Chapter 3

Application Layer Functionality

and Protocols
Paul Morris
CIS151
MHCC
Application Layer: OSI and TCP/IP Models

 The Application layer, Layer seven, is the top layer of both the OSI and
TCP/IP models.
 Provides the interface between the applications we use to communicate and
the underlying network.

3
 Email

HTTP HTTP

HTTP
(www)

 Application layer protocols are used to exchange data between programs

running on the source and destination hosts.
 There are many Application layer protocols and new protocols are always
being developed.

4
Application Layer: OSI and TCP/IP Models

 Functionality of the TCP/IP application layer protocols fit roughly into the
framework of the top three layers of the:
 OSI model: Application, Presentation and Session layers.
 Most early TCP/IP application layer protocols were developed before the
emergence of:
 personal computers, graphical user interfaces and multimedia objects.
 These protocols implement very little of the functionality that is specified in
the OSI model Presentation and Session layers. 5
The Presentation Layer

 The Presentation layer has three primary functions:

 Coding and conversion of Application layer data to ensure that data
from the source device can be interpreted by destination device.
 Compression of the data in a manner that can be decompressed by
the destination device.
 Encryption of the data for transmission and the decryption of data upon
receipt by the destination.
 Compression and Coding formats:
 Graphics Interchange Format (GIF)
 Joint Photographic Experts Group (JPEG)
 Tagged Image File Format (TIFF). 6
The Session Layer

 Create and maintain dialogs between source and destination applications.

 Handles the exchange of information to:
 initiate dialogs
 keep them active
 restart sessions that are disrupted or idle for a long period of time

 Most applications, like web browsers or e-mail clients, incorporate

functionality of the OSI layers 5, 6 and 7.
7
Application Layer: OSI
and TCP/IP Models

Note: Usually a single

server will function as
a server for multiple
applications

 Common TCP/IP Protocols

 Domain Name Service Protocol (DNSP) is used to resolve Internet
names to IP addresses.
 Hypertext Transfer Protocol (HTTP) is used to transfer files that make
up the Web pages of the World Wide Web.
 Simple Mail Transfer Protocol (SMTP) is used for the transfer of mail
messages and attachments.
 Telnet, a terminal emulation protocol, is used to provide remote access
to servers and networking devices.
 File Transfer Protocol (FTP) is used for interactive file transfer
8
between systems.
RFCs: Request For Comments

 The protocols in the TCP/IP suite are generally defined by Requests for
Comments (RFCs).
 Maintained by IETF (Internet Engineering Task Force)
 There are a few in there for fun -
[Link]
9
Application Layer
Software User
applications

 Within the Application layer,

Services
there are two forms of
software programs or
processes that provide
access to the network:
 applications System
Operations
 services

 Network-Aware Applications
 Applications are the software programs used by people to
communicate over the network.
 They implement the application layer protocols and are able to
communicate directly with the lower layers of the protocol stack.
 Email Clients
 Web Browsers 10
Application Layer Software
User
applications

Services

System
Operations

 Application layer Services

 Other programs may need the assistance of Application layer services
to use network resources such as:
 File transfer
 Network print spooling
 These services are the programs that interface with the network and
prepare the data for transfer. 11
Application Layer Software

 Application layer uses protocols that are implemented within applications

and services.
 Applications provide people a way to create messages.
 Application layer services establish an interface to the network.
 Protocols provide the rules and formats that govern how data is
treated.

 Bottom line:
 When discussing an application like "Telnet" we could be referring to the
application, the service, or the protocol. 12
Application Layer Protocol Functions

 Application layer protocols are used by both the source and destination
devices during a communication session.
 The application layer protocols implemented on the source and destination
host must match.
 Protocols: (This will become clearer later! Herding cats.)
 Establish consistent rules for exchanging data.
 Specify the structure and type of messages that are exchanged.
 Types: Request, response, acknowledgement, error message, etc.
 Defines the dialogues, ensuring with transmissions met by expected
responses, and with the correct service invoked. 13
Application Layer Protocol Functions

 Applications and services can use multiple protocols.

