UNIT V : APPLICATION LAYER

WWW and HTTP – FTP – Email –POP3 –

IMAP – MIME, Telnet –SSH – DNS – SNMP.
 INTRODUCTION

• The application layer is the highest layer in the protocol suite.

• The application layer provides services to the user.
• Communication is provided using a logical connection, which means that
the two application layers assume that there is an imaginary direct
connection through which they can send and receive messages.
• The application layer is the only layer that provides services to the
Internet user
• The application layer exchange messages with their peers on other
machines
• Applications need their own protocols. These applications are part of
network protocol.
• Types of Application Protocols:
• Standard and Nonstandard Protocols
Standard Application-Layer Protocols
▪ Two very widely-used standardized application protocols:
1. SMTP : Simple Mail Transfer Protocol is used to exchange
electronic mail.
2. HTTP : Hyper Text Transport Protocol is used to communicate
between Web browsers and Web servers.
Nonstandard Application-Layer Protocols
• A programmer can create a non standard application-layer program if they
can write two programs that provide service to the user by interacting with
the transport layer.

APPLICATION-LAYER PARADIGMS
• Two paradigms have been developed for Application Layer
1. Traditional Paradigm :Client-Server
2. New Paradigm : Peer-to-Peer
Client-Server Paradigm

Peer-to-Peer(P2P) Paradigm
 WWW (WORLD WIDE WEB)
• WWW is a distributed client/server service, in which a client (Browsers
such as IE, Firefox, etc.) can access services at a server (Web server
such as IIS(Internet Information Services), Apache).
• The service provided is distributed over many locations called sites.
• A new protocol for the Internet and a system of document access to use
it was proposed and named as WWW.
• This system allows document search and retrieval from any part of the
Internet.
• The units of information on the web can be referred to as pages,
documents or resources.
• A document can contain text, images, sound and video, together called
Hypermedia.
• Web is a vast collection of data, information, software and protocols ,
spread across the world in web servers, which are accessed by client
machines by browsers through theInternet.
COMPONENTS OF THE WEB

Structural Components
• WebClients/Browsers
• WebServers
• WebCaches
• Internet
Semantic Components
• Hyper Text Transfer Protocol(HTTP)
• Hyper Text Markup Language(HTML)
• eXtensible Markup Language(XML)
• Uniform Resource Identifier(URI)
WEB CLIENTS (BROWSERS)

• A browser is a software on the client on the web which initiates the

communication with the server.
• Each browser usually consists of three parts: a controller, client
protocols, and interpreters.
• The controller receives input from the keyboard or the mouse and uses the
client programs to access the document. After the document has been
accessed, the controller uses one of the interpreters to display the document
on the screen.
• Examples are Internet Explorer, Mozilla FireFox, Netscape Navigator,
Safari etc.
WEB SERVERS
• All the communication between the web client and a web server use the
standard protocol called as HTTP.
• Web server informs its operating system to accept incoming network
connections using a specific port on the machine.
• The server also runs as a background process.
• A client (browser) opens a connection to the server, sends a request,
receives information from server and closes the connection.
• Web server monitors a communications port on its host machine,
accepts the http commands through it and performs specified
operations.
• HTTP commands include a URL specifying the host machine.
• The URL received is translated into either a filename or a program
name, accordingly the requested file or the output of the program
execution is sent back to the browser.
PROXY SERVER
• A Proxy server is a computer that keeps copies of responses to recentre
quests.
• The web client sends a request to the proxyserver.
• The proxy server checks its cache.
• If the response is not stored in the cache, the proxy server sends the
request to the corresponding server.
URL - UNIFORM RESOURCE LOCATOR
• Uniform Resource Locator (URL), uniquely identify resources on the
Internet
• URL provides information about its location on the Web
• When a user enters URL, browser forms a request message and sends
it to the server.
• Web server retrieves the requested URL and sends back a response
message.
• Web browser renders the response in HTML or appropriate format.
• Format :http://www.domain_name/filename
• Example :http://www.cs.hello.org/index.html
URI - Uniform Resource Identifiers
• URI is a string that identifies resources such as document, image,
service, etc.
• It is of the form scheme: scheme-specific Scheme identifies a resource
type, such as mail to for mail address, file for file name, etc. and
scheme-specific is a resource identifier.
• Example is mailto:abc123@gmail.com
• URI identifies a resource, whereas URL is used to locate are source.

