Module 05

Introduction to Application Layer:

Introduction, Client-Server Programming, Standard Client-
Server Protocols: World Wide Web and HTTP, FTP, Electronic Mail,
Domain Name System (DNS), TELNET, Secure Shell (SSH)

Textbook: Ch. 25.1-25.2, 26.1-26.6

Introduction: Application Layer
•The whole internet, hardware and software was designed to provide
services at the application layer.

•Application layer provides services to the user.

•Communication is provided using a logical connection between two

application layers
Services
•Application layer is the only layer that provides services to the
Internet users.

•All protocols in the lower 4 layers must be standardized.

•The application layer protocols can be both standard and

non-standard.
Application Layer Paradigms
•To use the internet, we need two application programs to interact
with each other.

•To enable the communication, two paradigms are developed:

•Client-server paradigm
•Peer-to-peer paradigm
Client-Server Paradigm
•Most popular and traditional paradigm.
•In this paradigm, the service provider is an application program
called server. It runs continuously, waiting for another application
program called client.
•Some server process can provide a specific type of service to many
clients.
•The server must be running all the time.
Client-Server Programming
•In a client-server paradigm, communication happens between two
running application programs called processes: client and server.

•Client is a running program that initializes the communication

by sending a request.

•Server is another application program that waits for a request from a

client.
Client-Server Programming
•Server handles the request received from a client, prepares a
result and sends the result back to the client.

•Server must be running when a request from client arrives.

•But client needs to be run only when it is needed.

•Server program should be initialized before client program.

Peer-to-Peer Paradigm
•Often abbreviated as P2P paradigm, does not need for a server
process to be running all the time.
•Responsibility is shared between the peers.
Application Programming Interface
•To enable the communication with other process, a set of
instructions are required to tell the lower four layers of TCP/IP suite
to open/close the communication.
•These set of instructions are referred to as an Application
Programming Interface (API).
Common APIs are:
•Socket Interface
•Transport Layer Interface (TLI)
•Stream
Sockets and Its Addresses
•Socket is an object that is created and used by the
application program.
•Interaction between the client and server is a two-way
communication.
•We need a pair of addresses local (sender) and remote (receiver).
Finding Socket Addresses : Server Site
•Server needs a local (server) and a remote (client) socket address for
communication.

•Local Socket Address: Provided by OS. Can be well-known port

(HTTP) else some port number.
•Remote Socket Address: Finds the socket address when a client tries
to connect to the server.
Finding Socket Addresses : Client Site
•Server needs a local (client) and a remote (server) socket address for
communication.
•Local Socket Address: Provided by OS. By internet authority called
ephemeral (temporary) port numbers. OS guarantee that new port
number is not used by other client process.
•Remote Socket Address: Two situations
•User knows the client and server port (client-server application).
•Knows based on the application (webpage, email, file transfer). Uses
DNS for IP address.
Concurrent Communication
•A concurrent server can process several client requests at the
same time.
•Can be done using the available programming languages.
•In C, a server can create several child processes in which a child can
handle a client.
•In Java, threading allows several clients to be handled by each thread.
Using Services of the Transport Layer
•UDP
•TCP
•SCTP
Iterative communication using UDP
•Communication between a client program and a server program
can occur iteratively or concurrently.
•Sockets used for UDP:
•In UDP communication, the client and server use only one
socket each.
Iterative Communication Using TCP
•TCP server uses two different sockets, one for
connection establishment and the other for data
transfer.
•First one is listen socket and the later one is socket.
•To separate connection and data exchange phase.
•Client uses only one socket for both connection establishment
and data exchange.
Client Server Protocols: WWW
•WWW – World Wide Web.
•The idea of WWW was first proposed by Tim Berners-Lee in 1989 at
CERN.
•To allow several researchers at different locations to access each
others research.
•Commercial web started in 1990s.
Web Documents: Static

Static Documents:

•Fixed-content documents that are created and stored in a

server.
•Client can get a copy of the document only.
•User uses the browse to see the document.
•Static documents are prepared using HTML, XML, XSL, XHTML
Web Documents: Dynamic

Dynamic Documents:

•Created by a webserver whenever a browser request the

document.
•When a request arrives, the web server runs an application
program or a script that creates the dynamic content.
•Ex: A shopping site page showing different products for each user.
Web Documents: Active

Active Documents:

•For many applications, we need a program or script to be run at

the client site.
•Ex: Online calculators, interactive maps or games that run in your
browser.
Client Server Protocols: HTTP
•Hyper Text Transfer Protocol (HTTP) is used to define how the
client-server programs can be written to retrieve web pages from
the web.
•A HTTP client sends a request; a HTTP server returns a response.
•Server uses a port number 80; client uses a temporary port number.
•Connection is established before data exchange and is terminated
after data exchange.
Client Server Protocols: HTTP
•If the web pages are located on different servers, a new connection is
made for every server.

