OBJECTIVES(DHCP):

 To give the reasons why we need host configuration protocol.

 To give a historical background of two protocols used for host
configuration in the past.
 To define DHCP as the current Dynamic Host Configuration
Protocol.
 To discuss DHCP operation when the client and server are on the
same network or on different networks.
 To show how DHCP uses two well-known ports of UDP to achieve
configuration.
 To discuss the states the clients go through to lease an IP address
from a DHCP server.

TCP/IP Protocol Suite 1

• INTRODUCTION
• For a computer , four pieces of information are normally
needed to connect to the internet:
– The IP address of the computer
– The subnet mask of the computer
– The IP address of a router
– The IP address of a name server
• These four pieces of information can be stored in a
configuration file and accessed by the computer during the
bootstrap process.
• A bootstrap is the program that initializes the operating
system (OS) during startup
• Previous protocols
• RARP
– RARP maps a physical address to an IP address. RARP is deprecated today for two
reasons.
– First, RARP used the broadcast service of the data link layer, which means that a
RARP server must be present in each network.
– Second, RARP can provide only the IP address of the computer, but a computer
today needs all four pieces of information mentioned above.
• BOOTP (bootstrap protocol)
– Protocol designed to overcome the two deficiencies of the RARP protocol.
– First BOOTP server can be anywhere in the Internet.
– Second, it can provide all pieces of information we mentioned above, including the
IP address.
– BOOTP, however, is a static configuration protocol
– When a client requests its IP address, the BOOTP server consults a table that matches
the physical address of the client with its IP address.
– There are some situations in which we need a dynamic configuration protocol.
– there are occasions when a host wants a temporary IP address to be used for a period
of time. BOOTP cannot handle these situations because the binding between the
physical and IP addresses is static and fixed in a table until changed by the
administrator
• DHCP
• The Dynamic Host Configuration Protocol (DHCP) is a
client/server protocol designed to provide the four pieces of
information.
• The DHCP client and server can either be on the same
network or on different networks.
• DHCP is a successor to BOOTP and is backward compatible
with it.
Client and server on the same network

TCP/IP Protocol Suite 5

 1.The DHCP server issues a passive open command on UDP port
number 67 and waits for a client.

2. A booted client issues an active open command on port number

68 .
The message is encapsulated in a UDP user datagram, using the
destination port number 67 and the source port number 68.

The UDP user datagram, in turn, is encapsulated in an IP datagram.

The client uses all 0s as the source address and all 1s as the
destination address.
3. The server responds with either a broadcast or a unicast
message using UDP source port number 67 and destination
port number 68.
The response can be unicast because the server knows the IP
address of the client. It also knows the physical address of the
client, which means it does not need the services of ARP for
logical to physical address mapping.
 Client and server on two different networks

TCP/IP Protocol Suite 8

As in other application-layer processes, a client can be in one
network and the server in another, separated by several other
networks.

However, there is one problem that must be solved. The DHCP

request is broadcast because the client does not know the IP
address of the server. A broadcast IP datagram cannot pass
through any router. A router receiving such a packet discards it.
Recall that an IP address of all 1s is a limited broadcast address

To solve the problem, there is a need for an intermediary.

One of the hosts (or a router that can be configured to operate at

the application layer) can be used as a relay.

The host in this case is called a relay agent.

The relay agent knows the unicast address of a DHCP server and
listens for broadcast messages on port 67.

When it receives this type of packet, it encapsulates the message

in a unicast datagram and sends the request to the DHCP server.

The packet, carrying a unicast destination address, is routed by

any router and reaches the DHCP server.

The DHCP server knows the message comes from a relay agent
because one of the fields in the request message defines the IP
address of the relay agent.

The relay agent, after receiving the reply, sends it to the DHCP
client.
 Use of UDP ports
The reason for choosing the well-known port 68 instead of an ephemeral
port is to prevent a problem when the reply, from the server to the client,
is broadcast.

When two hosts are sending DHCP request at the same time , a third
identification number called transaction ID differentiates the clients.
To understand the problem, let us look at a situation where an ephemeral port is
used.
Suppose host A on a network is using a DHCP client on ephemeral port 2017
(randomly chosen).
Host B, on the same network, is using a DAYTIME client on ephemeral port 2017
(accidentally the same).
Now the DHCP server sends a broadcast reply message with the destination port
number 2017 and broadcast IP address FFFFFFFF16.
Every host needs to open a packet carrying this destination IP address. Host A
finds a message from an application program on ephemeral port 2017.
A correct message is delivered to the DHCP client.
An incorrect message is delivered to the DAYTIME client.
The confusion is due to the demultiplexing of packets based on the socket address
(see Chapter 17), which is a combination of IP address and port number. In this
case, both are the same.
The use of a well-known port (less than 1024) prevents the use of the same
two destination port numbers.
Host B cannot select 68 as the ephemeral port because ephemeral port
numbers are greater than 1023.

what happens if host B is also running the DHCP client.

