MODULE 5

Application Layer
 UNIT – IV
APPLICATION LAYER
WWW and HTTP – FTP – Email-
Telnet –SSH – DNS – SNMP
INTRODUCTION
• The application layer is the highest layer in the protocol suite.
• It is the top most Layer is Used By network applications
• Network application Means Computer applications that Used Internet
like Google Chrome
• The application layer provides services to the user.
• Is responsible for maintain g a smooth interaction between the
application and the user
INTRODUCTION
• It is a layer through which user can interact ,because the application layer
send the data in the form of user readable format and your sending the data
in the user readable format .
• The application layer is the only layer that provides services to the Internet
user
• Types of Application Protocols:
• Standard and Nonstandard Protocols
Standard Application-Layer Protocols

• There are several application-layer protocols that have been

standardized and documented by the Internet authority.

• Each standard protocol is a pair of computer programs that

interact with the user and the transport layer to provide a
specific service to the user.
Two very widely-used standardized application protocols:

SMTP : Simple Mail Transfer Protocol is used to exchange electronic mail.

HTTP : Hyper Text Transport Protocol is used to communicate between Web

browsers and Web servers.
Nonstandard Application-Layer
Protocols
• A programmer can create a nonstandard application-layer program if they can
write two programs that provide service to the user by interacting with the
transport layer.
Providing Services
• File Transferring
• Accessing the file
• Managing the file
• Addressing
• Mail Service
• Directory Service
NETWORK APPLICATION
ARCHITECTURES
Two paradigms have been developed for Application Layer