 Encapsulate the protocol or encapsulated by this protocol
 Invoke other protocols
 Using a web browser (HTTP):
 May invoke:
 DNS, ARP, ICMP
 May use:
 TCP, UDP, Ethernet, PPP
 Uses
 IP

14
Client Server Model

 Client: the device requesting the information

 Server: the device responding to the request is called a server.
 The client begins the exchange by requesting data from the server.
 Server responds by sending one or more streams of data to the client.
 In addition to the actual data transfer, this exchange may also require
control information, such as:
 user authentication
15
 the identification of a data file to be transferred
Servers

 A server is usually a computer that contains information to be shared with

many client systems.
 Web server
 Email server
 File or database server
 Applications server
 Some servers may require authentication of user account information and
vary permissions.
 Example, if you request to upload data to the FTP server, you may have
permission to write to your individual folder but not to read other files on the
site. 16
Servers

 The server runs a service, or process, sometimes called a server daemon.

 Daemons (like other services) typically run in the background and are not
under an end user's direct control.
 Daemons are described as "listening" for a request from a client.
 Programmed to respond whenever the server receives a request for the
service provided by the daemon.
 When a daemon "hears" a request from a client:
 It exchanges appropriate messages with the client, as required by its
protocol,
 Proceeds to send the requested data to the client in the proper format. 17
Application Layer
Services and Protocols

 Servers typically have multiple clients requesting information at the same

time.
 For example, a Telnet server may have many clients requesting
connections to it.
 These individual client requests must be handled simultaneously and
separately for the network to succeed.
 The Application layer processes and services rely on support from lower
layer functions to successfully manage the multiple conversations.
18
Application Layer Protocols
HTTP
(WWW) DHCP
(IP address
resolution)

FTP
(file transfer) DNS
(domain name
resolution)

SMTP SMB
(email) (file sharing)

P2P
Telnet (file sharing)
(remote login)

20
Reminder of encapsulation/decapsulation
Data Link IP TCP HTTP Data Link
Data Trailer
Header Header Header Header

Data Link Data Link

IP Packet
Header Trailer

Data Link Data Link

IP Packet
Header Trailer

Data Link Data Link

IP Packet
Header Trailer

Data Link IP TCP HTTP Data Link

Header Header Header Header
Data Trailer

21
Focus on Application Header and/or Data
HTTP

HTTP

 We will examine how the application (header) and/or data communication

with each other between the client and the server.
22
HTTP (HyperText Transfer Protocol)
HTTP HTTP

HTTP
HTTP
Client
Server

 HTTP – The Web’s application layer protocol.

 RFC 1945 and RFC 2616
 Implemented in:
 Client program
 Server program
 Current version: HTTP/1.1
 Encapsulated in TCP

23
 HTTP (HyperText Transfer Protocol)
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Paul Morris, MHCC</title><style type="text/css">
<!--
body {
margin-left: 0px;
The base HTML file references other objects
margin-top: 0px; in the page.
margin-right: 0px;
margin-bottom: 0px;

CIS151
 Web page (also called a html document)
 Web page consists of objects CIS152

 Objects (examples):
CIS154
 HTML file
 JPEG image
 GIF image
 JAVA applet
 Audio file
24
Web Browser - Client

HTTP
Client

 Browser – The user agent for the Web.

 Displays requested Web page and provides navigational and
configuration features.
 Browser and client may be used interchangeably in this discussion.
 HTTP has nothing to do with how a Web page is interpreted (displayed) by
the client (browser). 25
Web Server

HTTP
Server

 Web Server – Stores web objects, each addressable by a URL.

 Implement the server side of HTTP.
 Examples:
 Apache
 Microsoft Internet Information Server

26
HTTP Request Message
GET /[Link] / HTTP/1.1 Some data omitted for brevity
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET
CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.1)
Host: [Link]
Connection: Keep-Alive

HTTP
Serve
r
HTTP
 Request Message Client
 Request line
 Header lines
 ASCII Text
 Request line: Method field
 GET, POST and HEAD
 The great majority of Requests are GETs 27
HTTP Request Message
GET /[Link]/ HTTP/1.1
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET
CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.1)
Host: [Link]
Connection: Keep-Alive

Request Line
GET - Browser/client is requesting an object
/[Link] / - Browser is requesting this object in this
directory (default is [Link])
HTTP/1.1 - Browser implements the HTTP/1.1 (1.1 is
backwards compatible with 1.0)

