 Electronic Mail (E-Mail)
Internet Message Access Protocol (IMAP)

E-Mail Security
• To provide E-Mail security, Pretty Good Privacy (PGP) and Secure/
Multipurpose
Internet
CS8591 Mail Extensions (S/MIME) are used. 36
 Domain Name System (DNS)
• TCP/IP uses a DNS client and a DNS server to map a name to an address.
• The following six steps map the host name to an IP address:

1. The user passes the host name to the file transfer client.

2. The file transfer client passes the host name to the DNS client.

3. Each computer, after being booted, knows the address of one DNS server. The DNS
client sends a message to a DNS server with a query that gives the file transfer server
name using the known IP address of the DNS server.

4. The DNS server responds with the IP address of the desired file transfer server.

5. The DNS server passes the IP address to the file transfer client.

6. The file transfer client now uses the received IP address to access the file transfer server.

CS8591
 Domain Name System (DNS)
Six steps to map the host name to an IP address
 Domain Name System (DNS)
Name Space
• Maps each address to a unique name can be organized in two ways: flat
or hierarchical.
• Flat name space: A name is assigned to an address. A name is a sequence of characters
without structure.
• Hierarchical name space: Each name is made of several parts. The first part can define
the nature of the organization, the second part can define the name of an organization,
the third part can define departments in the organization, and so on.

CS8591
 Domain Name System (DNS)
Domain Name Space
• To have a hierarchical name space, a domain name space was designed.
• In this design the names are defined in an inverted-tree structure with the root at the top.
• Label: Each node in the tree has a label, which is a string with a maximum of 63 characters. The
root label is a null string (empty string).
• Domain Name: Each node in the tree has a domain name. A full domain name is a sequence of
labels separated by dots (.). The domain names are always read from the node up to the root. The
last label is the label of the root (null).
• If a label is terminated by a null string, it is called a fully qualified domain name (FQDN).
• If a label is not terminated by a null string, it is called a partially qualified domain name (PQDN).

CS8591
 Domain Name System (DNS)
Domain
• A domain is a subtree of the domain name space.
• The name of the domain is the name of the node at the top of the
subtree.

Domain names and labels Domains

CS8591
 Domain Name System (DNS)
Distribution of Name Space
• The information contained in the domain name space must be stored.
• Hierarchy of Name Servers: The solution is to distribute the information among many
computers called DNS servers.

Zone
• Since the complete domain name hierarchy cannot be stored on a single server, it is
divided among many servers.
• What a server is responsible for or has authority over is called a zone.

CS8591
 Domain Name System (DNS)
Root Server
• A root server is a server whose zone consists of the whole tree.
• A root server usually does not store any information about domains but delegates its
authority to other servers, keeping references to those servers.
• DNS defines two types of servers: primary and secondary.
• Primary server: It stores a file about the zone for which it is an authority. It is
responsible for creating, maintaining, and updating the zone file. It stores the zone file on
a local disk.
• Secondary server: It transfers the complete information about a zone from another
server (primary or secondary) and stores the file on its local disk. The secondary server
neither creates nor updates the zone files.

CS8591
 Domain Name System (DNS)
DNS in Internet
• DNS is a protocol that can be used in different platforms.
• In the Internet, the domain name space (tree) was originally divided into three different
sections: generic domains, country domains, and the inverse domains.
• Generic Domain: Define registered hosts according to their generic behavior.
• Country Domain: Section uses two-character country abbreviations.

CS8591
 Domain Name System (DNS)
Resolution
• Mapping a name to an address is called name-address resolution.
• DNS is designed as a client-server application.
• A host that needs to map an address to a name or a name to an address calls a DNS
client
called a resolver.
• The resolver accesses the closest DNS server with a mapping request.
• If the server has the information, it satisfies the resolver; otherwise, it either refers the
resolver to other servers or asks other servers to provide the information.
• After the resolver receives the mapping, it interprets the response to see if it is a real
resolution or an error, and finally delivers the result to the process that requested it.
• A resolution can be either recursive or iterative.