1. Traditional Paradigm : Client-Server

2. New Paradigm : Peer-to-Peer

Client-Server ARCHITECTURE
The traditional paradigm is called the client-server paradigm.
It was the most popular Paradigm.
In this paradigm, the service provider is an application program, called the
server process; it runs continuously, waiting for another application program,
called the client process, to make a connection through the Internet and ask
for service.
The server process must be running all the time; the client process is started
when the client needs to receive service.
There are normally some server processes that can provide a specific type of
service, but there are many clients that request service from any of these server
processes.
Some of the better-known applications with a client-server architecture include
the Web, FTP, Telnet, and e-mail.
Client-Server Paradigm
Peer-to-Peer(P2P)
ARCHITECTURE
A new paradigm, called the peer-to-peer paradigm has emerged to
respond to the needs of some new applications.
In this paradigm, there is no need for a server process to be running
all the time and waiting for the client processes to connect.
The responsibility is shared between peers.
A computer connected to the Internet can provide service at one
time and receive service at another time.
A computer can even provide and receive services at the same time.
P2P applications face challenges of security, performance, and
reliability due to their highly decentralized structure.
Mixed Paradigm
An application may choose to use a mixture of the two paradigms by
combining the advantages of both.
For example, a light-load client-server communication can be used
to find the address of the peer that can offer a service.
When the address of the peer is found, the actual service can be
received from the peer by using the peer-to-peer paradigm.
WWW (WORLD WIDE WEB)
WWW is a distributed client/server service, in which a client
(Browsers such as IE, Firefox, etc.) can access services at a server
(Web server such as IIS, Apache).
The service provided is distributed over many locations called sites.
WWW was constructed originally by a small group of people led by
Tim Berners Lee at CERN, in 1989 and in 1991 this was released to
the world.
A new protocol for the Internet and a system of document access to
use it was proposed and named as WWW.
WWW (WORLD WIDE WEB)
• This system allows document search and retrieval from any part of
the Internet.
The documents were having Hypertext as the content
The units of information on the web can be referred to as pages,
documents or resources.
A document can contain text, images, sound and video, together
called Hypermedia.
Web is a vast collection of data, information, software and
protocols , spread across the world in web servers, which are
accessed by client machines by browsers through the Internet.
COMPONENTS OF THE WEB
Structural Components
1. Web Clients/Browsers
2. Web Servers
3. Web Caches
4. Internet
Semantic Components
1. Hyper Text Transfer Protocol (HTTP)
2. Hyper Text Markup Language (HTML)
3. eXtensible Markup Language (XML)
4. Uniform Resource Identifier (URI)
COMPONENTS OF THE WEB
Clients use browser application to send URL’s via HTTP to servers
requesting a Web page.
Web pages constructed using HTML /XML and consist of text, graphics,
sounds plus embedded files Servers (or caches) respond with
requested Web page.
Client’s browser renders Web page returned by server
Web Page is written using Hyper Text Markup Language (HTML)
Displays text, graphics and sound in browser
The entire system runs over standard networking protocols (TCP/IP,
DNS)
WEB CLIENTS (BROWSERS)
A browser is a software on the client on the web which initiates the
communication with the server.
Each browser usually consists of three parts:
 a controller,
 client protocols, and
 interpreters.
The controller receives input from the keyboard or the mouse and uses the
client programs to access the document.
After the document has been accessed, the controller uses one of the
interpreters to display the document on the screen.
Examples are Internet Explorer, Mozilla FireFox, Netscape Navigator, Safari etc.
WEB CLIENTS (BROWSERS)
WEB SERVERS
All the communication between the web client and a web server use
the standard protocol called as HTTP.
Web server informs its operating system to accept incoming network
connections using a specific port on the machine.
The server also runs as a background process.
A client (browser) opens a connection to the server, sends a request,
receives information from server and closes the connection.
WEB SERVERS
• Web server monitors a communications port on its host machine,
accepts the http commands through it and performs specified
operations.
• HTTP commands include a URL specifying the host machine.
• The URL received is translated into either a filename or a program
name, accordingly the requested file or the output of the program
execution is sent back to the browser.
PROXY SERVER
PROXY SERVER
• Incoming responses are sent to the proxy server and stored for future
requests from other clients.
• The proxy server reduces the load on the original server, decreases
traffic, and improves latency.
• However, to use the proxy server, the client must be configured to
access the proxy instead of the target server.
• The proxy server acts as both server and client.
• When it receives a request from a client for which it has a response, it
acts as a server and sends the response to the client.
PROXY SERVER
• When it receives a request from a client for which it does not have a
response, it first acts as a client and sends a request to the target
server.
• When the response has been received, it acts again as a server and