If some objects are located on the same server, we have two choices:
•To retrieve each object using a new TCP connection. (Non-Persistent
Connection)
•To make a TCP connection and retrieve them all. (Persistent
Connection)
Message Formats
•HTTP protocol defines the format of the request and response
messages.
•Each message made up of 4 sections.
•The first section in the request message is called the request line.
•The first section in the response message is called the status line.
•The other three sections have the same names in request and
response messages.
Message Formats: Request Message
•There are three fields in this line separated by one space and
terminated by two characters.
•Method: Defines the request type.
Message Formats: Request Message
Message Formats: Response Message
•A response message consists of a status line, header lines and a blank
line and sometimes a body.
Cookies
•The World Wide Web was originally designed as stateless entity.
•Every time you open or click a webpage, the server treats you like a
new visitor is called Stateless.
•Today the web has other functions that need to remember some
information about the clients or stateful behaviour.
•Websites allowing the user to store the items in cart.
•Some websites need to allow access only to registered clients.
•Some websites are used as portals. The user selects the web pages he
wants to see.
•Some websites are just advertising agencies.
Creating and Storing Cookies

The creation and storing of cookies depend on the implementation:

•When a server receives a request from a client, it stores information
about the client in a file or a string.
•The server includes the cookie in the response that it sends to the
client.
•When the client receives the response, the browser stores the cookie
in the cookie directory, which is sorted by the server domain name.
Web Caching: Proxy Servers
•A proxy server is a computer that keeps copies of responses to the
recent requests.
•HTTP support proxy servers.
•The HTTP client sends a request to the proxy server.
•The proxy server checks its cache.
•If the response is not stored in the cache, the proxy server sends the
request to the corresponding server.
•Incoming responses are sent to the proxy server and stored for
future requests from other clients.
Web Caching: Proxy Servers
•The proxy server reduces the load on the original server, decreases
traffic and improves latency.
•Proxy server acts as both server and client.
Proxy Server Location
FTP: File Transfer Protocol
•File Transfer Protocol (FTP) is the standard protocol provided by
TCP/IP for copying a file from one host to another.
FTP: Two Connections
•Control Connection: Remains connected during the entire interactive
FTP session.
•Data Connection: Opened and then closed for each file transfer
activity.
•When a user starts an FTP session, the control connection open.
•While the control connection is open, the data connection can be
opened and closed multiple times if several files are transferred.
•FTP uses two well-known TCP ports: port 21 is used for the control
connection and port 20 is used for the data connection.
Data Connection

Data connection uses the well-known port 20 at the server site.

•Client initiates a passive open using an ephemeral port.
•Using the PORT command, the client sends this port number to the
server.
•Server receives the port number and issues an active open using the
well-known port 20 and the received ephemeral port number.
Communication over Data Connection

During the data transfer, the client has to define the following:
•Type of the file to be transferred (ASCII, Image)
•Structure of the data (File, record, page)
•Transmission mode (Stream, block or compressed)

Before sending the file through the data connection, we prepare

for transmission through the control connection.
File Transfer
•Retrieving a file
•Storing a file
•Directory listing
Security for FTP
•FTP protocol was designed when security is not a big issue.
•Although FTP requires a password, the password is sent in plain text
(Unencrypted).
•It can be intercepted and used by an attacker.
•Data transfer connection also transfer data in plain text which is
insecure.
•To be secure, one can add a Secure Socket Layer between the FTP
application layer.
Electronic Mail (E-mail)

•E-mail allows users to exchange messages.

•Considered as a one-way transaction.
•Uses some intermediate computers (servers).
•The users run only client programs when they want and the
intermediate servers apply the client/server paradigm.
Message Transfer Agent: SMTP (Simple
Mail Transfer Protocol)
Mail Transfer Phases

Process of transferring a mail message occurs in three phases:

•Connection establishment
•Mail transfer
•Connection termination.
Mail Transfer Phases: Connection
Establishment
After a client has made a TCP connection to the well-known port
25, SMTP server starts the connection phase.
•The server sends the code 220 (Service ready), to tell client that it
is ready to receive the mail. Sends 421 (service not available).
•Client sends HELO message to identify itself, using its domain
name address.
•The server responds with code 250 (Request command
completed)
Mail Transfer Phases: Message Transfer
•Client sends the MAIL FROM message to introduce the sender of
the message.
•Server responds with code 250.
•Client sends the RCPT TO (Recipient) message, which includes the
mail address of the recipient.
•Server responds with code 250.
•Client sends the DATA message to initialize the message transfer.
Mail Transfer Phases: Connection
Termination
•After the message is transferred successfully, the client terminates
the connection. This phase involves two steps:
•Client sends the QUIT command (221 Service Closed).
•Server responds with code.
Message Access Agent: POP and IMAP
•The third stage uses a message access agent.