Note: HTTP GET is also used by some P2P applications like Gnutella
and Bittorrent.
28
HTTP Request Message
GET /[Link]/ HTTP/1.1
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET
CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.1)
Host: [Link]
Connection: Keep-Alive

Request Line
GET: - Used by browser/client to request an object.
POST: - Used when user has filled out a form and sending
information to the server. (Forms do not have to
use POST.)
- Example: words in a search engine
HEAD: - Similar to a GET, but the server responds with a
HTTP message but leaves out the requested
object.
PUT: - Used with Web publishing tools, upload objects.
29
DELETE: - Used with Web publishing tools, delete objects.
HTTP Request Message
GET /[Link]/ HTTP/1.1
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET
CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.1)
Host: [Link]
Connection: Keep-Alive

Header Lines
Accept-Language:- User prefers this language of the object
User-Agent: - The browser type making the request
Host: - Host on which the object resides
Connection: - Client/browser is telling the server to keep
this TCP connection Open, known as a
persistent connection.
- We will talk about this later in TCP
(transport layer)
30
HTTP Response Message
HTTP/1.1 200 OK Some data omitted for brevity
Date: Fri, 22 Feb 2008 [Link] GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 15 Nov 2007 [Link] GMT
Content-Length: 15137
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"[Link]
<html xmlns="[Link]

HTTP
Server
HTTP Client

31
HTTP Response Message
HTTP/1.1 200 OK
Date: Fri, 22 Feb 2008 [Link] GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 15 Nov 2007 [Link] GMT
Content-Length: 15137
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"[Link]
<html xmlns="[Link]

 Response message:
 Status line
 Header lines
 Entity body

32
HTTP Response Message
HTTP/1.1 200 OK
Date: Fri, 22 Feb 2008 [Link] GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 15 Nov 2007 [Link] GMT
Content-Length: 15137
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"[Link]
<html xmlns="[Link]

Status Line
HTTP/1.1 – Server is using HTTP/1.1
200 OK - Status code, request succeeded and information is
returned in response

33
 HTTP Response Message
HTTP/1.1 404

Status Codes
200 OK
- Status code, request succeeded and information is returned in response.
301 Moved Permanently
- Requested object has been permanently moved.
400 Bad Request
- Generic error message, request not understood by server.
404 Not Found:
-The requested document does not exist on server.
505 HTTP Version Not Supported 34
HTTP Response Message
HTTP/1.1 200 OK
Date: Fri, 22 Feb 2008 [Link] GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 15 Nov 2007 [Link] GMT
Content-Length: 15137
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"[Link]
<html xmlns="[Link]

Header Lines
Date: – Server is using HTTP/1.1
Server: - Status code, request succeeded and
information is returned in response
Last-Modified: – Date/time when object created or
modified
Content-Length: – Number of bytes in object being sent
Connection: – Server going to close TCP connection
after 35
HTTP Response Message
HTTP/1.1 200 OK
Date: Fri, 22 Feb 2008 [Link] GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 15 Nov 2007 [Link] GMT
Content-Length: 15137
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"[Link]
<html xmlns="[Link]

Entity Body

<!DOCTYPE html PUBLIC etc.:

– HTML text and other objects to be used by the browser/client

36
HTTP Request and Response Messages
GET /[Link] / HTTP/1.1
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET
CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.1)
Host: [Link]
Connection: Keep-Alive

HTTP

HTTP
HTTP
Server
HTTP Client
HTTP/1.1 200 OK
Date: Fri, 22 Feb 2008 [Link] GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 15 Nov 2007 [Link] GMT
Content-Length: 15137
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"[Link] 37
<html xmlns="[Link]
User-Server Interaction: Cookies

 Web servers are considered stateless – they do not maintain state

information, keep track of the user.
 Higher performance – allowing the server to handle thousands of
simultaneous TCP connections (later).
 Web servers use cookies to track users.
 Cookies defined in RFC 2109

