Computer Networks

(CT 702)
Sharad Kumar Ghimire
Department of Electronics and Computer Engineering
Pulchowk Campus
Institute of Engineering
Tribhuvan University
Nepal
Chapter 6

Application Layer

S. K. Ghimire
Chapter #6: Application Layer
Web: HTTP & HTTPS
File Transfer: FTP, PuTTY, WinSCP
Electronic Mail: SMTP, POP3, IMAP
DNS
P2P Applications
Socket Programming
Application server concept: proxy caching, Web/Mail/DNS server optimization
Concept of traffic analyzer: MRTG, PRTG, SNMP, Packet tracer, Wireshark
- S. K. Ghimire
Contents

Application Layer

Web: HTTP & HTTPS

File Transfer: FTP, PuTTY, WinSCP

Electronic Mail: SMTP, POP3, IMAP

DNS

- S. K. Ghimire
Application Layer
Application Layer
Closest to the end user

Applications enable users to send and receive data with ease

Interface between the applications and the underlying network

Protocols at this layer help to exchange data between programs running on the
source and destination hosts

TCP/IP application layer performs the functions defined at upper three layers of
the OSI model
Application Layer
Presentation and Session Layer
TCP/IP Application Layer Protocols
HTTP & HTTPS
Hypertext Transfer Protocol HTTP
A web address or URL is a reference to a web server

A URL allows a web browser to establish a connection to that web server

Basic part of URL http://cisco.com/index.html:

● http (the protocol or scheme)

● www.cisco.com (the server name)
● index.html (the specific filename requested)
Hypertext Transfer Protocol (HTTP)
Base protocol for World Wide Web for any hypertext client/server application

A protocol for efficiently transmitting information to make hypertext jumps

Can transfer text, audio, images, and Internet accessible information

Using DNS, the server name portion of the URL is translated to the corresponding
IP address before the server can be contacted
HTTP
Client/server protocol

Between Web browser (client) and Web server

Uses TCP connections

Each transaction treated independently

Each new TCP connection for each transaction

Terminate connection when transaction is completed

Hypertext Transfer Protocol Secure (HTTPS)

An extension of the Hypertext Transfer Protocol (HTTP), that is used for secure
communication over a computer network, and is widely used on the Internet

In HTTPS, the communication protocol is encrypted using Transport Layer

Security (TLS), or, formerly, its predecessor, Secure Sockets Layer (SSL)

The protocol is therefore also often referred to as HTTP over TLS, or HTTP over
SSL
Why HTTPS? HTTP + SSL ⇒ HTTPS
While clicking online shopping merchant the browser address bar says HTTPS
instead of HTTP

Is online banking or online payment system safe?

The information is safe, because the website we are working with has made sure
that no one can steal the information

Instead of HyperText Transfer Protocol (HTTP), this types of website use

HyperText Transfer Protocol Secure (HTTPS)

Some "code" is used on a Secure Sockets Layer (SSL), sometimes called

Transport Layer Security (TLS) to send the information back and forth
File Transfer
FTP, PuTTY, WinSCP
File Transfer Protocol (FTP)
A standard network protocol provided by TCP/IP for transfer of computer files from
one host to another on a computer network

Built on a client-server model architecture using separate control and data

connections between the client and the server

Users may authenticate themselves with a clear-text sign-in protocol, normally in

the form of a username and password, but can connect anonymously if the server
is configured to allow it

Establishes two connections between the hosts - one is for data transfer, the other
for control information (i.e., commands and responses)

Uses the services of TCP with ports 20 (data) & 21 (control)

Security for FTP
FTP protocol was designed when the security was not a big issue

FTP requires a password, the password is sent in plaintext (unencrypted), so it

can be intercepted and used by an attacker

The data transfer connection also transfers data in plaintext, which is insecure

To be secure, we can add a Secure Socket Layer between the FTP application
layer and the TCP layer and in this case the FTP is called SSL-FTP

For secure transmission that protects the username and password, and encrypts
the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File
Transfer Protocol (SFTP)
PuTTY
A free and open-source terminal emulator, serial console and network file transfer
application

Supports network protocols and network file transfer application including SCP,
SSH, Telnet, rlogin, serial console and so on

A multi-platform application capable of executing in most operating systems

Supports many variations on the secure remote terminal, and provides user
control over the SSH (Secure Shell) encryption key and protocol version

Originally written for Microsoft Windows, but it has been ported to various other
operating systems
WinSCP (Windows Secure Copy)
A free and open-source SFTP, FTP etc. client for Microsoft Windows for secure
file transfer between a local and a remote computer

WinSCP also offers basic file manager and file synchronization functionality

For secure transfers, it uses Secure Shell (SSH) and supports the SCP protocol in
addition to SFTP

Based on the implementation of the SSH protocol from PuTTY and FTP protocol

GUI like windows system, e.g. drag-and-drop, shortcut icons etc.

