UNIT – I

APPLICATION LAYER

1
INTRODUCTION
The application layer is the highest layer in the protocol
suite.

The application layer provides services to the user.

Communication is provided using a logical connection,

which means that the two application layers assume that
there is an imaginary direct connection through which
they can send and receive messages.

The application layer is the only layer that provides

services to the Internet user

The application layer exchange messages with their

peers on other machines
Types of Application Protocols:
2
Standard and Nonstandard Protocols
3
4
 Standard Application-
Layer Protocols

 There are several application-layer protocols

that have been standardized and documented

by the Internet authority.

 Each standard protocol is a pair of computer

programs that interact with the user and the

transport layer to provide a specific service to
the user.
5
Two very widely-used standardized application
protocols:

SMTP : Simple Mail Transfer Protocol is used

to exchange electronic mail.

HTTP : Hyper Text Transport Protocol is used

to communicate between Web browsers and

Web servers.

6
Nonstandard
Application-Layer
Protocols
A programmer can create a
nonstandard application-layer program
if they can write two programs that
provide service to the user by
interacting with the transport layer.

7
APPLICATION-LAYER
PARADIGMS
Two paradigms have been developed
for Application Layer

1. Traditional Paradigm : Client-

Server

2. New Paradigm : Peer-to-Peer

8
Client-Server Paradigm
 The traditional paradigm is called the client-server
paradigm.
 It was the most popular Paradigm.
 In this paradigm, the service provider is an
application program, called the server process; it runs
continuously, waiting for another application program,
called the client process, to make a connection
through the Internet and ask for service.
 The server process must be running all the time; the
client process is started when the client needs to
receive service.
 There are normally some server processes that can
provide a specific type of service, but there are many
clients that request service from any of these server
processes.

9
Client-Server Paradigm

10
Peer-to-Peer(P2P)
Paradigm
 A new paradigm, called the peer-to-peer paradigm
has emerged to respond to the needs of some new
applications.
 In this paradigm, there is no need for a server process
to be running all the time and waiting for the client
processes to connect.
 The responsibility is shared between peers.
 A computer connected to the Internet can provide
service at one time and receive service at another time.
 A computer can even provide and receive services at
the same time.

11
Peer-to-Peer(P2P)
Paradigm

12
Mixed Paradigm
 An application may choose to use a mixture of the two
paradigms by combining the advantages of both.
 For example, a light-load client-server communication
can be used to find the address of the peer that can
offer a service.
 When the address of the peer is found, the actual
service can be received from the peer by using the
peer-to-peer paradigm.

13
WWW (WORLD WIDE
WEB)
 WWW is a distributed client/server service, in which a
client (Browsers such as IE, Firefox, etc.) can access
services at a server (Web server such as IIS, Apache).
 The service provided is distributed over many
locations called sites.
 WWW was constructed originally by a small group of
people led by Tim Berners Lee at CERN, in 1989 and
in 1991 this was released to the world.
 A new protocol for the Internet and a system of
document access to use it was proposed and named
as WWW.

14
WWW (WORLD WIDE
WEB)

15
 This system allows document search and retrieval
from any part of the Internet.
 The documents were having Hypertext as the
content
 The units of information on the web can be referred
to as pages, documents or resources.
 A document can contain text, images, sound and
video, together called Hypermedia.
 Web is a vast collection of data, information, software
and protocols , spread across the world in web
servers, which are accessed by client machines by
browsers through the Internet.