38
 User-Server Interaction: Cookies
HTTP Requests: GET
(first time)

HTTP HTTP: Response

Server Set-cookie: ID

HTTP Requests (GET) HTTP Client

Web server can now now include ID
track clients activities
on the web site.
 Web server installs cookies on client when:
 Accessed the web site for the first time (Web server does not know client
by name.)
and/or
 User provides information to the web server. (Web server now knows
client by name.)
 HTTP on Web server responds with a Set-cookie: header with an ID.
 This ID is stored on the client’s computer.
 Each time client/browser accesses web site. The GET includes Cookie: or 39
User_ID or similar with the ID.
HTTP Request and Response Messages
GET /jpeg/cap81/[Link] HTTP/1.1
<information omitted>
Cookie: SLSPOTNAME5=Cowells; SLSPOTNAME4=Waimea%20Bay;
SLSPOTNAME3=Pipeline; SLSPOTNAME2=38th%20Ave%2E; SLSPOTNAME1=Cowells;
SLSPOTID5=4189; SLSPOTID4=4755; SLSPOTID3=4750; SLSPOTID2=4191;
SLSPOTID1=4189; OAX=R8bfwEbcU08ABCBu; USER_ID=5551212 <not my actual
user-id>; <rest of informaton omitted for brevity>

HTTP: Cookie 5551212 included

HTTP
HTTP data customized
Server
for Rick Graziani
HTTP Client
HTTP/1.1 200 OK
Date: Fri, 22 Feb 2008 [Link] GMT
Server: Apache/1.3.34 (Unix)
Last-Modified: Fri, 22 Feb 2008 [Link] GMT
ETag: "760a31-18ce-47bf19c3"
Accept-Ranges: bytes
Content-Length: 6350
Keep-Alive: timeout=15, max=257
Connection: Keep-Alive 40
Content-Type: text/plain <information omitted>
Web Caching Web
Cache or HTTP Client
HTTP
Request
Proxy Request
Origin Server
Server HTTP Response

HTTP Response
HTTP
HTTP Request
Request
Orgin HTTP Response
Server HTTP Response
Client

 Web cache or proxy server – Web cache satisfies HTTP requests on the
behalf of the Origin Web server.
 Own disk storage
 Keeps copies of recently requested objects
 Typically installed at ISP or larger institutions.
 Advantages:
 Reduces the response time for client requests, especially if there are
any bottlenecks in the network.
 Reduces traffic on institution’s access link to the ISP (Internet). 41
Web Caching Web
Cache or HTTP Client
HTTP
Request
Proxy Request
Origin Server
Server HTTP Response

HTTP Response
HTTP
HTTP Request
Request
Origin HTTP Response
Server HTTP Response
Client

1. Client/browser sends HTTP Request to Web cache (Proxy server).

2. Web cache checks to see if it has a local copy of the object.
 2a. Local copy: Web cache sends object to client’s browser.
 2b. No Local copy: Web cache sends HTTP request to origin server.
3. Origin server sends object to Web cache.
4. Web cache stores a local copy of the object.
5. Web cache forwards copy of the object to the client browser.
Note: TCP connections are also created between Client and Web Cache; Web
cache and Origin server (later).
42
HTTPS

 HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) is a URL

scheme used to indicate a secure HTTP connection.
 HTTPS is not a separate protocol
 combination of a normal HTTP interaction over an encrypted:
 Secure Sockets Layer (SSL) or
 Transport Layer Security (TLS) connection

43
 FTP (File Transfer Protocol)
FTP FTP
Client Server

 FTP was developed to allow for file transfers between a client and a server.
 Used to push and pull files from a server running the FTP daemon (FTPd).
 Uses get and put commands.
 RFC 959 44
 FTP (File Transfer Protocol)
TCP control connection port 21
Username and password
Change directory on Server

TCP data connection port 20

Copy file from client to server – Connection Closed

TCP data connection port 20

Copy file from server to client – Connection Closed

TCP control connection port 21

Quit FTP Application – Connection Closed
 Client initiates a TCP control connection with FTP server using port 21.
 This connection remains open until the user quits the FTP application.
 TCP port 21 connection includes:
 Username and password is sent over TCP port 21.
 Remote directory changes
 This state information significantly reduces total number of sessions on
server.
 For each file transferred, TCP opens and closes a TCP data connection on port
20.
45
 More later on TCP ports and connections.
SMTP – Simple Mail Transfer Protocol

 Email – One of the killer applications of the Internet.

