Home All topics The internet Application layer protocols

Application layer protocols

The internet protocols that most of you will encounter are those at the application layer. These
are used by the applications you use every day, such as sending email, online banking, or
checking an account on social media.

Each application that uses internet services makes use of the TCP/IP stack. At the application
layer are specific protocols that package requests for services into the correct format and pass
them to the transport layer, ready to start their journey.
Hypertext Transfer Protocol (HTTP)

Tim Berners-Lee, a British scientist, is credited with inventing the World Wide Web
(WWW) in 1989. While working at CERN, and frustrated with his inability to find research
papers, Berners-Lee devised a system of linked pages (hypertext) and implemented the
first successful communication over the internet between a HTTP client and a HTTP
server. In 1990, he wrote the world's first web browser, which became publicly available in
1991. Today, the World Wide Web is the most used service on the internet.

Hypertext Markup Language (HTML) is used to 'mark up' web pages. This means
surrounding content in tags are used by your web browser to display the page. In the
early days, web pages had static content and users just looked at the pages, there was
very little opportunity for interaction. In the present day, web content is dynamic and
pages are highly personalised and targetted to individual users. As well as web pages,
there are links to huge volumes of other resources such as images, videos, and sound
files. Web pages now use CSS for sophisticated layout and styling. HTML standards and
HTTP have evolved to support this growth.

HTTP runs on a client–server architecture; the web browser on your device is called the
'client', it requests web pages and linked resources from the web server. The client can
also send limited data back to the web server as the user interacts with the web page.
This communication between clients and servers is achieved through requests and
responses:

The server waits and listens for requests (most run 24/7)
The client sends an HTTP request for a web page to the server
The server receives the request
The server sends an HTTP response which encapsulates the requested page
The client receives the response and displays the web page in the web browser

For dynamic (non-static) pages, there are extra steps before the page is returned. A
database may be accessed for up-to-date images and prices for an online shopping site.
Your profile may be accessed for more personalised content. Processing can also happen
on the client-side. The HTML document served back to the client may itself contain
dynamic elements which are 'executed' in the client browser, depending on attributes on
the client device.

A web page may also contain a whole series of other resources which are referenced
from the HTML document, such as videos and images. As the browser starts to render
the page, it requests each of these resources separately.

HTTP uses a variety of message types. Here are some examples:

GET: This requests a resource from the server, for example, a web page
HEAD: This requests just the header of the data (its metadata) from the server
POST: Sends data to the server from a web form
PUT: Sends data to the server to be uploaded as a resource, for example,
uploading a photo
DELETE: Tells the server to delete a resource, for example, deleting a photo

HTTPS
HTTP is not secure. If the messages sent between the client and the server are
intercepted, an interceptor would be able to see all the details of the transactions. Hence
HTTP is gradually being replaced with HTTP Secure (HTTPS) for the majority of websites
and certainly all those sites which may ask you for personal information, such as your
email address or your bank details. It is only through HTTPS that e-commerce has
flourished.
HTTPS encrypts the data exchanged between client and server. It works by providing a
digital certificate containing a public encryption key. The authenticity of the certificate is
checked automatically in your browser through a number of root certificates administered
by certification authorities. Your browser uses the public encryption key to encrypt the
data and it is only the authorised server that has the corresponding private key to decrypt
it. Once a secure link is established using these public/private keys, other encryption
systems can be negotiated to handle the bulk of the transfer.
File Transfer Protocol (FTP)

File Transfer Protocol (FTP), as the name suggests, is used to moves files between two
devices. Before the days of the World Wide Web, FTP was the predominant protocol used
to share information. It is still widely used today by developers who want to manage files
on remote servers. Do not confuse file transfers using FTP with files transferred by
uploading them to a website, i.e. uploading a photograph to Instagram. This type of file
transfer via a website interface is accomplished using the Hypertext Transfer Protocol.

FTP is client–server application. One device (the client) runs FTP client software and is
responsible for the initiation of all connections. Another device runs the FTP server and
has access to disk space to store the files.

Once logged in, the user can use the FTP client software to access directories on the FTP
server and request a list of files in the directory. The user can then choose to download or
upload a file. Some FTP sites are publically available; this is called anonymous FTP.