In this case, the socket address is the same and both clients will receive the
message.
In this situation, a third identification number differentiates the clients. DHCP
uses another number, called the transaction ID, which is randomly chosen for
each connection involving DHCP.
It is highly improbable that two hosts will choose the same ID at the same time.
Using
• Using TFTP
• The server does not send all of the information that a
client may need for booting. In the reply message,
the server defines the pathname of a file in which
the client can find complete booting information. The
client can then use a TFTP message which is
encapsulated in a UDP user datagram, to obtain the
rest of the needed information.
DHCP packet format
Operation code. This 8-bit field defines the type of DHCP packet: request (1) or
reply (2).
Flag format

TCP/IP Protocol Suite 19

• Configuration
• Static Address Allocation
– DHCP server has a database that statically binds physical
addresses to IP addresses.
– When working in this way, DHCP is backward compatible with
BOOTP.
• Dynamic Address Allocation
– DHCP has a second database with a pool of available IP addresses.
– This database makes DHCP dynamic.
– When a DHCP client requests a temporary IP address, the DHCP
server goes to the pool of available (unused) IP addresses and
assigns an IP address for a negotiable period of time called lease.
– When the lease expires, the client must either stop using the IP
address or renew the lease.
DHCP client transition diagram

TCP/IP Protocol Suite 21

INIT State When the DHCP client first starts, it is in the INIT state (initializing
state). The client broadcasts a DHCPDISCOVER message (a request message
with the DHCPDISCOVER option), using port 67.

SELECTING State After sending the DHCPDISCOVER message, the client goes to
the selecting state. Those servers that can provide this type of service respond
with a DHCPOFFER message. In these messages, the servers offer an IP
address. They can also offer the lease duration. The default is 1 hour. The
server that sends a DHCPOFFER locks the offered IP address so that it is not
available to any other clients. The client chooses one of the
Exchanging messages

TCP/IP Protocol Suite 24

 OBJECTIVES:
 To describe the purpose of DNS.
 To define the concept of domains and domain name space.
 To describe the distribution of name spaces and define zones.
 To discuss the use of DNS in the Internet and describe three
categories of domains: generic, country, and reverse.
 To discuss name-address resolution and show the two resolution
methods: recursive and iterative.
 To show the format of DNS message and how they can be
compressed.
 To discuss DDNS and DNSSEC..

25
Chapter 19.1 Need for DNS
Outline 19.2 Name Spaces
19.3 DNS in the Internet
19.4 Resolution
19. 5 DNS Messages
19. 6 Types of Records
19. 7 Compression
19. 8 Encapsulation

26
19-1 NEED FOR DNS

To identify an entity, TCP/IP protocols

use the IP address, which uniquely
identifies the connection of a host to the
Internet. However, people prefer to use
names instead of numeric addresses.
Therefore, we need a system that can
map a name to an address or an address
to a name.

27
Figure 19.1 Purpose of DNS

User

1
Host
name
Host
name
2

5
IP address
6 3 Query
IP address
Response 4
Transport layer

28
19-2 NAME SPACE

• Host names must be unique because the

addresses are unique.
• A name space can be organized in two ways: flat
or hierarchical.
• Flat Name Space
• A name in this space is a sequence of characters without
structure.
• Disadvantage: cannot be used in a large system such as the
Internet because it must be centrally controlled to avoid
ambiguity and duplication.
• Hierarchical Name Space
• Each name is made of several parts.
• Advantage : the authority to assign and control the name
spaces can be decentralized. 30
 Figure 19.2 Domain name space

Domain Name Space

To have a hierarchical name space, a domain name space was designed.
In this design the names are defined in an inverted-tree structure with the root at the
top. The tree can have only 128 levels:

32
Figure 19.3 Domain names and labels

34
Figure 19.4 FQDN and PQDN

Fully Qualified Domain Name (FQDN)

• Label is terminated by a null string(i.e. root)
• Contains the full name of a host.
Partially Qualified Domain Name (PQDN)
• Label is not terminated by a null string
• A PQDN starts from a node, but it does not reach the root
• The resolver can supply the missing part, called the suffix,
to create an FQDN..

35
Distribution of Name Space
The information contained in the domain name space must be stored.
However, it is very inefficient and also not reliable to have just one computer store such
a huge amount of information.
It is inefficient because responding to requests from all over the world places a heavy
load on the system.
It is not reliable because any failure makes the data inaccessible.

