Chapter 2: Application Layer

Introduction
• The application layer provides services to the user. The two application layers assume that there
is an imaginary direct logical connection (two - way).
• If a protocol is added to each layer, it should be designed in such a way that it uses the service
provided by one of the protocols at the lower layer.
• The protocols used in the rst four layers of the TCP/IP suite need to be standardised and
documented. Application layer protocols can be standard or non standard.
• Paradigm of application-layer:
• Client-server paradigm: a.k.a traditional paradigm. The concentration of the communication
load is on the shoulder of the server, this means there should be a service provider willing to
accept the cost and create a powerful sever for a speci c service which means server should
earn money.
• Peer-to-peer paradigm: a.k.a new paradigm. for e.g internet telephony. The main challenge is
security. The other challenge is applicability, this does not have many use cases.
• Mixed paradigm

Client - Server Paradigm

• A server must be running (in nite) when a request arrives, client needs to run only when it wants
( nite).
• APIs for communication such as socket interface, transport layer interface, STREAM etc.
• Socket interface: is a set of instructions that can be used by a process to communicate with
another process. Sockets mimic a physical entity and have inputs and outputs (like a keyboard,
or monitor).
• The client thinks that the socket is the entity that receives the request and gives the response,
the server thinks that the socket is the one that has a request and needs a response.
• Socket address consists of 32 bit IP address and 16bit port number
• For a socket to form we need a local socket address and a remote socket address.
• Server side: Local socket address: OS knows the IP address of the computer on which the
process is running, the port number is assigned. Remote socket address: the client socket
address, is contained in the request packet sent to the server.
• Client side: Local socket address: IP address is known, the port number is a 16-bit temporary
integer that is assigned to a client each time the process starts communication. (Ephemeral
(temp) port numbers). Remote socket address: Case 1: server IP and port are hardcoded, Case
2: socket is a standard socket but URLs and DNS are used to nd IP address.
• Using services of the transport layer:
• UDP protocol: Connectionless, unreliable, datagram (encapsulated packets) service. It may
check that the data is not corrupted during transmission, but no further action takes place.
• It is message oriented, it gives boundaries to messages exchanged
• It is useful in send small messages, and speed and simplicity is more important that
reliability
• TCP protocol: provides connection-oriented byte-stream service. Initial connection phase is
called handshaking. Two way. TCP is reliable and can provide ow control and congestion
control. It is not message oriented as it does not put boundaries on the messages exchanged.
• Most of the standard applications that need to send long messages and require reliability
may bene t from the service of the TCP.
• SCTP Protocol: SCTP provides connection-oriented, reliable service, message-oriented like
UDP. SCTP can provide multi stream service by providing multiple network layer connections.
• Suitable for application that needs reliability and at the same time needs to remain
connected, even if a failure occurs in one network layer connection.

Standard Client-Server Applications

World wide web and HTTP: distributed client-server service.
fi
fi
fi
fi
fi
fl
fi
Web client (Browser) interpret and display a web page, all use the same architecture, a
controller, client protocols, and interpreters.
Web server where web pages are stored. Uses caching, multithreading and multiprocessing.
Uniform Resource Locator consists of 4 parts, protocol (HTTP, FTP), the host (IP address or
DNS), the port (decided when required else is a standard port), path (path in local computer).
Web documents: static, dynamic, active
• Static documents: The contents of the le are determined when they are created, user cannot
change them. HTML, XSL, XTML, XHTML etc.
• Dynamic documents: Created by a web server whenever a browser requests the document.
Retrieval of time and date from a server. Old: Common Gateway Interface (CGI), new: Java
server pages, Active server pages (Visual basic language by Microsoft), ColdFusion, which
embodies queries in a SQL.
• Active documents: When script is run on client side, such as animating graphics. Java applets
and javascript.
HTTP: Hyper Text Transfer Protocol. HTTP server uses port 80, uses TCP.
Non-persistent vs persistent
• Non-persistent: one TCP connection is made for each request/response. Imposes high
overhead on the server because server needs di erent bu ers each time a connection is
opened.
• Persistent: Made standard in HTTP 1.1 , server can close the connection at the request of a
client or if a time out has been reached. The sender sends length of data with each response,
however if length is not known (in the case of dynamic documents) the server sends data and
closes connection after data is received.
Message formats
Request message:
Version - 1.1
Methods:
Followed by zero or more header lines
Response message
version - 1.1
the status code eld de nes the status of the request. It consists of three digits. Codes in the
range 100 are only informational, codes in the range 200 indicate successful request, codes in the
range 300 redirect the client to another Url, and codes in the range 400 indirect error at the client
site, codes in the range 500 indicate an error at the server site.
Followed by zero or more response header
Conditional request, the server will send the requested web page if the condition is met or inform
the client otherwise.
Cookies:
• Creating and storing cookies: When server receives request from a client, it stores information
and sends it back to the client in the response which the browser then keeps in cookie directory
sorted by server domain name.
• Using cookies: When the client sends a request it checks if the cookies are presents and sends
them with the request.
• Set-cookie is a new server header and Cookie is a new client header
Web caching: Proxy Server
• A proxy servers is a computer that keeps copies of responses to recent requests. The proxy
server cache’s requests and responses improving latency and reducing load on the main server.
• Proxy servers are client side.
Cache update: how long a response should remain in pray server? Store the list of sites whose
information remains same for a while. For e.g the news website needs to update every day.
Another recommendation is to add some headers to show the last modi cation time of the
information.
HTTP Security: using Secure Socket Layer(SSL) to form HTTPS