16
 COMPONENTS OF THE
WEB

 Structural Components

1. Web Clients/Browsers
2. Web Servers
3. Web Caches
4. Internet
 Semantic Components

1. Hyper Text Transfer Protocol (HTTP)

2. Hyper Text Markup Language (HTML)
3. eXtensible Markup Language (XML)
4. Uniform Resource Identifier (URI)

17
COMPONENTS OF THE
WEB
 Clients use browser application to send URL’s via
HTTP to servers requesting a Web page.
 Web pages constructed using HTML /XML and consist
of text, graphics, sounds plus embedded files Servers
(or caches) respond with requested Web page.
 Client’s browser renders Web page returned by
server
 Web Page is written using Hyper Text Markup
Language (HTML)
 Displays text, graphics and sound in browser
 The entire system runs over standard networking
protocols (TCP/IP, DNS)

18
WEB CLIENTS
(BROWSERS)
 A browser is a software on the client on the web
which initiates the communication with the server.
 Each browser usually consists of three parts:
 a controller,
 client protocols, and
 interpreters.
 The controller receives input from the keyboard or
the mouse and uses the client programs to access the
document.
 After the document has been accessed, the controller
uses one of the interpreters to display the document
on the screen.
 Examples are Internet Explorer, Mozilla FireFox,
Netscape Navigator, Safari etc.

19
WEB CLIENTS
(BROWSERS)

20
WEB SERVERS
 All the communication between the web
client and a web server use the standard
protocol called as HTTP.
 Web server informs its operating system to
accept incoming network connections using
a specific port on the machine.
 The server also runs as a background
process.
 A client (browser) opens a connection to the
server, sends a request, receives information
from server and closes the connection.

21
WEB SERVERS
 Web server monitors a communications port
on its host machine, accepts the http
commands through it and performs specified
operations.
 HTTP commands include a URL specifying the
host machine.
 The URL received is translated into either a
filename or a program name, accordingly the
requested file or the output of the program
execution is sent back to the browser.

22
PROXY SERVER

23
PROXY SERVER
 Incoming responses are sent to the proxy
server and stored for future requests from
other clients.
 The proxy server reduces the load on the
original server, decreases traffic, and improves
latency.
 However, to use the proxy server, the client
must be configured to access the proxy
instead of the target server.
 The proxy server acts as both server and
client.
 When it receives a request from a client for
which it has a response, it acts as a server and
sends the response to the client.
24
PROXY SERVER
 When it receives a request from a client for
which it does not have a response, it first acts
as a client and sends a request to the target
server.
 When the response has been received, it acts
again as a server and sends the response to
the client.

25
WEB DOCUMENTS
 The documents in the WWW can be grouped into three
broad categories:
 Static,
 Dynamic and
 Active.

26
Static Documents
 Static documents are fixed-content documents that are
created and stored in a server.
 The client can get a copy of the document only.
 In other words, the contents of the file are determined
when the file is created, not when it is used.
 Of course, the contents in the server can be changed,
but the user cannot change them.
 When a client accesses the document, a copy of the
document is sent.
 The user can then use a browser to see the document.
 Static documents are prepared using one of several
languages:
1. HyperText Markup Language (HTML)
2. Extensible Markup Language (XML)
3. Extensible Style Language (XSL)
4. Extensible Hypertext Markup Language (XHTML).

27
Dynamic Documents
 A dynamic document is created by a web
server whenever a browser requests the
document.
 When a request arrives, the web server runs
an application program or a script that
creates the dynamic document.
 The server returns the result of the program
or script as a response to the browser that
requested the document.

28
Dynamic Documents
 Because a fresh document is created for each
request, the contents of a dynamic document
may vary from one request to another.
 A very simple example of a dynamic document
is the retrieval of the time and date from a
server.
 Time and date are kinds of information that are
dynamic in that they change from moment to
moment.
 Dynamic documents can be retrieved using one
of several scripting languages:
1. Common Gateway Interface (CGI)
2. Java Server Pages (JSP)
3. Active Server Pages (ASP)
4. ColdFusion 29
 Active Documents

 For many applications, we need a program

or a script to be run at the client site.
 These are called active documents.
 For example, suppose we want to run a
program that creates animated graphics on
the screen or a program that interacts with
the user.
 The program definitely needs to be run at
the client site where the animation or
interaction takes place.
30
Active Documents
 When a browser requests an active document, the
server sends a copy of the document or a script.
 The document is then run at the client (browser) site.
 Active documents can be created using one of several
languages:
1. Java Applet – A program written in Java on the server.
It is compiled and ready to be run. The document is in
bytecode format.
2. Java Script - Download and run the script at the client
site.