Hierarchy of Name Servers

The solution to these problems is to distribute the information among many computers
called DNS servers.
One way to do this is to divide the whole space into many domains based on the first
level.
In other words, we let the root stand alone and create as many domains (subtrees) as
there are first-level nodes.
Because a domain created this way could be very large, DNS allows domains to be
divided further into smaller domains (subdomains).
Each server can be responsible (authoritative) for either a large or small domain. In
other words, we have a hierarchy of servers in the same way that we have a hierarchy of
names (see Figure 19.6)
Figure 19.5 Hierarchy of name servers

39
 Hierarchy of name servers

• Complete domain name is arranged in hierarchy

• Root server , Top level domain server, Authoritative servers
Root DNS servers:
• Consists of the whole tree.
• A root server usually does not store any information about domains but
delegates its authority to other servers, keeping references to those servers.
• 13 root server all over the world.

Top-level domain (TLD) servers:

• responsible for com, org, net, edu, etc, and all top-level country domains uk, fr,,
jp.
• Network solutions maintains servers for com TLD
• Educause for edu TLD
Authoritative DNS servers:
• responsible for providing IP mappings for the requested hostname

41
 Primary and Secondary Servers
Note
Primary server
• Stores a file about the zone for which it is an authority.
• responsible for creating, maintaining, and updating the zone file.
• It stores the zone file on a local disk.
Secondary server
• Transfers the complete information about a zone from another server (primary
or secondary) and stores the file on its local disk.
• It neither creates nor updates the zone files.
• If updating is required, it must be done by the primary server, which sends the
updated version to the secondary.

42
Primary and Secondary Servers
19-3 DNS IN THE INTERNET(Types of Domain)

DNS can be used in different platforms.

In the Internet, the domain name space (tree) is divided into three
different sections: generic domains, country domains, and the
inverse domain

44
Figure 19.6 Generic domains

45
46
Figure 19.7 Country domains

47
 Figure 19.8 Inverse domain

Reverse query
• The inverse domain is used to map
an address to a name.
• Also called pointer (PTR) query
• To handle a pointer query, the
inverse domain is added to the
domain name space with the first-
level node called arpa ,the second
level is named as in-addr (for
inverse address).
• Rest of the domain defines IP
addresses

48
Inverse Domain
 The inverse domain is used to map an address to a name.

 This type of query is called an inverse or pointer (PTR) query.

 To handle a pointer query, the inverse domain is added to the domain name space
with the first-level node called arpa (for historical reasons).

 The second level is also one single node named in-addr (for inverse address).

 The rest of the domain defines IP addresses.

 The servers that handle the inverse domain are also hierarchical.

 This means the netid part of the address should be at a higher level than the
subnetid part, and the subnetid part higher than the hostid part.

 In this way, a server serving the whole site is at a higher level than the servers
serving each subnet.
 This configuration makes the domain look inverted when compared to a generic or
country domain.

 To follow the convention of reading the domain labels from the bottom to the top,
an IP address such as 132.34.45.121 (a class B address with netid 132.34) is read as
121.45.34.132.in-addr. arpa.
• Registrar
• New domains are added to DNS through a registrar.
• a commercial entity accredited by ICANN( Internet
Corporation for Assigned Names and Numbers).
• A registrar first verifies that the requested domain name is
unique and then enters it into the DNS database. A fee is
charged.

51
 Local Name Server
• Each ISP (residential ISP, company, university) has one.
– Also called “default name server”
• Does not strictly belong to hierarchy
• When a host makes a DNS query, query is sent to its local
DNS server
– Acts as a proxy, forwards query into hierarchy.

2: Application Layer
52
Recursive resolution
 The client (resolver) can ask for a recursive answer from a name server.

 This means that the resolver expects the server to supply the final answer.

 If the server is the authority for the domain name, it checks its database and
responds.

 If the server is not the authority, it sends the request to another server (the
parent usually) and waits for the response.

 If the parent is the authority, it responds; otherwise, it sends the query to yet
another server.

 When the query is finally resolved, the response travels back until it finally
reaches the requesting client.
 Example root DNS server
(Interaction of various DNS server)
2
• Host at cis.poly.edu 3
TLD DNS server
wants IP address for 4
gaia.cs.umass.edu
5

local DNS server

dns.poly.edu
7 6
1 8

authoritative DNS server

requesting host
cis.poly.edu

gaia.cs.umass.edu

2: Application Layer
55
Iterative Resolution
 If the client does not ask for a recursive answer, the mapping can be done
iteratively.

 If the server is an authority for the name, it sends the answer.

 If it is not, it returns (to the client) the IP address of the server that it
thinks can resolve the query.

 The client is responsible for repeating the query to this second server.

 If the newly addressed server can resolve the problem, it answers the
query with the IP address; otherwise, it returns the IP address of a new
server to the client.

 Now the client must repeat the query to the third server.

 This process is called iterative because the client repeats the same query
to multiple servers.
Caching
Each time a server receives a query for a name that is not in its domain, it needs to
search its database for a server IP address.