WEB DOCUMENTS
Static Documents
• Static documents are fixed-content documents that are created and stored in a
server.
• The client can get a copy of the document only.
• Static documents are prepared using one of several languages:
1. Hyper Text Markup Language(HTML)
2. Extensible Markup Language(XML)
3. Extensible Style Language(XSL)
4. Extensible Hypertext Markup Language(XHTML).
Dynamic Documents
• A dynamic document is created by a web server whenever a browser
requests the document.
• When a request arrives, the web server runs an application program or a
script that creates the dynamic document.
• The server returns the result of the program or script as a response to the
browser that requested the document.
• Dynamic documents can be retrieved using one of several scripting
languages:
1. Common Gateway Interface(CGI)
2. Java Server Pages(JSP)
3. Active Server Pages(ASP)
4. Cold Fusion
Active Documents
• For many applications, we need a program or a script to be run at the
client site. These are called active documents.
• For example, suppose we want to run a program that creates animated
graphics on the screen or a program that interacts with the user.
• The program definitely needs to be run at the client site where the
animation or interaction takes place.
• When a browser requests an active document, the server sends a copy of
the document or a script.
• The document is then run at the client (browser) site.
• Active documents can be created using one of several languages:
1. Java Applet – A program written in Java on the server. It is
compiled and ready to be run. The document is in byte code format.
2. Java Script - Download and run the script at the client site.
 HTTP (HYPERTEXT TRANSFER PROTOCOL)

• The Hyper Text Transfer Protocol (HTTP) is used to define how the client-
server programs can be written to retrieve web pages from the Web.
• It is a protocol used to access the data on the World Wide Web(WWW).
• The HTTP protocol can be used to transfer the data in the form of plain
text, hypertext, audio, video, and so on.
• HTTP is a stateless request/response protocol that governs client/server
communication.
• An HTTP client sends a request; an HTTP server returns a response.
• The server uses the port number 80; the client uses a temporary port
number.
• HTTP uses the services of TCP , a connection-oriented and reliable
protocol.
• HTTP is a text-oriented protocol. It contains embedded URL known
aslinks.
Features of HTTP
• Connectionless protocol
• Media independent
• Stateless
HTTP REQUEST AND RESPONSE MESSAGES
• The HTTP protocol defines the format of the request and response
messages.
1. Request Message: The request message is sent by the client that
consists of a request line, headers, and sometimes abody.
2. Response Message: The response message is sent by the server to the
client that consists of a status line, headers, and sometimes a body.
HTTP REQUEST MESSAGE

HTTP RESPONSE MESSAGE

HTTP CONNECTIONS
• HTTP Clients and Servers exchange multiple messages over the same TCP
connection.
• If some of the objects are located on the same server, we have two choices:
to retrieve each object using a new TCP connection or to make a TCP
connection and retrieve the mall.
• The first method is referred to as a non-persistent connection, the second as
a persistent connection.
• HTTP 1.0 uses non-persistent connections and HTTP 1.1 uses persistent
connections .
NON-PERSISTENT CONNECTIONS
• In a non-persistent connection, one TCP connection
is made for each request/response.
• Only one object can be sent over a single TCP
connection
• The client opens a TCP connection and sends a
request.
• The server sends the response and closes the
connection.
• It then closes the connection.
PERSISTENT CONNECTIONS
• HTTP version 1.1 specifies a persistent
connection by default.
• Multiple objects can be sent over a single
TCP connection.
• In a persistent connection, the server leaves
the connection open for more requests after
sending a response.
• The server can close the connection at the
request of a client or if a time-out has been
reached.
• Time and resources are saved using
persistent connections. Only one set of
buffers and variables needs to be set for the
connection at each site.
• The round trip time for connection
establishment and connection termination
is saved.
HTTP COOKIES
▪ An HTTP cookie (also called web cookie, Internet cookie, browser
cookie, or simply cookie) is a small piece of data sent from a website
and stored on the user's computer by the user's web browser while the
user is browsing.
▪ HTTP is stateless , Cookies are used to add State.
▪ Cookies were designed to be a reliable
mechanism for websites to remember state ful
information (such as items added in the shopping cart in an online
store) or to record the user's browsing activity (including clicking
particular buttons, logging in, or recording which pages were visited in
the past).
▪ They can also be used to remember arbitrary pieces of information that
the user previously entered into form fields such as names, addresses,
passwords, and credit card numbers.
Components of Cookie
• A cookie consists of the following components:
1. Name
2. Value
3. Zero or more attributes (name/value pairs). Attributes store
information such as the cookie's expiration, domain, and flags.
TYPES OF COOKIES