31
 Uniform Resource Locator (URL), uniquely
identify resources on the Internet
 URL provides information about its location on
the Web
 When a user enters URL, browser forms a
request message and sends it to the server.
 Web server retrieves the requested URL and
sends back a response message.
 Web browser renders the response in HTML or
appropriate format.
 Format : http://www.domain_name/filename
 Example : http://www.cs.hello.org/index.html

32
The URL defines four parts –
 Method,
 Host computer,
 Port, and
 Path.

33
 Method: The method is the protocol used to
retrieve the document from a server. For
example, HTTP.
 Host: The host is the computer where the
information is stored, and the computer is
given an alias name. Web pages are mainly
stored in the computers and the computers
are given an alias name that begins with the
characters "www". This field is not mandatory.
 Port: The URL can also contain the port
number of the server, but it's an optional
field. If the port number is included, then it
must come between the host and path and it
should be separated from the host by a colon.
 Path: Path is the pathname of the file where
the information is stored. The path itself
contain slashes that separate the directories
from the subdirectories and files.
34
 URI is a string that identifies resources such
as document, image, service, etc.
 It is of the form scheme:scheme-specific
 Scheme identifies a resource type, such as
mailto for mail address, file for file name, etc.
and scheme-specific is a resource identifier.
 Example is mailto: [email protected]
 URI identifies a resource, whereas URL is
used to locate a resource.

35
 The Hyper Text Transfer Protocol (HTTP)
is used to define how the client server
 programs can be written to retrieve web
pages from the Web.
 It is a protocol used to access the data on
the World Wide Web (WWW).
 The HTTP protocol can be used to
transfer the data in the form of plain text,
hypertext, audio, video, and so on.
 HTTP is a stateless request/response
protocol that governs client/server
communication.

36
 An HTTP client sends a request; an HTTP
server returns a response.
 The server uses the port number 80; the
client uses a temporary port number.
 HTTP uses the services of TCP , a
connection-oriented and reliable protocol.
 HTTP is a text-oriented protocol. It
contains embedded URL known as links.
 When hypertext is clicked, browser opens
a new connection, retrieves file from the
server and displays the file.

37
 Each HTTP message has the general form
START_LINE <CRLF>
MESSAGE_HEADER <CRLF>

<CRLF> MESSAGE_BODY <CRLF>

 where <CRLF> stands for

carriage-return-line-feed.

38
 Connectionless protocol
 Media independent
 Stateless

39
 The HTTP protocol defines the format of
the request and response messages.

40
 Request Message: The request message is sent by the
client that consists of a request line, headers, and
sometimes a body.
 Response Message: The response message is sent by
the server to the client that consists of a status line,
headers, and sometimes a body.

41
42
43
44
 The body can be present in a request message. It is
optional.
 Usually, it contains the comment to be sent or the file to
be published on the website when the method is PUT or
POST.

45
 A client can add a condition in its
request.
 In this case, the server will send the
requested web page if the condition is
met or inform the client otherwise.
 One of the most common conditions
imposed by the client is the time and
date the web page is modified.
 The client can send the header line If-
Modified-Since with the request to tell
the server that it needs the page only if
it is modified after a certain point in
time.
46
47
48
49
 HTTP Clients and Servers exchange multiple
messages over the same TCP connection.
 If some of the objects are located on the
same server, we have two choices: to
retrieve each object using a new TCP
connection or to make a TCP connection and
retrieve them all.
 The first method is referred to as a non-
persistent connection, the second as a
persistent connection.
 HTTP 1.0 uses non-persistent connections
and HTTP 1.1 uses persistent connections .