It has all common operations with files

Telnet
Protocol used on the network to provide interactive text-oriented communication
facility using a virtual terminal connection

User command and an underlying TCP/IP protocol for accessing remote

computers

An administrator or user can access computer remotely

HTTP and FTP protocols request specific files from remote computers, but not to
actually be logged on as a user of that computer but with Telnet, we can log on as
a regular user with whatever privileges may have been granted
Electronic Mail
SMTP, POP3, IMAP
Electronic Mail (E-mail)
Store-and-forward method of sending, storing, and
retrieving electronic messages

Messages are stored in mail servers

Email clients communicate with mail servers to send and

receive email

Mail servers communicate with other mail servers to

transport messages from one domain to another

Different protocols:
● SMTP (sending)
● POP (retrieving)
● IMAP (retrieving)
SMTP Operation
SMTP requires a message header and body

The body can contain any amount of text

The header must have a properly formatted recipient email address and a sender
address

An SMTP client sends an email by connecting to a SMTP server on port 25

The server receives the message and stores the message in a local mailbox or
relays the message to another mail server
SMTP Operation
Email clients are used to retrieve messages stored on the server

Protocols by email clients to retrieve messages

● IMAP and
● POP
POP Operation
Messages are downloaded from the server to the client

The server listens on port 110 TCP for client requests

Email clients direct their POP requests to mail servers on port TCP 110

The POP client and server exchange commands and responses until the
connection is closed or aborted

POP allows for email messages to be downloaded to the client’s device (computer
or phone) and removed from the server
POP Operation
No centralized location to store
messages after read

A downloaded message resides on

the device that triggered the
download
IMAP Operation
IMAP is another protocol used to retrieve email messages

Allows for messages to be displayed to the user rather than downloaded

The original messages reside on the server until manually deleted by the user

Users view copies of the messages via email client app

Users can create a folder hierarchy on the server to organize and store mail
IMAP Operation
DNS
DNS: The Internet Directory Service
Domain Name Service (DNS) provides mapping between host name & IP address

Defined in RFCs 1034 / 1035

Domain Names
32-bit unique IP address is provides to identify devices attached to the Internet

IP Address has two components: a network number, which identifies a network on

the Internet, and a host address, which identifies a unique host on that network

Domain refers to a group of hosts that are under the administrative control of a
single entity, such as a company or government agency

Domains are organized hierarchically, so that a given domain may consist of a

number of subordinate domains

Names are assigned to domains and reflect this hierarchical organization

At very top level, a small number of domains that encompass the entire Internet
Domain Names
DNS Database
DNS is based on a hierarchical database containing resource records (RRs)

RRs (resource records) include the name, IP address, and other information about
hosts
DNS Database
Provides name-to-address directory service for network applications that need to
locate specific servers, e.g. every time a Web page is accessed, there must be a
DNS name lookup to determine the IP address of the Web server

The key features:

● Variable-depth hierarchy for names: DNS allows essentially unlimited
levels and uses the period (.) as the level delimiter in printed names
● Distributed database: The database resides in DNS servers scattered
throughout the Internet and private intranets
● Distribution controlled by database: DNS database is divided into
thousands of separately managed zones, which are managed by separate
administrators. The database software controls distribution and update of
records
DNS Operation
DNS Operation
A user program requests an IP address for a domain name

A resolver module in the local host or local ISP formulates a query for a local
name server in the same domain as the resolver

The local name server checks to see if the name is in its local database or cache,
and, if so, returns the IP address to the requestor; otherwise, the name server
queries other available name servers, starting down from the root of the DNS tree
or as high up the tree as possible

When a response is received at the local name server, it stores the name/address
mapping in its local cache and may maintain this entry for the amount of time
specified in the time to live field of the retrieved RR
DNS Hierarchy
The DNS protocol uses a hierarchical system, with the root at the top and
branches below. The naming structure is broken down into small, manageable
zones

DNS database is distributed hierarchically

● May extend as deep as needed

DNS name servers scattered throughout the Internet

Any organization owning a domain can run name servers

Each server manages authoritative name data for a zone

DNS Server Hierarchy
Each DNS server is only responsible for managing name-to-IP mappings for that
small portion of the DNS structure

Requests for zone not stored in a specific DNS server are forwarded to other
servers for translation

Top-level domains represent either the type of domain or the country of origin,
examples of top-level domains are:
● .com - a business or industry
● .org - a non-profit organization
● .au - Australia

13 root name servers at top of hierarchy share responsibility for top level zones
DNS Hierarchy
List of Root Servers
Name Resolution
Query begins with name resolver on host

Knows name/address of local DNS server

Given a name request, the resolver can:

● Return name from cache if already known

● Send DNS query to local server which may return answer, or query other
servers

Recursive technique - server queries other servers for resolver

Iterative technique - resolver queries servers in turn as needed

Recursive Resolution
If queried DNS server is not able to
perform mapping itself, it forwards
request to another server, waits for
response, and sends response back

Puts burden of name resolution on

contacted name server

Heavy load at upper levels of hierarchy?

Not all DNS servers support recursion,

especially ones near the top of the
hierarchy
Iterative Resolution
If queried DNS server is not able to perform
mapping it sends back IP address of other
DNS server that it thinks can resolve query

Process is called ‘iterative’ since client

repeats same request to multiple servers

Contacted server replies with name of server

to contact

The concept used in iterative resolution is: “I

don’t know this name, but ask with this server”
Iteration vs. Recursion
“do job yourself” vs. “pass the buck”

Not all name servers support recursion, especially critical servers near the top of
the hierarchy

On the other hand, recursion is often supported by local DNS

DNS Registration
Registrar – commercial entity that verifies uniqueness of a newly proposed
domain name, enters the name into DNS database, and can collect small fee for
this service

Registrar must also be provided with the names and IP addresses of authoritative
DNS servers in the new domain to make web-pages and e-mails in the new
domain ‘visible’ from outside

ICANN accredits registrars – complete list can be found at:

http://www.icann.org/registrars/accredited-list.html