1. Authentication cookies
2. Tracking cookies
3. Session cookie
4. Persistent cookie

HTTP CACHING

• HTTP Caching enables the client to retrieve document faster and reduces
load on the server.
• HTTP Caching is implemented at Proxy server, ISP router and Browser.
• Server sets expiration date (Expires header) for each page, beyond which
it is not cached.
• HTTP Cache document is returned to client only if it is an updated copy
by checking against If-Modified-Since header.
• If cache document is out-of-date, then request is forwarded to the server
and response is cached along the way.
• A web page will not be cached if no-cache directive is specified.
HTTP SECURITY
• HTTP does not provide security.
• However HTTP can be run over the Secure Socket Layer(SSL).
• In this case, HTTP is referred to as HTTPS.
• HTTPS provides confidentiality, client and server authentication,
and data integrity.
 FTP (FILE TRANSFER PROTOCOL)
• FTP stands for File transfer protocol.
• FTP is a standard internet protocol provided by TCP/IP used for
transmitting the files from one host to another.
• It is mainly used for transferring the web page files from their creator to
the computer that acts as a server for other computers on the internet.
• It is also used for downloading the files to computer from other servers.
• Although we can transfer files using HTTP, FTP is a better choice to
transfer large files or to transfer files using different formats.
FTP OBJECTIVES
• It provides the sharing of files.
• It is used to encourage the use of remote computers.
• It transfers the data more reliably and efficiently.
 FTP MECHANISM
The FTP client has three components:
• user interface, control process, and data transfer process.
The server has two components:
• server control process and server data transfer process.
 FTP CONNECTIONS
• There are two types of connections in FTP -
– Control Connection and Data Connection.
• The two connections in FTP have different lifetimes.
• The control connection remains connected during the entire interactive FTP
session.
• The data connection is opened and then closed for each file transfer
activity. When a user starts an FTP session, the control connection opens.
• FTP uses two well-known TCP ports:
– Port 21 is used for the control connection
– Port 20 is used for the data connection.
 EMAIL (SMTP, MIME, IMAP, POP)
• One of the most popular Internet services is electronic mail (E-mail).
• Email is one of the oldest network applications.
• The three main components of an Email are
1. User Agent (UA)
2. Messsage Transfer Agent (MTA) – SMTP
3. Messsage Access Agent (MAA) – IMAP(Internet Message Access
Protocol) , POP3(Post Office Protocol)
• When the sender and the receiver of an e-mail are on the same system, we
need only two User Agents and no Message Transfer Agent.
• When the sender and the receiver of an e-mail are on different system, we
need two UA, two pairs of MTA (client and server), and two MAA (client
and server).
WORKING OF EMAIL
 SIMPLE MAIL TRANSFER PROTOCOL (SMTP)

• SMTP is the standard protocol for transferring mail between hosts in the
TCP/IP protocol suite.
• SMTP is not concerned with the format or content of messages themselves.
– SMTP uses information written on the envelope of the mail (message
header), but does not look at the contents (message body) of the
envelope.
• SMTP clients and servers have two main components
O User Agents(UA) – Prepares the message, encloses it in an envelope.
O Mail Transfer Agent (MTA) – Transfers the mail across the internet
SMTP MAIL FLOW
 SMTP COMMANDS AND RESPONSES
• The operation of SMTP consists of a series of commands and responses
exchanged between the SMTP sender and SMTP receiver.
• The initiative is with the SMTP sender, who establishes the TCP connection.
• Once the connection is established, the SMTP sender sends commands over the
connection to the receiver.
• The command is from an MTA client to an MTA server; the response is from an
MTA server to the MTA client.