50
51
52
53
54
 A cookie consists of the following components:

1. Name
2. Value
3. Zero or more attributes (name/value pairs).
Attributes store information such as the cookie's
expiration, domain, and flags

55
 The creation and storing of cookies depend on
the implementation; however, the principle is
the same.
 1. When a server receives a request from a
client, it stores information about the client in a
file or a string. The information may include the
domain name of the client, the contents of the
cookie (information the server has gathered
about the client such as name, registration
number, and so on), a timestamp, and other
information depending on the implementation.
 2. The server includes the cookie in the response
that it sends to the client.
 3. When the client receives the response, the
browser stores the cookie in the cookie
directory, which is sorted by the server domain
56
name.
 When a client sends a request to a server,
the browser looks in the cookie directory to
see if it can find a cookie sent by that
server.
 If found, the cookie is included in the
request.
 When the server receives the request, it
knows that this is an old client, not a new
one.
 The contents of the cookie are never read
by the browser or disclosed to the user. It is
a cookie made by the server and eaten by
the server.
57
1.Authentication cookies
2.Tracking cookies
3.Session cookie
4.Persistent cookie

58
59
 HTTP does not provide security.
 However HTTP can be run over the
Secure Socket Layer (SSL).
 In this case, HTTP is referred to as
HTTPS.
 HTTPS provides confidentiality, client
and server authentication, and data
integrity.

60
 FTP stands for File transfer protocol.
 FTP is a standard internet protocol provided by
TCP/IP used for transmitting the files from one
host to another.
 It is mainly used for transferring the web page
files from their creator to the computer that acts
as a server for other computers on the internet.
 It is also used for downloading the files to
computer from other servers.
 Although we can transfer files using HTTP, FTP is
a better choice to transfer large files or to transfer
files using different formats.
61
 It provides the sharing of files.
 It is used to encourage the use of remote computers.
 It transfers the data more reliably and efficiently.

62
63
 The above figure shows the basic model of the FTP.
 The FTP client has three components: user interface,
control process, and data transfer process.
 The server has two components: server control process
and server data transfer process.

64
65
66
 The control connection uses very
simple rules for communication.
 Through control connection, we can
transfer a line of command or line of
response at a time.
 The control connection is made
between the control processes.
 The control connection remains
connected during the entire interactive
FTP session.

67
 The Data Connection uses very complex rules as data
types may vary.
 The data connection is made between data transfer
processes.
 The data connection opens when a command comes for
transferring the files and closes when the file is
transferred.

68
 FTP Communication is achieved through
commands and responses.
 FTP Commands are sent from the client
to the server
 FTP responses are sent from the server
to the client.
 FTP Commands are in the form of ASCII
uppercase, which may or may not be
followed by an argument.
69
70
71
 FTP can transfer one of the following file types across the
data connection:
ASCII file, EBCDIC file, or image file.

72
 FTP can transfer a file across the data
connection using one of the following data
structure : file structure, record structure, or
page structure.
 The file structure format is the default one
and has no structure. It is a continuous
stream of bytes.
 In the record structure, the file is divided into
records. This can be used only with text files.
 In the page structure, the file is divided into
pages, with each page having a page number
and a page header. The pages can be stored
and accessed randomly or sequentially.

73
 FTP can transfer a file across the data
connection using one of the following
three transmission modes: stream mode,
block mode, or compressed mode.
 The stream mode is the default mode;
data are delivered from FTP to TCP as a
continuous stream of bytes.
 In the block mode, data can be delivered
from FTP to TCP in blocks.
 In the compressed mode, data can be
compressed and delivered from FTP to
TCP. 74
 File transfer occurs over the data
connection under the control of the
commands sent over the control
connection.
 File transfer in FTP means one of three
things:
o retrieving a file (server to client)
o storing a file (client to server)
o directory listing (server to client).