Reduction of this search time would increase efficiency.

DNS handles this with a mechanism called caching.

When a server asks for a mapping from another server and receives the response, it
stores this information in its cache memory before sending it to the client.

If the same or another client asks for the same mapping, it can check its cache memory
and resolve the problem.

However, to inform the client that the response is coming from the cache memory and
not from an authoritative source, the server marks the response as unauthoritative.
Caching speeds up resolution, but it can also be problematic.

If a server caches a mapping for a long time, it may send an outdated mapping to the
client.
To counter this, two techniques are used. First, the authoritative server always adds
information to the mapping called time-to-live (TTL).

It defines the time in seconds that the receiving server can cache the information.

After that time, the mapping is invalid and any query must be sent again to the
authoritative server. Second, DNS requires that each server keep a TTL counter for
each mapping it caches.

The cache memory must be searched periodically and those mappings with an expired
TTL must be purged
DNS records

59
 DNS records

DNS: distributed db storing resource records (RR)

RR format: (name, value, type, ttl)

 Type=A  Type=CNAME
 name is hostname  name is alias name for some
 value is IP address “canonical” (the real) name
 (relay1.bar.foo.com, www.ibm.com is alias name
145.37.93.126,A) servereast.backup2.ibm.com
 value is canonical name
• Type=NS
– name is domain (e.g. foo.com)  Type=MX
– value is the hostname of  value is canonical name of mail server

authoritative name server for that has an alias host name.

this domain  (hotmail.com ,
mail.bar.hotmail.com.MX)
 (foo.com,dns.foo.com,NS)

2: Application Layer 60
 Steps followed in DNS
The user’s host wants to obtain the IP address of www.someschool.edu. This is
done as follows.
1. The same user machine runs the client side of the DNS application.
2. The browser extracts the hostname, www.someschool.edu, from the URL and
passes the hostname to the client side of the DNS application.
3. The DNS client sends a query containing the hostname to a DNS server.
4. The DNS client eventually receives a reply, which includes the IP address for
the hostname.
5. Once the browser receives the IP address from DNS, it can initiate a TCP
connection to the HTTP server process located at port 80 at that IP address.
19-5 DNS MESSAGES

• DNS has two types of messages: query and response.

• Both types have the same format.
• The query message consists of a header and question records;
• The response message consists of a header, question records,
answer records, authoritative records, and additional records.

62
Topics Discussed in the Section
 Header

63
Figure 19.9 Query and response messages

64
 Figure 19.10 Header format

 Identification. This is a 16-bit field used by the client to match the response with
the query. The client uses a different identification number each time it sends a
query. The server duplicates this number in the corresponding response.
 flags: query or reply, type of query reverse or forward…..
 Number of question records- containing the number of queries in the question section
❑ Number of answer records-containing the number of answer records in the answer
section of the response message.
❑ Number of authoritative records-The authority section contains records of other
authoritative servers.
❑ Number of additional records-containing the number of additional records in the
additional section of a response message.

65
Topics Discussed in the Section
 Question Record
 Resource Record

66
 Question record format

A question record is used by the client to get information from a server.

Query name format

Query type
Query class

67
 Resource record format

The server database consists of resource records. Resource records are also
what is returned by the server to the client.

68
 Resource record format

• Domain name, Domain type, Domain class : duplication from question record
• Time-to-live: This is a 32-bit field that defines the number of seconds the answer
is valid.
• Resource data: This is a variable-length field containing the answer to the query
(in the answer section) or the domain name of the authoritative server (in the
authoritative section) or additional information (in the additional information
section).

69
Example 19.1
A resolver sends a query message to a local
server to find the IP address for the host
“chal.fhda.edu.”. We discuss the query and
response messages separately.

70
Response message

71
19-8 ENCAPSULATION

DNS can use either UDP or TCP. In both

cases the well-known port used by the
server is port 53. UDP is used when the
size of the response message is less than
512 bytes because most UDP packages
have a 512-byte packet size limit. If the
size of the response message is more
than 512 bytes, a TCP connection is
used.

72
Nslookup
In UNIX and Windows, the nslookup utility can be used to retrieve address/name
mapping.
 FTP: the file transfer protocol

FTP file transfer

FTP FTP
user client server
interface
user
at host local file remote file
system system

• transfer file to/from remote host

• Although transferring files from one system to another seems simple
and straightforward, but
– two systems may use different file name conventions.
– Two systems may have different ways to represent text and data.
– All of these problems have been solved by FTP in a very simple
and elegant approach.

2: Application Layer 75
• client/server model
– client: side that initiates transfer (either to/from remote)
– server: remote host
• FTP establishes two connections between the hosts. One connection
is used for data transfer, the other for control
information .
• FTP uses two well-known TCP ports: Port 21 is used for the control
connection, and port 20 is used for the data connection.
• The control connection remains connected during the entire
interactive FTP session.
• The data connection is opened and then closed for each file
transferred.