SMTP OPERATIONS

Basic SMTP operation occurs in three phases:

1. Connection Setup
2. Mail Transfer
3. Connection Termination
MULTIPURPOSE INTERNET MAIL EXTENSION (MIME)
• SMTP provides a basic email service, while MIME adds multimedia capability
to SMTP.
• MIME is an extension to SMTP and is used to overcome the problems and
limitations of SMTP.
• Email system was designed to send messages only in ASCII format.
• Languages such as French, Chinese, etc., are not supported.
• Image, audio and video files cannot be sent.
• MIME adds the following features to email service:
• Be able to send multiple attachments with a single message;
• Unlimited message length;
• Use of character sets other than ASCII code;
• Use of rich text (layouts, fonts, colors, etc)
• Binary attachments (executables, images, audio or video files, etc.), which may
be divided if needed.
 IMAP (INTERNET MAIL ACCESS PROTOCOL)
• IMAP is an Application Layer Internet protocol that allows an e-mail client to
access e-mail on a remote mail server.
• It is a method of accessing electronic mail messages that are kept on a possibly
shared mail server.
• IMAP is similar to SMTP in many ways.
• IMAP is a client/server protocol running over TCP on port 143.
• IMAP allows multiple clients simultaneously connected to the same mailbox,
and through flags stored on the server, different clients accessing the same
mailbox at the same or different times can detect state changes made by other
clients.
• For example, email stored on an IMAP server can be manipulated from a
desktop computer at home, a workstation at the office, and a notebook computer
while travelling, without the need to transfer messages or files back and forth
between these computers.
• IMAP can support email serving in three modes:
• Offline
• Online
• Disconnected operation
POST OFFICE PROTOCOL (POP3)
• Post Office Protocol (POP3) is an application-layer Internet standard
protocol used by local e-mail clients to retrieve e-mail from a remote server
over a TCP/IP connection.
– There are two versions of POP.
• The first, called POP2, became a standard in the mid-80's and requires
SMTP to send messages.
• The current version, POP3, can be used with or without SMTP. POP3 uses
TCP/IP port 110.
• POP is a much simpler protocol, making implementation easier.
• POP supports offline access to the messages, thus requires less internet
usage time
• POP does not allow search facility.
• In order to access the messages, it is necessary to download them.
• It allows only one mailbox to be created on server.
• It is not suitable for accessing non mail data.
 TELNET (TERMINAL NETWORK)
• TELNET is the original remote logging protocol, based on client-server
program.
• Telnet provides a connection to the remote computer in such a way that a
local terminal appears to be at the remote side.
• TELNET allows us to explain the issues and challenges related to the
concept of remote logging.
• Network administrators often use TELNET for diagnostic and debugging
purposes.
• TELNET requires a logging name and password.
• It is vulnerable to hacking because it sends all data including the password
in plaintext (not encrypted).
• A hacker can eavesdrop and obtain the logging name and password.
Because of this security issue, the use of TELNET has diminished.
TYPES OF TELNET LOGGING

There are two types of TELNET logging:

Local Logging and Remote Logging
Local Login

Remote Logging
 SSH (SECURE SHELL)
• Secure Shell (SSH) is a secure application program that can be used today for
several purposes such as remote logging and file transfer, it was originally
designed to replace TELNET.
• There are two versions of SSH: SSH-1 and SSH-2, which are totally
incompatible. The first version, SSH-1, is now deprecated because of security
flaws in it.
SSH COMPONENTS
SSH is an application-layer protocol with three components:
1.SSH Transport-Layer Protocol (SSH-TRANS)
2.SSH Authentication Protocol (SSH-AUTH)
3. SSH Connection Protocol (SSH-CONN)
SSH APPLICATIONS
• SSH for Remote Logging
• SSH for File Transfer
• Port Forwarding

SSH PACKET FORMAT

SECURING FTP APPLICATIONS USING SSH

 DNS (DOMAIN NAME SYSTEM)
• Domain Name System was designed in 1984.
• DNS is used for name-to-address mapping.
• The DNS provides the protocol which allows clients and servers to
communicate with each other.
• Eg: Host name like www.yahoo.com is translated into numerical IP
addresses like 207.174.77.131
• Domain Name System (DNS) is a distributed database used by TCP/IP
applications to map between hostnames and IP addresses and to provide
electronic mail routing information.
• Each site maintains its own database of information and runs a server
program that other systems across the Internet can query.