75
 FTP requires a password, the password is
sent in plaintext which is unencrypted. This
means it can be intercepted and used by an
attacker.
 The data transfer connection also transfers
data in plaintext, which is insecure.
 To be secure, one can add a Secure Socket
Layer between the FTP application layer and
the TCP layer.
 In this case FTP is called SSL-FTP.
76
 One of the most popular Internet services is
electronic mail (E-mail).
 Email is one of the oldest network
applications.
 The three main components of an
Email are
1. User Agent (UA)
2. Message Transfer Agent (MTA) – SMTP
3. Message Access Agent (MAA) - IMAP , POP
77
78
 When the sender and the receiver of an
e-mail are on the same system, we need
only two User Agents and no Message
Transfer Agent
 When the sender and the receiver of an
e-mail are on different system, we need
two UA, two pairs of MTA (client and
server), and two MAA (client and server).

79
80
 When Alice needs to send a message to Bob,
she runs a UA program to prepare the
message and send it to her mail server.
 The mail server at her site uses a queue
(spool) to store messages waiting to be sent.
The message, however, needs to be sent
through the Internet from Alice’s site to Bob’s
site using an MTA.
 Here two message transfer agents are
needed: one client and one server.
 The server needs to run all the time because
it does not know when a client will ask for a
connection.

81
 The client can be triggered by the system
when there is a message in the queue to be
sent.
 The user agent at the Bob site allows Bob to
read the received message.
 Bob later uses an MAA client to retrieve the
message from an MAA server running on the
second server.

82
83
84
85
 Email message consists of two parts namely
header and body.
 Each header line contains type and value
separated by a colon (:).
 Some header contents are:

o From: identifier sender of the message.

o To: mail address of the recipient(s).
o Subject: says about purpose of the message.
o Date: timestamp of when the message was
transmitted.
 Header is separated from the body by a blank
line.
 Body contains the actual message.
86
87
 SMTP is the standard protocol for
transferring mail between hosts in the
TCP/IP protocol suite.
 SMTP is not concerned with the format or
content of messages themselves.
 SMTP uses information written on the
envelope of the mail (message header),
but does not look at the contents
(message body) of the envelope.
88
89
90
91
92
 The operation of SMTP consists of a series of
commands and responses exchanged
between the SMTP sender and SMTP receiver.
 The initiative is with the SMTP sender, who
establishes the TCP connection.
 Once the connection is established, the SMTP
sender sends commands over the connection
to the receiver.
 The command is from an MTA client to an
MTA server; the response is from an MTA
server to the MTA client.

93
94
95
 Basic SMTP operation occurs in three phases:

1. Connection Setup
2. Mail Transfer
3. Connection Termination

96
97
98
99
100
 SMTP provides a basic email service, while
MIME adds multimedia capability to SMTP.
 MIME is an extension to SMTP and is used to
overcome the problems and limitations of
SMTP.
 Email system was designed to send messages
only in ASCII format.
 Languages such as French, Chinese, etc., are
not supported.
 Image, audio and video files cannot be sent.
101
 MIME adds the following features to
email service:
 Be able to send multiple attachments with a
single message;
 Unlimited message length;
 Use of character sets other than ASCII code;
 Use of rich text (layouts, fonts, colors, etc)
 Binary attachments (executables, images,
audio or video files, etc.), which may be
divided if needed.

102
 MIME is a protocol that converts non-ASCII data
to 7-bit NVT(Network Virtual Terminal) ASCII
and vice-versa.

103
 Using headers, MIME describes the type
of message content and the encoding
used.
 Headers defined in MIME are:
 MIME-Version- current version, i.e., 1.1
 Content-Type - message type (text/html,
image/jpeg, application/ pdf)
 Content-Transfer-Encoding - message
encoding scheme (eg base64).
 Content-Id - unique identifier for the
message.
 Content-Description - describes type of
the
message body.
104
105
106
107
108
109
110
 In other words, it permits a "client" email
program to access remote message stores as if
they were local.
 For example, email stored on an IMAP server
can be manipulated from a desktop computer
at home, a workstation at the office, and a
notebook computer while travelling, without the
need to transfer messages or files back and
forth between these computers.