2: Application Layer 76
FTP Connection

TCP/IP Protocol Suite 77

 Opening the control connection

1. The server issues a passive open on the well-known port 21 and waits for a client.
2. The client uses an ephemeral port and issues an active open.

TCP/IP Protocol Suite 78

 Creating the data connection

1. The client, not the server, issues a passive open using an ephemeral port.
2. The client sends this port number to the server using the PORT command
3. The server receives the port number and issues an active open using the wellknown
port 20 and the received ephemeral port number.

TCP/IP Protocol Suite 79

Using the control connection

Communication is achieved through commands and responses . Each command

or response is only one short line so we need not worry about file format or file.

TCP/IP Protocol Suite 80

 Using the data connection

The client must define the type of file to be transferred, the structure of the data, and
the transmission mode.
File type : ASCII file, EBCDIC file , Image file
Data Structure : File structure, Record structure, Page structure
Transmission Mode : Stream mode , Block mode, compressed mode

TCP/IP Protocol Suite 81

Command processing

TCP/IP Protocol Suite 82

TCP/IP Protocol Suite 83
TCP/IP Protocol Suite 84
TCP/IP Protocol Suite 85
TCP/IP Protocol Suite 86
TCP/IP Protocol Suite 87
TCP/IP Protocol Suite 88
TCP/IP Protocol Suite 89
 FTP commands, responses

Sample return
commands:
codes
• sent
Each as
command
ASCII text
is over
followed
control
by achannel
reply,sent from server to client
• 331
USERUsername
usernameOK, password required
• 125
PASSdatapassword
connection already open; transfer
• starting
LIST or dir return list of file in the directory of FTP server
• 425 Can’t open data connection
• get filename retrieves (gets) file
• 452 Error writing file
• STOR filename stores (puts) file onto remote host

90
Figure shows an example of using FTP for retrieving a list of items
in a directory.

220 (Service ready) 1

2 USER forouzan
331 (User name OK. Password?) 3
4 PASS xxxxxx
230 (User login OK) 5
6 PORT 8888
150 (Data connection opens shortly) 7
8 LIST /usr/user/forouzan/reports
125 (Data connection OK) 9

List of files or directories 10

DATA
TRANSFER
List of files or directories 11

226 (Closing data connection) 12

13 QUIT
221 (Service closing) 14

TCP/IP Protocol Suite 91

21-2 TFTP

There are occasions when we need to simply

copy a file without the need for all of the
features of the FTP protocol. For example,
when a diskless workstation or a router is
booted, we need to download the bootstrap
and configuration files. Here we do not need
all of the sophistication provided in FTP. We
just need a protocol that quickly copies the
files.

TCP/IP Protocol Suite 92

Topics Discussed in the Section
 Messages
 Connection
 Data Transfer
 UDP Ports
 TFTP Example
 TFTP Options
 Security
 Applications

TCP/IP Protocol Suite 93

Note

TFTP uses the services of UDP on the well-

known port 69.

TCP/IP Protocol Suite 94

Figure 21.10 Message categories

TCP/IP Protocol Suite 95

 Figure 21.11 RRQ format

RRQ
The read request (RRQ) message is used by the client to establish a connection for
reading data from the server.

TCP/IP Protocol Suite 96

 Figure 21.12 WRQ format

WRQ
The write request (WRQ) message is used by the client to establish a connection for
writing data to the server.

TCP/IP Protocol Suite 97

 Figure 21.13 Data Format

DATA
The data (DATA) message is used by the client or the server to send blocks of
data.

TCP/IP Protocol Suite 98

 Figure 21.14 ACK format

ACK
The acknowledge (ACK) message is used by the client or server to acknowledge
the receipt of a data block.

TCP/IP Protocol Suite 99

 Figure 21.15 ERROR format

The ERROR message is used by the client or the server when a connection
cannot be established or when there is a problem during data transmission.

TCP/IP Protocol Suite 100

TCP/IP Protocol Suite 101
Connection establishment

TCP/IP Protocol Suite 102

Figure 21.19 TFTP example

TCP/IP Protocol Suite 103

 HTTP
• Web ‘s application layer protocol
• Implemented in two programs client program and server
program
• Client and server program talk to each other by exchanging
HTTP messages.
• Http defines the structure of these messages.

2: Application Layer 104

 Web and HTTP
• Web page consists of objects
• Object can be HTML file, JPEG image, audio file,…
• Web page consists of base HTML-file which includes several
referenced objects
• Each object is addressable by a URL
• Example URL:

http://www.someschool.edu/someDept/pic.gif

host name path name

2: Application Layer 105

WEB DOCUMENTS

The documents in the WWW can be grouped

into three broad categories: static, dynamic,
and active. The category is based on the time
the contents of the document are determined.