46
SMTP – Simple Mail Transfer Protocol

User agent Mail server Mail server User agent

SMTP SMTP

POP3
IMAP

 Internet mail involves:

 User agents
 Allows users to read, reply, compose, forward, save, etc., mail messages
 GUI user agents: Outlook, Eudora, Messenger
 Text user agents: mail, pine, elm
 Mail servers
 Stores user mail boxes, communicates with local user agents and other
mail servers.
 SMTP
 Principle application layer protocol for Internet mail
 Sent over TCP
47
 Mail access protocols: POP3, IMAP, HTTP
SMTP – Simple Mail Transfer Protocol

User agent Mail server Mail server User agent

SMTP SMTP

POP3
IMAP

 SMTP
 RFC 2821
 Transfers messages from sender’s mail server to recipient’s mail
server
 Push protocol, not a pull protocol
 Push (from client to server or server to server)
 Pull (from server to client)
 Retrieving email
 Historically, users would log into local mail server to read mail.
 Since early 1990’s, clients use mail access protocols:
 POP3
 IMAP
 HTTP
48
SMTP – Simple Mail Transfer Protocol

 POP3 (Post Office Protocol)

 RFC 1939
 Limited functionality
 Uses TCP port 110
 Download-and-delete mode
 Retrieves messages on server and store the locally
 Delete messages on server
 Download-and-keep mode
 Does not delete messages on server when retrieved.
 Problem
 Difficult to access email from multiple computers – work and home.
 Some email may have already been downloaded on another
computer (work) – download-and-delete
 To read email from another computer, must leave on server –
download-and-keep
 Does not provide means for user to create remote folders on mail
server 49
SMTP – Simple Mail Transfer Protocol

User agent Mail server Mail server User agent

SMTP SMTP

IMAP
HTTP

 IMAP (Internet Message Access Protocol)

 RFC 2060
 Mail not downloaded, but kept on server
 Received email is associated with user’s INBOX
 Users can create and manage remote folders
 Users can retrieve portions of the email:
 Message header: Subject line and Sender

 Web-based email
 Introduced with Hotmail in mid-1990’s
 Communicates with remote mailbox using HTTP
 HTTP is used to push (client to server) and pull the email (server to
client) 50
 SMTP

MTA
 receives email from the
client's MUA
 passes email to the MDA
for final delivery
 uses SMTP to route email
between servers

Mail software, processes used: MTA and MDA

 MUA (Mail User Agent) – Email client software.
 MTA (Mail Transfer Agent) – Software that governs transfer of email
between mail servers.
 Includes UNIX sendmail, Microsoft Exchange Server, Postfix, and Exim
 MDA (Mail Delivery Agent) – Software that governs transfer of email from
mail servers to clients.
51
 On Unix systems, procmail and maildrop are the most popular MDAs.
Telnet
Telnet Telnet

Server

 Telnet provides a standard method of emulating text-based terminal devices

over the data network.

52
Telnet
Telnet Telnet

Server

 Allows a user to remotely access another device (host, router, switch).

 A connection using Telnet is called a Virtual Terminal (VTY) session, or
connection.
 Telnet uses software to create a virtual device that provides the same
features of a terminal session with access to the server command line
interface (CLI).
 Telnet clients:
 Putty
 Teraterm
53
 Hyperterm
Telnet

 Telnet supports user authentication, but does not encrypt data.

 All data exchanged during a Telnet sessions is transported as plain text.
 Secure Shell (SSH) protocol offers an alternate and secure method for
server access.
 Stronger authentication
 Encrypts data

54
DHCP – Dynamic Host Configuration Protocol

 IP addresses and other information can be obtained:

 Statically
 Dynamically (DHCP)
55
DHCP

 DHCP Information can include:

 IP address
 Subnet mask
 Default gateway
 Domain name
 DNS Server
 DHCP servers can be:
 Server on LAN
 Router
 Server at ISP 56
DHCP

 We will discuss DHCP more when we

discuss IPv4.

57
DNS – Domain Name System

 DNS allows users (software) to use domain names instead of IP addresses

58
Name Resolution

Need the IP address

Resolver
 DNS client programs used to look up DNS name information.
Name Resolution
 The two types of queries that a DNS resolver (either a DNS client or another
DNS server) can make to a DNS server are the following:
Recursive queries
 Queries performed by Host to Local DNS Server
Iterative queries
 Queries performed Local DNS server to other servers

59
DNS Name Resolution

 User types [Link]

Step 1.
 The DNS resolver on the DNS client sends a recursive query to its
configured Local DNS server.
 Requests IP address for "[Link]".
 The DNS server for that client is responsible for resolving the name
 Cannot refer the DNS client to another DNS server.