Examples where FTP might be used:

To create web pages on your own computer and then upload the files to the web
server
To download a piece of software
To download a music file
To upload video clips to be embedded in a web page

Traditionally, access to FTP was via the command line. However, now there are many
GUI based applications that simplify the interface.

A typical command line FTP session would look like this:

Figure 1: FTP session (Windows command line)

1. First the user requests to connect to the FTP server at 127.0.0.1 and provides a
username and password
2. Once connected, the user types dir and gets a directory listing from the server. This
shows a single file.
3. Finally the user types get puzzle1.txt and requests the file from the server. The file
is transferred to the user's computer.

FTP GUI based client applications such as FileZilla and CuteFTP are also freely
available. These offer a graphical view of your local files (the files on your computer) and
the remote file system, allowing you to drag and drop files between the two file systems.
Figure 2: Typical FTP GUI interface
SMTP, POP, and IMAP

It is estimated that 300 billion emails are sent every day (and around half of this volume is
spam!). Most people have access to emails on mobile phones, and other mobile
platforms, as well as on desktop devices.

Email is based on the client–server architecture. A user has access to their emails
through an email client application on their device. In business environments, Microsoft
Outlook is a popular mail client. On your mobile phone, you may use Gmail or the Apple
Mail client. There is wide range of client software available and most will allow you to
collect mail from multiple accounts.

The role of an email server

In a traditional setup, when the user opens their email client, it connects to their email
server(s) and downloads any messages that have arrived. Post Office Protocol (POP3)
and Internet Message Access Protocol (IMAP) are the protocols used to retrieve the
emails. POP3 downloads them onto the client device and deletes the emails from the
server. IMAP on the other hand, just creates copies on the local client device and
synchronises any deletion on both client and server. IMAP is the preferred protocol
because it offers the ability to manage your emails on multiple devices.

When sending emails, the Simple Mail Transfer Protocol (SMTP) is used. This protocol
transfers the email from the client device to the linked mail server. If the mail recipient is
on a different domain (email provider), SMTP is used to forward the email on to the
recipient's mail server.

Figure 3: Protocols used for sending and receiving email

Most modern email systems now use 'push' technology. In these configurations, new
emails are pushed to the client as soon as they arrive on the mail server. If you get
stressed by the constant flow of email arrivals, you can opt out of this service.
Secure Shell (SSH)

Secure Shell (SSH) can provide an encrypted connection for remote access to another
computer. It achieves this by encrypting the messages sent between the SSH client and
the SSH server, and thus provides a secure link through which users can communicate
with a remote computer.

The act of encrypting the data can be envisaged as creating a secure tunnel over the
internet through which the commands are sent. This technique of building secure tunnels
with SSH means that SSH can be used to securely tunnel other protocols over the
internet. SSH hides the actual protocol it has encrypted. So, the network does not see the
destination address, or the nature of the data, it just sees SSH data destined for an SSH
server.

SSH is commonly used by network administrators who need to access remote devices to
start and stop services, perform software upgrades, and carry out other tasks. It allows
the person to securely manange multiple computers from their desk without having to visit
remote sites. SSH is also used to manage devices that do not have a monitor and
keyboard attached. For example, a Raspberry Pi that is being used to power a robot can
be managed over SSH.

In order to connect to another computer using SSH, you must have:

an account on the computer you are trying to connect to

sufficient administrative rights to carry out some operations

Clearly this is not something that should be widely available. It would be a real security
risk to give strangers administrative access to your devices.

There are two ways you can sign in to a remote computer via SSH:

1. Use the command line or terminal of your operating system; you can type
commands to SSH into the remote device

Figure 4: Command line SSH (using Windows)

In the example shown, the user is connecting to a Raspberry Pi over an SSH connection.
Having specified the IP address of the Raspberry Pi, and entered the password, the user
is able to control the Raspberry Pi from their remote desktop.

2. Use a GUI based SSH client (such as PuTTY)

 Figure 5: GUI based SSH

All teaching materials on this site are available under the Open Government Licence v3.0, except where otherwise stated.