TCP/IP Protocol Suite 106

 Static document
• Static documents are fixed-content documents that are created and
stored in a server. The client can get a copy of the document only.
• The contents in the server can be changed, but the user cannot change
them.

1 Request

2
Static document

TCP/IP Protocol Suite 107

Dynamic document using CGI

• A dynamic document is created by a Web server whenever a browser requests

the document.
• When a request arrives, the Web server runs an application program or a script
that creates the dynamic document.
• Because a fresh document is created for every request, the content of dynamic
document can vary from one request to another.
• Common Gateway Interface (CGI) is a technology that creates and handles
dynamic documents.

1 Request

2
Dynamic document

TCP/IP Protocol Suite 108

 Active document using Java applet

For many applications, we need a program or a script to be run at the client site.
These are called active documents.

1 Request
Run the applet
to get the result Applet 2
Result Active document

TCP/IP Protocol Suite 109

 WEB DOCUMENTS WEB
• DOCUMENTS
Web DocumentsDOCUMENTS
• Static Web Documents - same file sent every
request.
• Dynamic Web Documents - program at the
server creates a document and sends it to
client.
• Active Web Documents - program sent from
server and run on the client
 HTTP overview

HTTP: hypertext transfer protocol

• Web’s application layer protocol HT
TP
req
• client/server model PC running TTH ues
t
Pr
Explorer
– client: browser that requests, receives, espobjects
“displays” Web ons
e
– server: Web server sends objects in response to requests

Server
running
Apache Web
server

2: Application Layer 111

 HTTP overview (continued)
Uses TCP:
• client initiates TCP connection (creates socket) to server, port 80
• server accepts TCP connection from client
• HTTP messages (application-layer protocol messages) are exchanged
between browser (HTTP client) and Web server (HTTP server)
• TCP connection closed

2: Application Layer 112

 HTTP connections
Persistent HTTPHTTP
Nonpersistent
• Multiple
At most one
objects
object
canisbe
sent
sent
over
over
a TCP
single
connection.
TCP connection
• between
HTTP/1.0 client and server. HTTP
uses nonpersistent
• HTTP/1.1 uses persistent connections

2: Application Layer 113

Non persistent HTTP

2: Application Layer 114

 Response time modeling(non persistent HTTP)

Definition of RTT(round trip time):

time taken to send a small packet
from client to server and back.
Response time:
initiate TCP
• one RTT to initiate TCP connection connection
• one RTT for HTTP request RTT
response to return request
• file transmission time file
time to
RTT
total = 2RTT+transmit time transmit
file
file
received

time time

2: Application Layer 115

Persistent HTTP

2: Application Layer 116

 Persistent HTTP

Nonpersistent HTTP issues:

• requires 2 RTTs per object
• OS must work and allocate host resources for each TCP connection
Persistent HTTP
• server leaves connection open after sending response
• subsequent HTTP messages between same client/server are sent over
connection

2: Application Layer 117

HTTP request message: general format

2: Application Layer 118

 HTTP request message
• HTTP request message:
– ASCII (human-readable format)

request line
(GET, POST, GET /somedir/page.html HTTP/1.1
HEAD commands) Host: www.someschool.edu
User-agent: Mozilla/4.0
header Connection: close
lines Accept-language:fr

Carriage return,
(extra carriage return, line feed)
line feed
indicates end
of message
2: Application Layer 119
 Method types
Post method:
Get method:
• The POST method requests that a web server accepts and
• HTTP GET method
stores the data enclosed in the body of the request message
requests a document from
Put method server
• Sends a document from the server
Headto the client
method
• Requests information
about a document but not
the document itself

2: Application Layer 120

 Method types
HTTP/1.1
HTTP/1.0
•• GET,
GET POST
•• PUT
POST
• DELETE
– deletes file specified in the URL field

2: Application Layer 121

 Request Line The first line in a request message is called a request line.
 There are three fields in this line separated by some character delimiter as shown in
Figure 22.11.
 The fields are called methods, URL, and Version.
 These three should be separated by a space character.
 At the end two characters, a carriage return followed by a line feed, terminate the line.
The method field defines the request type.
 The second field, URL, was discussed earlier in the chapter.
 It defines the address and name of corresponding Web page. The third field, version,
gives the version of the protocol; the most current version of HTTP is 1.1.
 The second field, URL, was discussed earlier in the chapter. It defines the address and
name of corresponding Web page.
 The third field, version, gives the version of the protocol; the most current version of
HTTP is 1.1.