Currently two protocols are available:

•POP3 (Post Office Protocol)
•Internet Mail Access Protocol (IMAP4)
POP3

•The client POP3 software is installed on the recipient computer.

The server POP3 software is installed on the mail server.
•Initiated when user needs to download its e-mail from the mailbox.
•The client opens a connection to the server on TCP port 110.
•Sends username and password to access the mailbox.
POP3
POP has two modes:

•Delete mode: The mail is deleted from the mailbox after each
retrieval.
•Keep mode: The mail remains in the mailbox after retrieval.
IMAP4

•Internet Mail Access Protocol, Version 4 , is similar to POP3.

•A user can check the e-mail header prior to downloading.
•A user can partially download e-mail.
•A user can create, delete or rename mailboxes on the mail server.
•A user can create a hierarchy of mailboxes in a folder for e-mail
storage.
Example: When you read an email on your phone, it stays
marked as read on your laptop too — that’s IMAP4 .
MIME

•Email has a simple structure and cannot be used for audio or video
data.
•Multipurpose Internet Mail Extensions (MIME) is a supplementary
protocol that allows non-ASCII data to be sent through e-mail.
•MIME transforms non-ASCII data at the sender site to NVT (Network
Virtual Terminal) ASCII data and delivers it to the client MTA .
•The message at the receiving site is transformed back to the original
data.
MIME Headers

•MIME Version: Defines the version of MIME used.

•Content-Type: Defines the type of data used in the body of
the message.
•Content-Transfer-Encoding: Defines the method used to encode
the messages into 0s and 1s for transport.
•Content-ID: Identifies the whole message in a multiple
message environment.
•Content Description: Defines whether body is image, audio or video.
Web-Based Mail

•E-mail is provided by some common sites such as Hotmail, Yahoo and

Google.

•Case I: Sender uses the traditional mail server (SMTP) and the
receiver uses web-based server(HTTP).
•Case II: Both sender and receivers uses web servers.
TELNET
•TELNET (Terminal Network) is a remote logging protocol.

•Requires username and password.

• TELNET allows a user on one computer to log in and use another

computer as if they were sitting in front of it.

Example:
A system administrator sitting at home uses TELNET to access a
company’s file server in the office.
A Terminal Driver is a part of
the operating system that A pseudo terminal driver is a
controls how input and software-based terminal — it acts like
output happen between the a real terminal device, but it’s virtual
keyboard/screen (terminal)
and the computer’s
programs.
Secure Shell (SSH)
•Originally designed to replace TELNET.
•Used for several purposes such as remote logging and file transfer.

•Two versions of SSH

•SSH-1 : Deprecated because of security flaws
•SSH-2
Components
•SSH is an application-layer protocol with three components.
•Creates a secured channel on top of the TCP.

Services provided:
•Privacy or confidentiality of the message exchanged.
•Data integrity: Guaranteed that the messages exchanged
between the client and server are not changed by an intruder.
•Server authentication
•Compression of messages
SSH Authentication Protocol (SSH-AUTH)
•After a secure channel is established between the client and the
server, server is authenticated for the client.
•SSH can call another procedure that can authenticate the client
for the server.
•Authentication starts with client, which sends a request message to
the server.
•Request includes username, server name, method of authentication,
required data.
•Server responds with a success or a failure message.
SSH Connection Protocol (SSH-CONN)
•Uses the secure channel and transfers the data.
Applications : SSH
•SSH for remote Logging: Several free and commercial applications use
SSH for remote logging. (Putty, Tectia)
•SSH for File Transfer: SFTP (Secure FTP) is used for file transfer.
•Port Forwarding: Creates a tunnel through which the messages
belonging to other protocol can travel. (SSH Tunnelling)
Domain Name System (DNS)
•TCP/IP protocols uses the IP address, which uniquely identifies the
connection of a host to the Internet.
•People prefer to use names instead of numeric addresses.
•Internet needs a directory system to map a name to an address.
•A central directory system cannot hold all the mapping.
•Solution is to distribute the information among many computers in
the world.
Map Host to IP address
•The user passes the host name to client.
•Client passes the host name to DNS client.
•DNS client sends a message to DNS Server with a query.
•DNS server responds with the IP address.
•DNS server passes the IP address.
•The client now uses the received IP address to access the file transfer
server.
Name Space
•Names must be unique because the addresses are unique.