File Transfer Protocol (FTP):

• Client has user interface, client control process, and the client data transfer process.
• Server has server control process and the server data transfer process.
• Separation of commands and data transfer makes FTP more e cient.
fi
fi
fi
ff
ff
ffi
fi
 • Lifetimes of two connections: The control connection remains connected throughout the
session and the data connection is formed only when the le transfer happens.
• port 20 is used for data connection and port 21 is used for control connection.
• Control connection: uses NVT ASCII character set. Each line is terminated with a two-
character (carriage return and line feed) end-of-line token.
• Command followed by argument is sent by the client

• Response has a three digit number followed by text.

• Data connection: Client issues a passive open using ephemeral port, sends the port to server
using PORT command and then server issues an active open on its port 20.
• Communication over Data connection: we must de ne, the type of le to be transferred, the
structure of the data, and the transmission mode. We de ne three attributes of communication:
le type, data structure, and transmission mode.
• Data structure:
• File structure: has no structure, it is a continuous stream of bytes
• Record structure: le is divided into records, can be used only in text les
• Page structure: le is divide into pages, with each page having page number and a page
header. The pages can be stored and accessed randomly or sequentially.
• File type: ASCII le, EBCDIC le, or image le.
• Tranmission mode:
• Stream mode: default, delivered from FTP to TCP as continuous stream of bytes.
• Block Mode: data can be delivered from FTP to TCP in blocks, each block is preceded by a 3-
byte header, the rst byte is block descriptor followed by 2 bytes for byte length.
• Compressed mode
• File Transfer: retrieving a le, storing a le, listing the directory.
• SSL over FTP — SSL-FTP

Electronic Mail:
• E-mail is considered one-way transaction.
• Architecture: The electronic mail systems needs two UAs (user agent), two pairs of MTAs (mail
transfer agent) (client and server) and a pair of MAAs (Mail access agent)(client and server).
• User Agent: A user agent is a software package (program) that composes, read, replies to, and
forwards messages. It also handles local mailboxes on the user computers. They can be
command-driven or GUI-based. like Outlook.
• Sending mail: It has envelope and message, envelope contains sender address and receiver
address. The message contains header and body, header has sender, receiver, the subject of
the message.
• Receiving mail: Basically they explain what outlook looks like.
• Address: local part ‘@‘ domain name
• The domain name assigned to each mail exchanger either comes from the DNS database or is
a logical name (for example, the name of the organisation)
• Mailing list or group list: Aliases in the alias database.
• SMTP: SMTP is used two times, between the sender and the sender’s mail server and between
the two mail servers
• Command and responses: terminated by a two-character (carriage return and line feed) end-
of-line token.
• Commands: Keyword followed by argument
• Responses: three digit code followed by additional description
• Mail transfer phases:
• Connection Establishment: Port 25, client makes TCP connection. Server sends code 220
(service ready), else 421 (service not available). The client send the HELO message to
identify itself using its domain name address. The server responds with 250 (request
command completed).
• Message transfer: client sends MAIL FROM (to introduce sender, and for receiving error) ->
server responds with 250 -> client sends RCPT TO (recipient) -> server responds with 250
-> client sends DATA -> server responds with 354 (start mail input). -> client sends data line
by line and nished with end-of-line token.->server 250.
• Connection Termination: client QUIT -> server 221
• SMTP is a push protocol, third stage is a pull protocol, third stage uses message access agent.
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
• POP3 (post o ce protocol): Simple but limited, Opens connection to server on port 110 (TCP),
then sends username and password, on OK retrieves all mail one by one.
• POP3 has two modes, delete mode and keep mode. In the delete mode, the mail is deleted
from the mailbox after each retrieval, in the keep mode the mail remains in the mailbox after
retrieval. The delete mode is used when the user is working on their permanent computer, the
keep mode is used when the mail is accessed from multiple computers.
• IMAP4: Internet Mail access protocol version 4. IMAP4 is more powerful and more complex.
• POP3 does not allow the user to organise the mail on the server, have di erent folders, partially
check contents of mail before downloading. IMAP4 adds these features.