CS8591
 Domain Name System (DNS)
Resolution
Recursive Resolution

Iterative Resolution

CS8591
 Domain Name System (DNS)
Caching
• Each time a server receives a query for a name that is not in its domain, it needs to
search its database for a server IP address.
• Reduction of this search time would increase efficiency.
• DNS handles this with a mechanism called caching.

Resource Records
• The zone information associated with a server is implemented as a set of resource
records.
• A resource record is a 5-tuple structure: (Domain Name, Type, Class, TTL, Value).

CS8591
 Domain Name System (DNS)
Resource Records
• Domain Name: Identifies the resource record
• Class: Defines the type of network
• Value: Information kept about the domain name
• TTL: The number of seconds for which the information is valid.
• Type: Defines how the value should be interpreted.

CS8591
 Domain Name System (DNS)
DNS Message
• To retrieve information about hosts, DNS uses two types of messages: query and
response.

CS8591
 Domain Name System (DNS)
DNS Message
• Identification field: Used by the client to match the response with the query.
• Flag field: Defines whether the message is a query or response. It also includes status of
error.
• Next four fields: In the header define the number of each record type in the message.
• Question section: Consists of one or more question records. It is present in both query
and response messages.
• Answer section: Consists of one or more resource records. It is present only in response
messages.
• Authoritative section: Gives information (domain name) about one or
more authoritative servers for the query.
• Additional information section: Provides additional information that may help the
resolver.
CS8591
 Domain Name System (DNS)
Encapsulation
• DNS can use either UDP or TCP.
• In both cases the well-known port used by the server is port 53.
• UDP is used when the size of the response message is less than 512 bytes because
most UDP packages have a 512-byte packet size limit.
• If the size of the response message is more than 512 bytes, a TCP connection is used.

Registrars
• How are new domains added to DNS?
• This is done through a registrar, a commercial entity accredited by ICANN.
• A registrar first verifies that the requested domain name is unique and then enters it
into the DNS database.
• A fee is charged.

Domain name: ws.wonderful.com IP address: 200.200.200.5

CS8591
 Domain Name System (DNS)
Dynamic Domain Name System (DDNS)
• When a binding between a name and an address is determined, the information is sent,
usually by DHCP to a primary DNS server.
• The primary server updates the zone.
• The secondary servers are notified either actively or passively.
• To provide security and prevent unauthorized changes in the DNS records, DDNS can
use an authentication mechanism.

Security in DNS
• DNS Security (DNSSEC) that provides message origin authentication and message
integrity using a security service called digital signature.

CS8591
 Domain Name System (DNS)
Dynamic Domain Name System (DDNS)
• When a binding between a name and an address is determined, the information is sent,
usually by DHCP to a primary DNS server.
• The primary server updates the zone.
• The secondary servers are notified either actively or passively.
• To provide security and prevent unauthorized changes in the DNS records, DDNS can
use an authentication mechanism.

Security in DNS
• DNS Security (DNSSEC) that provides message origin authentication and message
integrity using a security service called digital signature.

CS8591
 Simple Network Management Protocol (SNMP)
• Used for monitoring, testing, configuring, and troubleshooting network components to
meet a set of requirements defined by an organization.
• Areas of Network Management

• SNMP is a framework for managing devices in an internet using the TCP/IP protocol
suite.
• It provides a set of fundamental operations for monitoring and maintaining an internet.
• SNMP uses the concept of manager and agent.
• A manager, usually a host, controls and monitors a set of agents, usually routers or
servers.
CS8591
 Simple Network Management Protocol (SNMP)
• SNMP is an application-level protocol in which a few manager stations control a set
of agents.
• It can monitor devices made by different manufacturers and installed on different
physical networks.

• A management station, called a manager, is a host that runs the SNMP client program.
• A managed station, called an agent, is a router (or a host) that runs the SNMP server
program.
• Management is achieved through simple interaction between a manager and an agent.

CS8591
 Simple Network Management Protocol (SNMP)
Management Components
• To do management tasks, SNMP uses two other protocols: Structure of Management
Information (SMI) and Management Information Base (MIB).

Structure of Management Information (SMI)

• Defines the general rules for naming objects, defining object types (including range and
length), and showing how to encode objects and values.
• Name:
– Each managed object have a unique name. To name objects globally, SMI uses an
object identifier, which is a hierarchical identifier based on a tree structure.
– The tree structure starts with an unnamed root.