Name space that maps each address to unique name can be organized
in two ways:
•Flat
•Hierarchical
Flat Name Space
•In a flat name space, a name is assigned to an address.
•A name in this space is a sequence of characters without structure.

Hierarchical Name Space

•Each name is made of several parts.
•First part can define the nature of organization, second part name
of organization and third part can define department.
•[Link]
Domain Name Space

Label:
•Each node in the tree has a label, i.e., of maximum of 63 characters.
•Root label is null string.
•DNS requires that children of a node have different labels, which
guarantees the uniqueness of domain names
Domain Name Space
Domain Name:
•Each node in the tree has a domain name.
•A full domain name is a sequence of labels separated by dots.
•The domain names are always read from the node up to the root.
•The last label is the label of the root (null).
•If a label is terminated by a null string, it is called a fully qualified
domain name FQDN else it is called Partially qualified domain
name PQDN
Domain
•A domain is a subtree of the domain name space.
•The name of the domain is the name of the node at the top of the
subtree.
•A domain may itself be divided into domains.
Hierarchy of Name Servers
•The information about the domain names are distributed among
many computers called DNS Servers.
•Whole space is divided into domains based on the first level.
Zone
•Complete domain is divided among many servers.
•A zone refers to the portion for which a specific DNS server has
administrative authority.
•Server makes a database called a zone file and keeps all the
information for every node under that domain.
Root Server

•A root server is a server whose zone consists of the whole tree.

•Does not store any information about domains but delegates its
authority to other servers.
•There are several root servers, each covering the whole domain
space.
Primary and Secondary Servers
Primary Server:
•Stores a file about the zone for which it is an authority.
•Creates/Updates/Maintains the zone file.
Secondary Server:
• Server that transfers the complete information about a zone
from another server and stores it on local disk.
•Neither creates nor updates the zone files.
•Gets the update from primary server.
DNS in the Internet
•DNS is a protocol that can be used in different platforms.

In Internet, the domain name space (tree) is divided into three

sections:
•Generic domains
•Country domains
•Inverse domains
Resolution

•Mapping a name to an address is called name-address resolution.

•DNS is a client-server application.
•Host that needs to map an address to a name calls a DNS client called
a resolver.
•The resolver accesses the closest DNS server with a mapping request.
Resolution
•If the server has the information, it provides to the resolver.
• otherwise, it either refers the resolver to other servers or asks
other servers to provide the information.
•After the resolver receives the mapping, it delivers the result to
the process that requested it.

Resolution can be of two types:

•Recursive Resolution
•Iterative Resolution
Caching
•Each time a server receives a query for a name that is not in its
domain, it needs to search its database for a server IP address.

•When a server asks for a mapping from another server and receives
the response, it stores this information in its cache memory.

•To inform the client that the response is coming from the cache
memory and not from an authoritative source, the server marks
the response as unauthoritative.
Caching
•If a server caches a mapping for a long time, it may send an outdated
mapping to a client.

Two techniques:
•TTL (Time to Live): Time in seconds that the receiving server can
cache the information.
•TTL Counter: Each server keep a TTL counter for each mapping it
caches.
Resource Records
•A name server stores a database of resource records.
DNS Messages

To retrieve information about hosts, DNS uses two types of messages:

•Query
•Response
DNS Messages
•Identification: Used by the client to match the response with the
query.
•Flag: Defines whether the message is a query or response, includes
status of error.
•Next four fields: Define the number of each record type in the
message.
•Question: Consists of one or more questions.
•Answer: One or more resource records.
DNS Messages
•Authoritative Section: Gives information about one or more
authoritative servers for the query.
•Additional Section: Provides the additional information that may help
the resolver.
Encapsulation

•DNS can use either UDP or TCP.

•Both cases uses a well-known port 53.
•UDP is used when the size of the response message is less than 512
bytes.
•TCP is used if the size is more than 512 bytes.
Registrars
•New domains are added to DNS via registrar.
•Commercial entity accredited by ICANN.
•A registrar first verifies that the requested domain name is
unique and then enters into the DNS database.
•A fee is charged.
•Organization must give the name of its server and the IP address of
the server.
DDNS
•In DNS, when there is a change, such as adding a new host, removing
a host, or changing an IP address, the change must be made to the
DNS master file.

•The DNS master file must be updated dynamically.

•The Dynamic Domain Name System (DDNS) therefore was devised to

respond to this need.
DDNS
•In DDNS, when a binding between a name and an address is
determined, the information is sent using DHCP to primary DNS
Server.
•The primary server updates the zone.
The secondary servers are notified either actively or passively.
•Active Notification: Primary server sends a message to the secondary
servers about the change in the zone.
•Passive Notification: The secondary servers periodically check for any
changes.
THANK YOU