60
 2
3 2

DNS Name Resolution

Step 2.
 Local DNS Server forwards the query to a Root DNS server.

Step 3.
 Root DNS server
 Makes note of .com suffix
 Returns a list of IP addresses for TLD (Top Level Domain Servers)
responsible for .com.

61
 DNS Name Resolution

 Root DNS Servers

 There are 13 Root DNS servers (labeled A through M)
 TLD Servers
 Responsible for domains such as .com, edu, org, .net, .uk, jp, fr
 Network Solutions maintains TLD servers for .com
 Educause maintains TLD servers for .edu
 There are redundant servers throughout the world.
62
DNS Name Resolution 4
4

Step 4.
 The local DNS server sends query for [Link] to one of the
TLD servers.

Step 5.
 TLD Server
 Makes note of [Link]
 Returns IP address for authoritative server [Link] (such as
[Link] server)
63
DNS Name Resolution
6

6
7

Step 6.
 Local DNS server sends query for [Link] directly to DNS
server for [Link]

Step 7.
 [Link] DNS server responds with its IP address for
[Link]

64
DNS Name Resolution
8

Step 8.
 Local DNS server sends the IP address of [Link] to the DNS
client.

DNS Caching
 When a DNS server receives a DNS reply (mapping hostname to an IP
address) it can cache the information in its local memory.
 DNS servers discard cached information after a period of time (usually 2
days)
 A local DNS server can cache TLD server addresses, bypassing the root
DNS servers in the query chain. 65
DNS Name Resolution
 In the worst cases, you'll get a dialog
box that says the domain name
doesn't exist - even though you know it
does.
 This happens because the
authoritative server is slow replying to
the first, and your computer gets tired
of waiting so it times-out (drops the
connection) or the domain name does
not exist.
 But if you try again, there's a good
chance it will work, because the
authoritative server has had enough
time to reply, and your name server
has stored the information in its cache.

66
nslookup

nslookup
 Displays default DNS server for your host
 Can be used to query a domain name and get the IP address
67
DNS Name
Resolution

 ipconfig /displaydns
 After a certain amount of time, specified in the Time to Live (TTL)
associated with the DNS resource record, the resolver discards the
record from the cache.
 ipconfig /flushdns – Manually deletes entries
 The default TTL for positive responses is 86,400 seconds (1 day).
 The default TTL for negative responses is 300 seconds.
68
(Missing Info) DNS: [Link]

69
70
71
72
SMB – Server Message Block Protocol

 The Server Message Block (SMB) is a client/server file sharing protocol.

IBM developed Server Message Block (SMB) in the late 1980s to describe
the structure of shared network resources, such as directories, files,
printers, and serial ports.

73
SMB

 Request-response protocol .
 Unlike FTP, clients establish a long term connection to servers.
 Client can access the resources on the server as if the resource is local to
the client host.
 SMB is sent over TCP
 Prior to Windows 2000 windows used a proprietary protocol (NETBIOS)
to send SMB.
 Linux/UNIX have similar protocol: SAMBA

74
SMB

 SMB messages can:

 Start, authenticate, and terminate sessions
 Control file and printer access
 Allow an application to send or receive messages to or from another
device

75
Peer-to-Peer (P2P) Networking and
Applications

 In addition to the client/server model for networking, there is also a

peer-to-peer model.
 Two or more computers are connected via a network and can share
resources (such as printers and files) without having a dedicated
server.
 End devices (peers) can function as either a server or client. 76
P2P File Sharing

 P2P (Peer-to-Peer) file sharing accounts for more traffic on the Internet than
any other application (2004).
 Peers (hosts) act as both clients and servers.
 No centralized file server.
 HTTP GET and responses are commonly used. 77
By Peter Svensson
The Associated Press
Oct. 19, 2007
“Peer-to-peer applications account for between 50 percent and 90
percent of overall Internet traffic, according to a survey this year by
78
ipoque GmbH, a German vendor of traffic-management equipment.”
 P2P – Centralized Directory Peer

te
r m a nd Upda
1 – Info Peer
d Update
Centralized 1 – Inform an Peer
Directory
1 – Inform and Update 3 – File Transfer
Server
1 – Inform
and Upda Peer
te
2 – Query
for conte
nt