sends the response to the client.
WEB DOCUMENTS
• The documents in the WWW can be grouped into three broad
categories:
 Static,
 Dynamic and
 Active.
Static Documents
 Static documents are fixed-content documents that are created and stored in a server.
 The client can get a copy of the document only.
 In other words, the contents of the file are determined when the file is created, not when it
is used.
 Of course, the contents in the server can be changed, but the user cannot change them.
 When a client accesses the document, a copy of the document is sent.
 The user can then use a browser to see the document.
 Static documents are prepared using one of several languages:
1. HyperText Markup Language (HTML)
2. Extensible Markup Language (XML)
3. Extensible Style Language (XSL)
4. Extensible Hypertext Markup Language (XHTML).
Dynamic Documents
• A dynamic document is created by a web server whenever a browser
requests the document.
• When a request arrives, the web server runs an application program
or a script that creates the dynamic document.
• The server returns the result of the program or script as a response to
the browser that requested the document.
Dynamic Documents
Because a fresh document is created for each request, the contents of a
dynamic document may vary from one request to another.
A very simple example of a dynamic document is the retrieval of the time and
date from a server.
Time and date are kinds of information that are dynamic in that they change
from moment to moment.
Dynamic documents can be retrieved using one of several scripting languages:
1. Common Gateway Interface (CGI)
2. Java Server Pages (JSP)
3. Active Server Pages (ASP)
4. ColdFusion
Active Documents
• For many applications, we need a program or a script to
be run at the client site.
• These are called active documents.
• For example, suppose we want to run a program that
creates animated graphics on the screen or a program
that interacts with the user.
• The program definitely needs to be run at the client site
where the animation or interaction takes place.
Active Documents
When a browser requests an active document, the server sends a
copy of the document or a script.
The document is then run at the client (browser) site.
Active documents can be created using one of several languages:
1. Java Applet – A program written in Java on the server. It is compiled
and ready to be run. The document is in bytecode format.
2. Java Script - Download and run the script at the client site.
URL - UNIFORM RESOURCE
LOCATOR
• Uniform Resource Locator (URL), uniquely identify resources on the
Internet
• URL provides information about its location on the Web
• When a user enters URL, browser forms a request message and sends it
to the server.
• Web server retrieves the requested URL and sends back a response
message.
• Web browser renders the response in HTML or appropriate format.
• Format : [Link]
• Example : [Link]
The URL defines four parts –
• Method,
• Host computer,
• Port, and
• Path.
• Method: The method is the protocol used to retrieve the document from a
server. For example, HTTP.
• Host: The host is the computer where the information is stored, and the
computer is given an alias name. Web pages are mainly stored in the computers
and the computers are given an alias name that begins with the characters
"www". This field is not mandatory.
• Port: The URL can also contain the port number of the server, but it's an
optional field. If the port number is included, then it must come between the
host and path and it should be separated from the host by a colon.
• Path: Path is the pathname of the file where the information is stored. The path
itself contain slashes that separate the directories from the subdirectories and
files.
URI - Uniform Resource
Identifiers
• URI is a string that identifies resources such as document, image,
service, etc.
• It is of the form scheme:scheme-specific
• Scheme identifies a resource type, such as mailto for mail address, file
for file name, etc. and scheme-specific is a resource identifier.
• Example is mailto: abc123@[Link]
• URI identifies a resource, whereas URL is used to locate a resource.
HTTP (HYPERTEXT TRANSFER
PROTOCOL)
• The Hyper Text Transfer Protocol (HTTP) is used to define how the
client server
• programs can be written to retrieve web pages from the Web.
• It is a protocol used to access the data on the World Wide Web
(WWW).
• The HTTP protocol can be used to transfer the data in the form of
plain text, hypertext, audio, video, and so on.
• HTTP is a stateless request/response protocol that governs
client/server communication.
HTTP
• An HTTP client sends a request; an HTTP server returns a response.
• The server uses the port number 80; the client uses a temporary port
number.
• HTTP uses the services of TCP , a connection-oriented and reliable
protocol.
• HTTP is a text-oriented protocol. It contains embedded URL known as
links.
• When hypertext is clicked, browser opens a new connection, retrieves
file from the server and displays the file.
HTTP
• Each HTTP message has the general form
START_LINE <CRLF>
MESSAGE_HEADER <CRLF>
<CRLF> MESSAGE_BODY <CRLF>
• where <CRLF> stands for
carriage-return-line-feed.
Features of HTTP
• Connectionless protocol
• Media independent
• Stateless
HTTP REQUEST AND RESPONSE
MESSAGES
• The HTTP protocol defines the format of the request and response
messages.
HTTP REQUEST AND RESPONSE
MESSAGES
• Request Message: The request message is sent by the client that
consists of a request line, headers, and sometimes a body.
• Response Message: The response message is sent by the server to
the client that consists of a status line, headers, and sometimes a
body.
HTTP REQUEST MESSAGE
Request Line
Request Header