 Header Lines In Request Message After the request line, we can have zero or more
request header lines. Each header line sends additional information from the client to
the server. For example, the client can request that the document be sent in a special
format. Each header line has a header name, a colon, a space, and a header value
Body In Request Message The body can be present in a request message. Usually, it
contains the comment to be sent.
General format of an HTTP response message

2: Application Layer 124

Response Message

The format of the response message is shown in Figure 22.12. A response message
consists of a status line, header lines, a blank line and sometimes a body.

Status Line
 The first line in a response message is called the status line.
 There are three fields in this line separated by spaces and terminated by a carriage
return and line feed.
 The first field defines the version of HTTP protocol, currently 1.1.
 The status code field defines the status of the request. It consists of three digits.
 Whereas the codes in the 100 range are only informational, the codes in the 200 range
indicate a successful request. The codes in the 300 range redirect the client to another
URL, and the codes in the 400 range indicate an error at the client site. Finally, the
codes in the 500 range indicate an error at the server site.
 The status phrase explains the status code in text form.
Header Lines
 In Response Message After the status line, we can have zero or more response header
lines.
 Each header line sends additional information from the server to the client.
 For example, the sender can send extra information about the document.
 Each header line has a header name, a colon, a space, and a header value.

Body
The body contains the document to be sent from the server to the client. The body is
present unless the response is an error message
 HTTP response message

status line
(protocol
status code HTTP/1.1 200 OK
status phrase) Connection close
Date: Thu, 06 Aug 1998 12:00:15 GMT
Server: Apache/1.3.0 (Unix)
header Last-Modified: Mon, 22 Jun 1998 …...
lines Content-Length: 6821
Content-Type: text/html

data data data data data ...

data, e.g.,
requested
HTML file

2: Application Layer 127

 HTTP response status codes
A few sample codes:
200 OK
– request succeeded, requested object later in this message
301 Moved Permanently
– requested object moved, new location specified later in this
message (Location:)
304 not modified
400 Bad Request
– request message not understood by server
404 Not Found
– requested document not found on this server
505 HTTP Version Not Supported

2: Application Layer 128

 Proxy server(web caches)
• HTTP supports proxy servers.
• A proxy server is a computer that keeps copies of responses to recent
requests.
• The HTTP client sends a request to the proxy server.
• The proxy server checks its cache. If the response is not stored in the
cache, the proxy server sends the request to the corresponding server.
• The proxy server reduces the load on the original server, decreases traffic,
and improves latency.
• proxy server acts both as a server and client.

2: Application Layer 129

 Web caches (proxy server)
Goal: satisfy client request without involving origin server

origin
server

HT Proxy
TP st
req server reque
H ues TP se
client TTP t HT on
res
pon res p
se H TTP
e st
u
req se
P n
HT
T
s po
e
T Pr
HT

client

2: Application Layer 130

 Electronic Mail(SMTP) outgoing
message queue
user mailbox
user
Three major components: agent
• user agents mail
user
• mail servers server
agent
• simple mail transfer protocol: SMTP mail
SMTP server user

User Agent SMTP agent

• Can read, reply to, forward , SMTP

save, delete and compose mail user
agent
messages server
• outgoing, incoming messages
user
stored on server agent
user
agent

2: Application Layer 131

 Electronic Mail: mail servers
user
Mail Servers agent
• Contains information of all users mail
user
• A message/mail starts its server
agent
journey from senders user agent
, travels to the senders mail
SMTP mail
server and then travels to the server user
recipient's mail server where it is SMTP agent

deposited into recipient's

mailbox SMTP
mail user
• SMTP protocol between mail server agent
servers to send email messages
user
agent
user
agent

2: Application Layer 132

 Electronic Mail: SMTP [RFC 2821]
• uses TCP to reliably transfer email message from client to server,
port 25
• SMTP is implemented in both sides : client and server
• three phases of transfer
– handshaking (greeting) / connection establishment
– transfer of messages
– Closure / connection release
• messages must be in 7-bit ASCII

2: Application Layer 133

 Mail message format
SMTP: protocol for exchanging email msgs
• header lines, e.g., header
blank
– To:
line
– From:
– Subject:
• body body
– the “message”, ASCII characters only

2: Application Layer 134

• Mail Transfer Phases
• The process of transferring a mail message occurs in three phases:
• connection establishment, mail transfer, and connection
termination.
• First phase: connection establishment

2: Application Layer 135

• Second phase : Message transfer

2: Application Layer 136

• Third phase : Connection Termination

2: Application Layer 137

 Mail access protocols

• SMTP is a push protocol; it pushes the message from the client to the
server.
• To pull the mail from mail server to the client we need another protocol
called POP3 and IMAPv4
– POP3: Post Office Protocol
– IMAP: Internet Mail Access Protocol
• more features (more complex)

2: Application Layer 138

 POP3
• The client POP3 software is installed on the recipient computer; the
server POP3 software is installed on the mail server.
• Mail access starts with the client , the client opens a connection to the
server on TCP port 110.
• It then sends its user name and password to access the mailbox. The user
can then list and retrieve the mail messages, one by one.