111
 IMAP can support email serving in three modes:

 Offline
 Online
 Users may connect to the server, look at what
email is available, and access it online.
 This looks to the user very much like having
local spool files, but they’re on the mail server.

112
 A mail client connects to the server, can
make a “cache” copy of selected
messages, and disconnects from the
server.
 The user can then work on the messages
offline, and connect to the server later
and resynchronize the server status with
the cache.

113
114
 The mail transfer begins with the client authenticating
the user and identifying the mailbox they want to
access.
Client Commands
 LOGIN, AUTHENTICATE, SELECT, EXAMINE, CLOSE, and
LOGOUT
Server Responses
 OK, NO (no permission), BAD (incorrect command),
 When user wishes to FETCH a message, server
responds in MIME format.
 Message attributes such as size are also exchanged.
 Flags are used by client to report user actions.
 SEEN, ANSWERED, DELETED, RECENT

115
 The latest version is IMAP4. IMAP4 is
more powerful and more complex.
 IMAP4 provides the following extra
functions:
 A user can check the e-mail header prior to
downloading.
 A user can search the contents of the e-mail
for a specific string of characters prior to
downloading.
 A user can partially download e-mail. This is
especially useful if bandwidth is limited and
the e-mail contains multimedia with high
bandwidth requirements.
 A user can create, delete, or rename
mailboxes on the mail server.
 A user can create a hierarchy of mailboxes
in a folder for e-mail storage. 116
117
 With IMAP, the primary storage is on the server, not on the local
machine.
 Email being put away for storage can be foldered on local disk, or
can be foldered on the IMAP server.
 The protocol allows full user of remote folders, including a remote
folder hierarchy and multiple inboxes.
 It keeps track of explicit status of messages, and allows for user-
defined status.
 Supports new mail notification explicitly.
 Extensible for non-email data, like netnews, document storage, etc.
 Selective fetching of individual MIME body parts.
 Server-based search to minimize data transfer.
 Servers may have extensions that can be negotiated.

118
119
120
121
 POP3 client is installed on the recipient computer
and POP server on the mail server.
 Client opens a connection to the server using TCP
on port 110.
 Client sends username and password to access
mailbox and to retrieve messages.

122
 POP commands are generally abbreviated into
codes of three or four letters
 The following describes some of the POP
commands:
1. UID - This command opens the connection
2. STAT - It is used to display number of
messages currently in the mailbox
3. LIST - It is used to get the summary of
messages
4. RETR -This command helps to select a
mailbox to access the messages
5. DELE - It is used to delete a message
6. RSET - It is used to reset the session to its
initial state
7. QUIT - It is used to log off the session 123
124
125
 IMAP is more powerful and more complex
than POP.
 User can check the e-mail header prior to
downloading.
 User can search e-mail for a specific string
of characters prior to downloading.
 User can download partially, very useful in
case of limited bandwidth.
 User can create, delete, or rename
mailboxes on the mail server.
126
127
 Local Login

128
129
 TELNET lets the client and server negotiate options
before or during the use of the service.
 Options are extra features available to a user with a more
sophisticated terminal.
 Users with simpler terminals can use default features.

130
131
132
133
 NVT uses two sets of characters, one for data
and one for control.
 For data, NVT normally uses what is called NVT
ASCII. This is an 8-bit character set in which the
seven lowest order bits are the same as ASCII
and the highest order bit is 0.
 To send control characters between
computers , NVT uses an 8-bit character set in
which the highest order bit is set to 1.