Napster

 Challenge with P2P – locating content across thousands or millions of

peers.
 One solution – centralized directory
 Approach done by Napster
 Problems (non-legal problems)
 Single point of failure
 Performance bottlenecks 79
 P2P – Centralized Directory Peer B

te
r m a nd Upda
1 – Info Peer
d Update
Centralized 1 – Inform an Peer
Directory
1 – Inform and Update 3 – File Transfer
Server
1 – Inform
and Upda Peer A
te
2 – Query
for conte
nt
1. Peer A starts P2P application
2. Informs centralized directory server of its:
 IP address
 Names of objects making available for sharing (MP3, videos, etc.)
3. Directory server collects information from each peer that becomes active.
 Dynamic database
 Maps IP addresses with object names
4. Peer A queries directory server for IP addresses of other peers for specific
content
 Directory Server returns IP addresses for those peers (Peer B)
5. Peer A establishes TCP connection and downloads file (i.e. HTTP GET) from
other peer, Peer B.
6. Directory server removes Peer from database when Peer closes application 80
or disconnects from Internet (periodic messages – pings – from server).
P2P – Query Query

Flooding Que
ry
it Peer B
Query hit
Peer C
u e ry h File tra
ns f er
Q
Query
Query
Peer A Peer D
Que Peer E
ry
Que
ry h
it

Peer F

Gnutella

 Gnutella – public domain file sharing application

 Fully distributed approach
 No centralized server
 Gnutella peer maintains peering relationship (TCP connection – later) which
a number of other peers (usually fewer than 10).

81
P2P – Query Query

Flooding Que
ry
it Peer B
Query hit
Peer C
u e ry h File tra
ns f er
Q
Query
Query
Peer A Peer D
Que Peer E
ry
Que
ry h
it

Peer A searches for a file Peer F

1. Peer A sends query to all neighboring peers.
2. If neighboring peer does not have file, forwards query to all its neighboring
peers
3. If any peer has the file it returns a query hit message.
4. Peer A selects a peer, Peer C, to retrieve file (HTTP GET)
5. A direct TCP connection is made with selected peer, Peer C.
6. HTTP response is used to send file.

Query Flooding
 Non-scalable and causes a significant amount of traffic on Internet.
 Gnutella modified it to limited-scope flooding which limits how many peers 82
away the query is sent to, usually 7 to 10. (similar to TTL – later).
P2P – Query Query

Flooding Que
ry
it Peer B
Query hit
Peer C
u e ry h File tra
ns f er
Q
Query
Query
Peer A Peer D
Que Peer E
ry
Que
ry h
it

How a peer joins and departs GnutellaPeer network

F
1. Finding peers:
 Bootstrap program: Client maintains a list of peer IP addresses who are
usually up
 Contact Gnutella site that maintains a list
2. Client attempts to make contact with peers (TCP connection – later)
3. Client sends Gnutella ping message to peer.
 Forwards Gnutella ping to other peers, who continue to forward ping
until limited-scope is reached.
4. Each peer returns a Gnutella pong message including:
 Its IP address
 Number of files it is sharing
83
 Total size of the files
P2P - Combination

Kazaa

 Kazaa combines ideas from Napster and Gnutella

 2004 – Contributed to more traffic on Internet than any other application
 2007 – Bittorrent became the leading application
 Proprietary technology 84
P2P - Combination
Group
Leader
Group
Leader
Q uer y

Query Group
Leader
Query
y Reply
Q uer
File Transfer

 Kazaa does not use a centralized server

 Group leader peers (parent)
 Higher bandwidth and Internet connectivity
 Greater Gnutella responsibilites
 Peers (child) – non-group leaders
 Child peer establishes TCP connection with a group leader
 Group leader:
 maintains database directory of child peers including their IP addresses
 maintain TCP connections with other group leaders
 Child peers query group leaders who forward the query to other group leaders
85
 Child peer selects peer for TCP connection and file transfer
Chapter 3
Application Layer Functionality
and Protocols
Paul Morris
CIS151
MHCC