Body
• The body can be present in a request message. It is optional.
• Usually, it contains the comment to be sent or the file to be published
on the website when the method is PUT or POST.
Conditional Request
• A client can add a condition in its request.
• In this case, the server will send the requested web page if the
condition is met or inform the client otherwise.
• One of the most common conditions imposed by the client is the time
and date the web page is modified.
• The client can send the header line If-Modified-Since with the request
to tell the server that it needs the page only if it is modified after a
certain point in time.
HTTP RESPONSE MESSAGE
Status Line
Response Header
HTTP CONNECTIONS
• HTTP Clients and Servers exchange multiple messages
over the same TCP connection.
• If some of the objects are located on the same server,
we have two choices: to retrieve each object using a
new TCP connection or to make a TCP connection and
retrieve them all.
• The first method is referred to as a non-persistent
connection, the second as a persistent connection.
• HTTP 1.0 uses non-persistent connections and HTTP 1.1
uses persistent connections .
NON-PERSISTENT CONNECTIONS
PERSISTENT CONNECTIONS
HTTP COOKIES
Components of Cookie
• A cookie consists of the following components:
1. Name
2. Value
3. Zero or more attributes (name/value pairs).
Attributes store information such as the cookie's
expiration, domain, and flags
Creating and Storing Cookies
• The creation and storing of cookies depend on the implementation;
however, the principle is the same.
• 1. When a server receives a request from a client, it stores
information about the client in a file or a string. The information may
include the domain name of the client, the contents of the cookie
(information the server has gathered about the client such as name,
registration number, and so on), a timestamp, and other information
depending on the implementation.
• 2. The server includes the cookie in the response that it sends to the
client.
• 3. When the client receives the response, the browser stores the
cookie in the cookie directory, which is sorted by the server domain
name.
Using Cookies
• When a client sends a request to a server, the browser looks in the
cookie directory to see if it can find a cookie sent by that server.
• If found, the cookie is included in the request.
• When the server receives the request, it knows that this is an old
client, not a new one.
• The contents of the cookie are never read by the browser or disclosed
to the user. It is a cookie made by the server and eaten by the server.
Types of Cookies
[Link] cookies
[Link] cookies
[Link] cookie
[Link] cookie
HTTP CACHING
HTTP SECURITY
• HTTP does not provide security.
• However HTTP can be run over the Secure Socket Layer
(SSL).
• In this case, HTTP is referred to as HTTPS.
• HTTPS provides confidentiality, client and server
authentication, and data integrity.
FTP (FILE TRANSFER PROTOCOL)
• FTP stands for File transfer protocol.
• FTP is a standard internet protocol provided by TCP/IP used
for transmitting the files from one host to another.
• It is mainly used for transferring the web page files from
their creator to the computer that acts as a server for other
computers on the internet.
• It is also used for downloading the files to computer from
other servers.
• Although we can transfer files using HTTP, FTP is a better
choice to transfer large files or to transfer files using
different formats.
FTP OBJECTIVES
• It provides the sharing of files.
• It is used to encourage the use of remote computers.
• It transfers the data more reliably and efficiently.
FTP CONNECTIONS
FTP CONNECTIONS
Control Connection:
• The control connection uses very simple rules for
communication.
• Through control connection, we can transfer a line of
command or line of response at a time.
• The control connection is made between the control
processes.
• The control connection remains connected during the
entire interactive FTP session.
Data Connection
• The Data Connection uses very complex rules as data
types may vary.
• The data connection is made between data transfer
processes.
• The data connection opens when a command comes for
transferring the files and closes when the file is
transferred.
EMAIL (SMTP, MIME, IMAP, POP)
• One of the most popular Internet services is electronic
mail (E-mail).
• Email is one of the oldest network applications.
• The three main components of an Email are
1. User Agent (UA)
2. Message Transfer Agent (MTA) – SMTP
3. Message Access Agent (MAA) - IMAP , POP
EMAIL
• When the sender and the receiver of an e-mail are on
the same system, we need only two User Agents and no
Message Transfer Agent
• When the sender and the receiver of an e-mail are on
different system, we need two UA, two pairs of MTA
(client and server), and two MAA (client and server).
MESSAGE FORMAT OF EMAIL
• Email message consists of two parts namely header and body.
• Each header line contains type and value separated by a colon
(:).
• Some header contents are:
o From: identifier sender of the message.
o To: mail address of the recipient(s).
o Subject: says about purpose of the message.
o Date: timestamp of when the message was transmitted.
• Header is separated from the body by a blank line.
• Body contains the actual message.
SIMPLE MAIL TRANSFER
PROTOCOL (SMTP)
• SMTP is the standard protocol for transferring mail
between hosts in the TCP/IP protocol suite.
• SMTP is not concerned with the format or content of
messages themselves.
• SMTP uses information written on the envelope of the
mail (message header), but does not look at the
contents (message body) of the envelope.
SMTP COMMANDS AND
RESPONSES
• The operation of SMTP consists of a series of commands