134
 Secure Shell (SSH) is a secure
application program that can be used
today for several purposes such as remote
logging and file transfer, it was originally
designed to replace TELNET.
 There are two versions of SSH:
 SSH-1 and SSH-2, which are totally
incompatible.
 The first version, SSH-1, is now
deprecated because of security flaws in it.
135
 SSH is an application-layer protocol with three
components:
1. SSH Transport-Layer Protocol (SSH-TRANS)
2. SSH Authentication Protocol (SSH-AUTH)
3. SSH Connection Protocol (SSH-CONN)

136
137
 SSH first uses a protocol that creates a
secured channel on top of the TCP.
 This new layer is an independent protocol
referred to as SSH-TRANS.
 When the procedure implementing this
protocol is called, the client and server first
use the TCP protocol to establish an
insecure connection.
 Then they exchange several security
parameters to establish a secure channel on
top of the TCP.
138
 1. Privacy or confidentiality of the message
exchanged
 2. Data integrity, which means that it is
guaranteed that the messages exchanged
between the client and server are not changed
by an intruder
 3. Server authentication, which means that the
client is now sure that the server is the one that
it claims to be
 4. Compression of the messages, which
improves the efficiency of the system and
makes attack more difficult

139
 After a secure channel is established between the
client and the server and the server is authenticated
for the client.
 SSH can call another procedure that can
authenticate the client for the server.
 This layer defines a number of authentication tools
similar to the ones used in SSL.
 Authentication starts with the client, which sends a
request message to the server.
 The request includes the user name, server name,
the method of authentication, and the required data.
 The server responds with either a success message,
which confirms that the client is authenticated, or a
failed message, which means that the process needs
to be repeated with a new request message.
140
 After the secured channel is established and both
server and client are authenticated for each other,
SSH can call a piece of software that implements
the third protocol, SSHCONN.
 One of the services provided by the SSH-CONN
protocol is multiplexing.
 SSH-CONN takes the secure channel established by
the two previous protocols and lets the client create
multiple logical channels over it.
 Each channel can be used for a different purpose,
such as remote logging, file transfer, and so on.

141
 SSH is a general-purpose protocol that provides a
secure connection between a client and server.
SSH for Remote Logging
 Several free and commercial applications use
SSH for remote logging.
 Among them, we can mention PuTTy, by Simon
Tatham, which is a client SSH program that can
be used for remote logging.
 Another application program is Tectia, which can
be used on several platforms.

142
 One of the application programs that is built on
top of SSH for file transfer is the Secure File
Transfer Program (sftp).
 The sftp application program uses one of the
channels provided by the SSH to transfer files.
 Another common application is called Secure
Copy (scp).
 This application uses the same format as the
UNIX copy command, cp, to copy files.

143
 One of the interesting services provided by
the SSH protocol is port forwarding.
 We can use the secured channels available in
SSH to access an application program that
does not provide security services.
 Applications such as TELNET and Simple Mail
Transfer Protocol (SMTP),can use the services
of the SSH port forwarding mechanism.
 The SSH port forwarding mechanism creates a
tunnel through which the messages belonging
to other protocols can travel.
 For this reason, this mechanism is sometimes
referred to as SSH tunneling.

144
 The length field defines the length of the packet but does
not include the padding.
 The Padding field is added to the packet to make the
attack on the security provision more difficult.
 The type field designates the type of the packet used in
different SSH protocols.
 The data field is the data transferred by the packet in
different protocols.
 The CRC field is used for error detection.

145
146
 The FTP client can use the SSH client on
the local site to make a secure
connection with the SSH server on the
remote site.
 Any request from the FTP client to the
FTP server is carried through the tunnel
provided by the SSH client and server.
 Any response from the FTP server to the
FTP client is also carried through the
tunnel provided by the SSH client and
server.
147
 Domain Name System was designed in 1984.
 DNS is used for name-to-address mapping.
 The DNS provides the protocol which allows
clients and servers to communicate with each
other.
 Eg: Host name like www.yahoo.com is translated
into numerical IP addresses like 207.174.77.131
 Domain Name System (DNS) is a distributed
database used by TCP/IP applications to map
between hostnames and IP addresses and to
provide electronic mail routing information.
 Each site maintains its own database of
information and runs a server program that other
systems across the Internet can query.
148
149
1. The user passes the host name to the file
transfer client.
2. The file transfer client passes the host name
to the DNS client.
3. Each computer, after being booted, knows
the address of one DNS server. The DNS client
sends a message to a DNS server with a query
that gives the file transfer server name using
the known IP address of the DNS server.
4. The DNS server responds with the IP address
of the desired file transfer server.
5. The DNS server passes the IP address to the
file transfer client.
6. The file transfer client now uses the received
IP address to access the file transfer server.
150
 To be unambiguous, the names assigned to
machines must be carefully selected from a
name space with complete control over the
binding between the names and IP address.
 The names must be unique because the
addresses are unique.
 A name space that maps each address to a
unique name can be organized in two ways: flat
(or) hierarchical.