MIME: Multipurpose Internet Mail Extensions is a supplementary protocol that allows non-ASCII
data to be sent through e-mail, increasing language support. Electronic mail can only send
messages in NVT 7-bit ASCII format. MIME transforms non-ASCII data at the sender site to NVT
ASCII data and delivers it to the client MTA to be sent through the internet. The message ate the
receiving is transformed back to the original data. MIME de nes 5 headers
• MIME-version: current version is 1.1
• Content-type: type/subtype types include text, image, video, audio, application etc.
• Content-transfer-encoding: method used to endow the messages including binary, 8-bit, 7-bit
etc.
• Base64: write down 8bit representation break into 6 bits and write ASCII representation
• Quoted-printable: write the non-ASCII with equal to and follow base64 for only that.
• Content-ID identi es the whole message in a multiple message environment
• Content Description: de nes the body

Web based mail: websites today provide this service to anyone for ex - GMAIL.
In this instead of IMAP4 and POP3, HTTP is used. Client can also use HTTP client.
Email security: secured using two application layer protocols: Pretty Good Privacy (PGP) and
Secure/Multipurpose Internet Mail Extensions (S/MIME).

TELNET:
Telnet (TErminaL NETwork) and SSH are remote logging applications.
Local login, Remote login, pseudo terminal driver.
Network Virtual Terminal Character set (used because terminal commands di er based on OS). 8-
bit system with MSB set 0 for ASCII and 1 for control characters
Options are extra features available to a user with a more sophisticated terminal.
User Interface with user-friendly commands

Secure Shell (SSH):

Originally designed to replace TELNET, SSH-1 and SSH-2, incompatible. SSH-1 is deprecated.
Components: Three components:
• SSH-TRANS: Transport Layer Protocol. This protocol uses TCP to create a secured channel on
top of the TCP. Services provided: Privacy, Data integrity, Server Authentication, Compression of
the messages.
• SSH-AUTH: After server is authenticated by client, sever calls this process to authenticate
client. Similar to SSL. The request includes the user name, server name, the method of
authentication and the required data.
• SSH-CONN: Connection Protocol. Provides multiplexing, takes the secure channel and create
multiple logical channels over it, each channel can be used for a di erent purpose.
Applications: SSH for remote logging (Tectia, PuTTy )and SSH for le transfer (sftp).
Port forwarding: creates a tunnel through which the message belonging to other protocols can
travel (SSH tunnelling). Using port forwarding to access SMTP on another computer.
Format of the SSH Packets:
4 bytes : length (not including length of padding)
1-8 bytes: padding
1 bye : type
variable: data
4 byes: CRC (cyclic redundancy checksum)

Domain Name System (DNS):

ffi
fi
fi
fi
ff
fi
ff
ff
 at name space vs hierarchical name space.
Domain name space: hierarchical name space. Tree can have only 128 levels (0-127).
Label: max 63 characters, root is null, each children should be unique
Domain name: fully quali ed domain name if from node to root (FQDN), else it is PQDN, it is used
when the name to be resolved belongs to the same site as the client. here the resolver can supply
the missing part, called the su x to create FQDN.
Domain: Subtree of the domain name space. Name of domain is label of root of subtree
Distribution of name space: root is left alone, rest is distributed among servers.
Hierarchy of name servers: DNS servers.
Zone: A zone is a contiguous part of the entire tree and is what a server has authority over.
Root server: Server whose zone consists of the whole tree.
Primary server: stores a le about the zone for which it is an authority. It is responsible for
creating, maintaining and updating the zone le. It stores the zone le on a local disk.
Secondary server: server that transfers the complete information about a zone from another
server and stores the les on its local disk. It is used as a backup if primary server fails. A server
may be primary for one and secondary for another.

Security of DNS:
DNS Security (DNSSEC) provides message origin authentication and message integrity using
digital signature. Doesn’t provide con dentiality for the DNS messages and no protection against
DOS attacks, caching system protects upper level servers against this attack to some extent.

Peer-to-peer paradigm
Centralised networks:
Listing of the peers and what they o er uses client-server paradigm, but the storing and
downloading of the les are done using the peer-to-peer paradigm.
Makes the maintenance of the directory simple, accessing the directory can generate huge tra c,
and if central directory is attacked entire system fails.
Decentralised networks:
peers arrange themselves into an overlay network, which is a logical network made on top of the
physical network.
Unstructured: In the name, ine cient as query must go through entire network. Eg. Gnutella and
Freenet.
Gnutella: ooding is somehow controlled to prevent huge tra c loads, one of the reasons that
Gnutella can not be scaled well it the ooding. A node needs to know the address of at least one
neighbour, this is done at the bootstrap time, when the node install the Gnutella software for the
rst time. The software includes a list of nodes that can record as neighbours. Later ping and
pong are used.
Newer version uses tiered system, of ultra nodes and leaves to make more e cient, also adds
Query Routing Protocol (QRP), Dynamic Querying (DQ) to reduce tra c overhead and make
searches more e cient.
Structured: prede ned set of rules to link nodes. Most common technique: Distributed Hash
table (used by BitTorrent) (DHT).
DHT is used in distributed data structure (DDS), Content Distributed Systems (CDS), Domain
Name Systems (DNS) and P2P le sharing.
fl
fi
fl
ffi
fi
fi
fi
fi
fi
ffi
ffi
fi
ff
fi
fl
fi
ffi
fi
ffi
ffi
ffi