and responses exchanged between the SMTP sender
and SMTP receiver.
• The initiative is with the SMTP sender, who establishes
the TCP connection.
• Once the connection is established, the SMTP sender
sends commands over the connection to the receiver.
• The command is from an MTA client to an MTA server;
the response is from an MTA server to the MTA client.
SMTP OPERATIONS
• Basic SMTP operation occurs in three phases:
1. Connection Setup
2. Mail Transfer
3. Connection Termination
Connection Setup
Mail Transfer
Connection Termination
MULTIPURPOSE INTERNET MAIL
EXTENSION (MIME)
• SMTP provides a basic email service, while MIME adds
multimedia capability to SMTP.
• MIME is an extension to SMTP and is used to overcome
the problems and limitations of SMTP.
• Email system was designed to send messages only in
ASCII format.
• Languages such as French, Chinese, etc., are not
supported.
• Image, audio and video files cannot be sent.
MIME HEADERS
• Using headers, MIME describes the type of message
content and the encoding used.
• Headers defined in MIME are:
 MIME-Version- current version, i.e., 1.1
 Content-Type - message type (text/html,
image/jpeg, application/ pdf)
 Content-Transfer-Encoding - message
encoding scheme (eg base64).
 Content-Id - unique identifier for the message.
 Content-Description - describes type of the
message body.
TELNET (TERMINAL NETWORK)
TELNET OPTIONS
• TELNET lets the client and server negotiate options before or during
the use of the service.
• Options are extra features available to a user with a more
sophisticated terminal.
• Users with simpler terminals can use default features.
TELENT COMMANDS
SSH (SECURE SHELL)
• Secure Shell (SSH) is a secure application program that can be used
today for several purposes such as remote logging and file transfer, it
was originally designed to replace TELNET.
• There are two versions of SSH:
• SSH-1 and SSH-2, which are totally incompatible.
• The first version, SSH-1, is now deprecated because of security flaws
in it.
SSH COMPONENTS
• SSH is an application-layer protocol with three components:
1. SSH Transport-Layer Protocol (SSH-TRANS)
2. SSH Authentication Protocol (SSH-AUTH)
3. SSH Connection Protocol (SSH-CONN)
SSH Transport-Layer Protocol
(SSH-TRANS)
• SSH first uses a protocol that creates a secured channel on top of the
TCP.
• This new layer is an independent protocol referred to as SSH-TRANS.
• When the procedure implementing this protocol is called, the client
and server first use the TCP protocol to establish an insecure
connection.
• Then they exchange several security parameters to establish a secure
channel on top of the TCP.
Services provided by this
protocol
• 1. Privacy or confidentiality of the message exchanged
• 2. Data integrity, which means that it is guaranteed that the messages
exchanged between the client and server are not changed by an
intruder
• 3. Server authentication, which means that the client is now sure that
the server is the one that it claims to be
• 4. Compression of the messages, which improves the efficiency of the
system and makes attack more difficult
SSH Authentication Protocol
(SSH-AUTH)
• After a secure channel is established between the client and the server and the
server is authenticated for the client.
• SSH can call another procedure that can authenticate the client for the server.
• This layer defines a number of authentication tools similar to the ones used in SSL.
• Authentication starts with the client, which sends a request message to the server.
• The request includes the user name, server name, the method of authentication,
and the required data.
• The server responds with either a success message, which confirms that the client
is authenticated, or a failed message, which means that the process needs to be
repeated with a new request message.
SSH Connection Protocol (SSH-
CONN)
• After the secured channel is established and both server and client
are authenticated for each other, SSH can call a piece of software that
implements the third protocol, SSHCONN.
• One of the services provided by the SSH-CONN protocol is
multiplexing.
• SSH-CONN takes the secure channel established by the two previous
protocols and lets the client create multiple logical channels over it.
• Each channel can be used for a different purpose, such as remote
logging, file transfer, and so on.
SSH APPLICATIONS
• SSH is a general-purpose protocol that provides a secure connection
between a client and server.
SSH for Remote Logging
• Several free and commercial applications use SSH for remote logging.
• Among them, we can mention PuTTy, by Simon Tatham, which is a
client SSH program that can be used for remote logging.
• Another application program is Tectia, which can be used on several
platforms.
SSH for File Transfer
• One of the application programs that is built on top of SSH for file
transfer is the Secure File Transfer Program (sftp).
• The sftp application program uses one of the channels provided by
the SSH to transfer files.
• Another common application is called Secure Copy (scp).
• This application uses the same format as the UNIX copy command, cp,
to copy files.
Port Forwarding
• One of the interesting services provided by the SSH protocol is port
forwarding.
• We can use the secured channels available in SSH to access an
application program that does not provide security services.
• Applications such as TELNET and Simple Mail Transfer Protocol
(SMTP),can use the services of the SSH port forwarding mechanism.
• The SSH port forwarding mechanism creates a tunnel through which
the messages belonging to other protocols can travel.
• For this reason, this mechanism is sometimes referred to as SSH
tunneling.
SSH PACKET FORMAT