– Each object can be defined using a sequence of integers separated by dots.

– The tree structure can also define an object using a sequence of textual names
separated by dots.
CS8591
 Simple Network Management Protocol (SNMP)
Structure of Management Information (SMI)
• Name:

– Example: iso.org.dod.internet.mgmt.mib-2 ↔
1.3.6.1.2.1

CS8591
 Simple Network Management Protocol (SNMP)
Structure of Management Information (SMI)
• Type:
– The second attribute of an object is the type of data stored in it. To define the data
type, SMI uses Abstract Syntax Notation One (ASN.1).
– SMI has two broad categories of data types: simple and structured.

– Simple data types: Atomic data types.

– Structured data types: By combining simple and structured data types.

• Encoding Method:

– SMI uses Basic Encoding Rules (BER), to encode data to be transmitted over the
network.
– BER specifies that each piece of data be encoded in triplet format: tag, length, and
value (TLV).
CS8591
 Simple Network Management Protocol (SNMP)
Management Information Base (MIB)
• Creates a collection of named objects, their types, and their relationships to each other in
an entity to be managed.
• The objects in MIB2 are categorized under several groups: system, interface, address
translation, ip, icmp, tcp, udp, egp, transmission, and snmp.

Some MIB-2 groups

CS8591
 Simple Network Management Protocol (SNMP)
• SNMP uses both SMI and MIB in Internet network management.
• It is an application program that allows:
– A manager to retrieve the value of an object defined in an agent.

– A manager to store a value in an object defined in an agent.

– An agent to send an alarm message about an abnormal situation to the manager.

SNMP PDUs
SNMPv3 defines eight types of protocol data
units (or PDUs):
1. GetRequest, 2. GetNext- Request,
3. GetBulkRequest, 4. SetRequest,
5. Response, 6. Trap,
7. InformRequest, and 8. Report

CS8591
 Simple Network Management Protocol (SNMP)
SNMP PDUs
• Get Request: Manager to agent request to retrieve the value of variable. Agent will
respond with requested variable with current stored value.
• SetRequest: Manager to agent request to change value of variable. Variable bindings
are defined in request. Agent will respond with new value.
• GetNextRequest: Manager to agent request to discover available variables and their
values. Agent will respond with value of next variable.
• GetBulkRequest: It request multiple iterations of GetNextRequest. Returns
the
response with multiple variable bindings in request.
• Response: Returns value as requested from agent to manager. It used as response to
set and get request.

CS8591
 Simple Network Management Protocol (SNMP)
SNMP PDUs
• Trap: It is an notification event, agent to manager which is not requested by manager.
Agent itself informing to manager.
• Inform request: It is manger to manger communication, one manager can send some
information to another manager using informRequest PDU receiving manger response
with Response PDU to manger confirming receipt of manager.

SNMP PDU Format

CS8591
 Simple Network Management Protocol (SNMP)
SNMP PDU Format
• PDU type: Defines the type of the PDU.

• Request ID: A sequence number used by the manager in a request PDU and repeated
by the agent in a response. It is used to match a request to a response.
• Error status: An integer that is used only in response PDUs to show the types of
errors reported by the agent. Its value is 0 in request PDUs.

CS8591
 Simple Network Management Protocol (SNMP)
SNMP PDU Format
• Non-repeaters: Used only in a GetBulkRequest PDU. It defines the number of non-
repeating (regular objects) at the start of the variable value list.
• Error index: The error index is an offset that tells the manager which variable caused
the error.
• Max-repetitions: Used only in a GetBulkRequest PDU. It defines the
maximum
number of iterations in the table to read all repeating objects.
• Variable-value pair list: A set of variables with the corresponding values the manager
wants to retrieve or set. The values are null in request PDUs.

CS8591
 Simple Network Management Protocol (SNMP)
UDP Ports
• SNMP uses the services of UDP on two well-known ports, 161 and 162.
• The well-known port 161 is used by the server (agent), and the well-known port 162 is
used by the client (manager).

Security
• SNMPv3 has added two new features like security and remote administration.
• Different aspects of security can be configured like message
authentication, confidentiality, and integrity.

CS8591