WORKING OF DNS
• The following six steps shows the working of a DNS. It maps the host name to
an IP address:
• The user passes the host name to the file transfer client.
• The file transfer client passes the host name to the DNS client.
• Each computer, after being booted, knows the address of one DNS server. The
DNS client sends a message to a DNS server with a query that gives the file
transfer server name using the known IP address of the DNS server.
• The DNS server responds with the IP address of the desired file transfer server.
• The DNS server passes the IP address to the file transfer client.
• The file transfer client now uses the received IP address to access the file
transfer server.
NAME SPACE
• To be unambiguous, the names assigned to machines must be carefully
selected from a name space with complete control over the binding between
the names and IP address.
• The names must be unique because the addresses are unique.
• A name space that maps each address to a unique name can be organized in
two ways: flat (or) hierarchical.

DOMAIN NAME SPACE

➢ To have a hierarchical name space, a domain name space was designed.

In this design, the names are defined in an inverted-tree structure with the
root at the top.
➢ Each node in the tree has a label, which is a string with a maximum of 63
characters.
➢ The root label is a null string.
➢ DNS requires that children of a node have different labels, which
guarantees the uniqueness of the domain names.
HIERARCHY OF NAME SERVERS
• The way to distribute information among DNS servers is to divide the
whole space into many domains based on the first level.
• Let the root stand-alone and create as many domains as there are first level
nodes.
• Because a domain created this way could be very large,
• DNS allows domains to be divided further into smaller domains.
• Thus we have a hierarchy of servers in the same way that we have a
hierarchy of names.
DNS IN THE INTERNET
• DNS is a protocol that can be used in different platforms.
• In the Internet, the domain name space (tree) is divided into three different
sections - Generic domains, Country domains, and Inverse domain.

Generic Domains
Country Domains
• The country domains section follows the same format as the generic domains
but uses two characters for country abbreviations
• E.g.; in for India, us for United States etc) in place of the three character
organizational abbreviation at the first level.

Inverse Domains
➢ Mapping an address to a name is called Inverse domain.
➢ The client can send an IP address to a server to be mapped to a domain
name and it is called PTR(Pointer) query.
➢ To answer queries of this kind, DNS uses the inverse domain
SNMP - SIMPLE NETWORK MANAGEMENT PROTOCOL
• The Simple Network Management Protocol (SNMP) is a framework for
managing devices in an internet using the TCP/IP protocol suite.
• SNMP is an application layer protocol that monitors and manages routers,
distributed over a network.
• It provides a set of operations for monitoring and managing the internet.
• SNMP uses services of UDP on two well-known ports: 161 (Agent) and 162
(manager).
• SNMP uses the concept of manager and agent.
SNMP MANAGER
• A manager is a host that runs the SNMP client program
• The manager has access to the values in the database kept by the agent.
• A manager checks the agent by requesting the information that reflects the
behavior of the agent.
• A manager also forces the agent to perform a certain function by resetting
values in the agent database.
• For example, a router can store in appropriate variables the number of packets
received and forwarded.
• The manager can fetch and compare the values of these two variables to see if
the router is congested or not.
SNMP AGENT
• The agent is a router that runs the SNMP server program.
• The agent is used to keep the information in a database while the manager is
used to access the values in the database.
• For example, a router can store the appropriate variables such as a number of
packets received and forwarded while the manager can compare these variables
to determine whether the router is congested or not.
• Agents can also contribute to the management process.
• A server program on the agent checks the environment, if something goes
wrong, the agent sends a warning message to the manager.

SNMP MANAGEMENT COMPONENTS

• Management of the internet is achieved through simple interaction between a
manager and agent.
• Management is achieved through the use of two protocols:
o Structure of Management Information (SMI)
o Management Information Base (MIB)
Structure of Management Information (SMI)
• To use SNMP, we need rules for naming objects.
• SMI is a protocol that defines these rules.
• SMI is a guideline for SNMP
• It emphasizes three attributes to handle an object: name, data type, and
encoding method.
• Its functions are:
– To name objects.
– To define the type of data that can be stored in an object.
– To show how to encode data for transmission over the network.
Management Information Base (MIB)
• The Management Information Base (MIB) is the second component used in
network management.
• Each agent has its own MIB, which is a collection of objects to be managed.
• MIB classifies objects under groups.