• The length field defines the length of the packet but does not include
the padding.
• The Padding field is added to the packet to make the attack on the
security provision more difficult.
• The type field designates the type of the packet used in different SSH
protocols.
• The data field is the data transferred by the packet in different protocols.
• The CRC field is used for error detection.
SECURING FTP APPLICATIONS
USING SSH
• The FTP client can use the SSH client on the local site to make a
secure connection with the SSH server on the remote site.
• Any request from the FTP client to the FTP server is carried through
the tunnel provided by the SSH client and server.
• Any response from the FTP server to the FTP client is also carried
through the tunnel provided by the SSH client and server.
DNS (DOMAIN NAME SYSTEM)
• Domain Name System was designed in 1984.
• DNS is used for name-to-address mapping.
• The DNS provides the protocol which allows clients and servers to
communicate with each other.
• Eg: Host name like [Link] is translated into numerical IP addresses
like [Link]
• Domain Name System (DNS) is a distributed database used by TCP/IP
applications to map between hostnames and IP addresses and to provide
electronic mail routing information.
• Each site maintains its own database of information and runs a server
program that other systems across the Internet can query.
WORKING OF DNS
WORKING OF DNS
1. The user passes the host name to the file transfer client.
2. The file transfer client passes the host name to the DNS client.
3. Each computer, after being booted, knows the address of one DNS server.
The DNS client sends a message to a DNS server with a query that gives the
file transfer server name using the known IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer
server.
5. The DNS server passes the IP address to the file transfer client.
6. The file transfer client now uses the received IP address to access the file
transfer server.
NAME SPACE
• To be unambiguous, the names assigned to machines must be
carefully selected from a name space with complete control over the
binding between the names and IP address.
• The names must be unique because the addresses are unique.
• A name space that maps each address to a unique name can be
organized in two ways: flat (or) hierarchical.
Flat Name Space
• In a flat name space, a name is assigned to an address.
• A name in this space is a sequence of characters without structure.
• The main disadvantage of a flat name space is that it cannot be used
in a large system such as Internet because it must be centrally
controlled to avoid ambiguity and duplication.
Hierarchical Name Space
DOMAIN NAME SPACE
Domain Name
• Each node in the tree has a label called as domain name.
• A full domain name is a sequence of labels separated by dots (.)
• The domain names are always read from the node up to the root.
• The last label is the label of the root (null).
• This means that a full domain name always ends in a null label, which
means the last character is a dot because the null string is nothing.
• If a label is terminated by a null string, it is called a fully qualified
domain name (FQDN).
• If a label is not terminated by a null string, it is called a partially qualified
domain name (PQDN).
DNS IN THE INTERNET
• DNS is a protocol that can be used in different platforms.
• In the Internet, the domain name space (tree) is divided into three
different sections
• Generic domains,
• Country domains, and
• Inverse domain.
Generic Domains
Country Domains
• The country domains section follows the same format as the generic
domains but uses two characters for country abbreviations
• E.g.; in for India, us for United States etc) in place of the three
character organizational abbreviation at the first level.
• Second level labels can be organizational, or they can be more
specific, national designation.
• India for example, uses state abbreviations as a subdivision of the
country domain us. (e.g., [Link].)
Inverse Domains
• Mapping an address to a name is called Inverse domain.
• The client can send an IP address to a server to be mapped to a
domain name and it is called PTR(Pointer) query.
• To answer queries of this kind, DNS uses the inverse domain
DNS MESSAGES
• DNS has two types of messages: query and response.
• Both types have the same format.
• The query message consists of a header and question
section.
• The response message consists of a header, question
section, answer section, authoritative section, and
additional section.
DNS CONNECTIONS
• DNS can use either UDP or TCP.
• In both cases the well-known port used by the server is
port 53.
• UDP is used when the size of the response message is
less than 512 bytes because most UDP packages have a
512-byte packet size limit.
• If the size of the response message is more than 512
bytes, a TCP connection is used.
DDNS (DYNAMIC DOMAIN NAME
SYSTEM)
DNS SECURITY
• DNS is one of the most important systems in the Internet
infrastructure; it provides crucial services to Internet users.
• Applications such as Web access or e-mail are heavily dependent on
the proper operation of DNS.
• DNS can be attacked in several ways including:
Attack on Confidentiality
Attack on authentication and integrity
Attack on denial-of-service
THANK YOU