151
 In a flat name space, a name is assigned to an address.
 A name in this space is a sequence of characters without
structure.
 The main disadvantage of a flat name space is that it
cannot be used in a large system such as Internet
because it must be centrally controlled to avoid
ambiguity and duplication.

152
153
154
 Each node in the tree has a label called as domain
name.
 A full domain name is a sequence of labels
separated by dots (.)
 The domain names are always read from the node
up to the root.
 The last label is the label of the root (null).
 This means that a full domain name always ends
in a null label, which means the last character is a
dot because the null string is nothing.
 If a label is terminated by a null string, it is called
a fully qualified domain name (FQDN).
 If a label is not terminated by a null string, it is
called a partially qualified domain name
(PQDN).

155
156
157
 DNS is a protocol that can be used in different platforms.
 In the Internet, the domain name space (tree) is divided
into three different sections
 Generic domains,
 Country domains, and
 Inverse domain.

158
159
 The country domains section follows the
same format as the generic domains but
uses two characters for country
abbreviations
 E.g.; in for India, us for United States
etc) in place of the three character
organizational abbreviation at the first
level.
 Second level labels can be organizational,
or they can be more specific, national
designation.
 India for example, uses state abbreviations
as a subdivision of the country domain us.
(e.g., ca.in.)
160
 Mapping an address to a name is called Inverse domain.
 The client can send an IP address to a server to be
mapped to a domain name and it is called PTR(Pointer)
query.
 To answer queries of this kind, DNS uses the inverse
domain

161
162
163
164
 The zone information associated with a server is
implemented as a set of resource records.
 In other words, a name server stores a database of
resource records.
 A resource record is a 5-tuple structure :

(Domain Name, Type, Class, TTL, Value)

 The domain name identifies the resource record.
 The type defines how the value should be
interpreted.
 The value defines the information kept about the
domain name.
 The TTL defines the number of seconds for which
the information is valid.
 The class defines the type of network
165
 DNS has two types of messages: query
and response.
 Both types have the same format.
 The query message consists of a header
and question section.
 The response message consists of a
header, question section, answer
section, authoritative section, and
additional section.
166
167
 DNS can use either UDP or TCP.
 In both cases the well-known port used by
the server is port 53.
 UDP is used when the size of the response
message is less than 512 bytes because
most UDP packages have a 512-byte
packet size limit.
 If the size of the response message is
more than 512 bytes, a TCP connection is
used.
168
169
 DNS is one of the most important systems in
the Internet infrastructure; it provides crucial
services to Internet users.
 Applications such as Web access or e-mail are
heavily dependent on the proper operation of
DNS.
 DNS can be attacked in several ways including:
Attack on Confidentiality
Attack on authentication and integrity
Attack on denial-of-service

170
171
 Management of the internet is achieved
through simple interaction between a manager
and agent.
 Management is achieved through the use of
two protocols:
o Structure of Management Information (SMI)
o Management Information Base (MIB).

172
 To use SNMP, we need rules for naming objects.
 SMI is a protocol that defines these rules.
 SMI is a guideline for SNMP
 It emphasizes three attributes to handle an
object: name, data type, and encoding method.
 Its functions are:
 To name objects.
 To define the type of data that can be stored in an
object.
 To show how to encode data for transmission over the
network.
173
174
175
THANK YOU

176