2: Application Layer 139

• POP3

2: Application Layer 140

 POP3 and IMAP
• POP3 deficiencies
– Mails are stored on the computer that you use
– You can use only one computer to check your email (no other
devices)
– The user cannot have different folders on the server.
– POP3 does not allow the user to partially check the contents of
the mail before downloading.
– Only one mailbox can be created on the server.
• IMAP4 provides the following extra functions:
– You can use multiple computers and devices to check your email
– A user can check the e-mail content prior to downloading.
– Multiple mailbox can be created on the server
– The IMAP protocol, by default, allows the user to keep all
messages on the server

2: Application Layer 141

 Message format: multimedia extensions

• Multipurpose Internet Mail Extensions (MIME) is an

Internet standard that extends the format of email to support:
• Audio, images ,videos
• Message bodies with multiple parts

2: Application Layer 142

 Message format: multimedia extensions
• MIME: multimedia mail extension
• additional lines in msg header declare MIME content type
• allows non-ASCII data to be sent through e-mail.

From: alice@crepes.fr
MIME version To: bob@hamburger.edu
Subject: Picture of holidays
method used MIME-Version: 1.0
to encode data Content-Transfer-Encoding: base64
Content-Type: image/jpeg
multimedia data
type, subtype, base64 encoded data .....
parameter declaration .........................
......base64 encoded data
encoded data

2: Application Layer 143

 SMTP vs FTP vs HTTP
Comparison points

Protocol functions
TCP port numbers
Push/pull protocol
Clients
Age difference
Supported data formats

2: Application Layer 144

 ftp vs http
• 1. HTTP is used to view websites while FTP is used to access and transfer
files

• 2. HTTP and FTP clients: The common HTTP client is the browser while
FTP can be accessed via the command line or web browser

• 3. Age Difference: FTP is about 10 years older than HTTP.

• 4. Data Formats: FTP can send data both in ASCII and Binary Format but
HTTP only uses Binary Format.

2: Application Layer 145

 Contd..
• 5. Dynamic Port Numbers in HTTP: FTP uses two connections. It uses a first
primary connection to send control commands on, and when it sends or receives
data, it opens a second TCP stream for that purpose. HTTP uses one TCP
connection only.

• 6. Persistent Connection in HTTP: For HTTP communication, a client can maintain

a single connection to a server and just keep using that for any amount of
transfers. FTP must create a new one for each new data transfer.

• 7. Compression Algorithms in HTTP: HTTP provides a way for the client and server
to negotiate and choose among several compression algorithms, algorithms are
not present in FTP.

2: Application Layer 146

TELNET

TELNET is an abbreviation for TErminaL

NETwork. It is the standard TCP/IP protocol for
virtual terminal service as proposed by ISO.
TELNET enables the establishment of a
connection to a remote system in such a way
that the local terminal appears to be a
terminal at the remote system.

TCP/IP Protocol Suite 147

Note

TELNET is a general-purpose
client-server application program.

TCP/IP Protocol Suite 148

 Concept of NVT

• TELNET solves the problem of compatibility by defining a universal interface

called the NVT character set.
• Via this interface, the client TELNET translates characters (data or commands)
that come from the local terminal into NVT form and delivers them to the
network.
• The server TELNET, on the other hand, translates data and commands
from NVT form into the form acceptable by the remote computer.

TCP/IP Protocol Suite 149

 Format of data and control characters

Data Characters For data, NVT normally uses NVT ASCII. This is an 8-bit
character set in which the seven lowest order bits are the same as US ASCII and
the highest order bit is 0.
Control Characters: to send control characters between computers, NVT uses
an 8-bit character set in which the highest order bit is set to 1.

TCP/IP Protocol Suite 150

TCP/IP Protocol Suite 151
 An example of embedding

• TELNET uses only one TCP connection.

• The server uses the well-known port 23 and the client uses an ephemeral port.
• The same connection is used for sending both data and control characters.
TELNET accomplishes this by embedding the control characters in the data
stream.

c a t f i l e a IAC EC 1

TCP/IP Protocol Suite 152

Modes of Operation
Most TELNET implementations operate in one of three modes: default mode,
character mode, and line mode.
Default Mode
• In this mode, the echoing is done by the client.
• The user types a character and the client echoes the character on the screen but
does not send it until a whole line is completed.
• After sending the whole line to the server, the client waits for the GA (go
ahead) command from the server before accepting a new line from the user.
Character Mode
• In this mode, each character typed is sent by the client to the server.
• The server normally echoes the character back to be displayed on the client
screen.
Line Mode
• In this mode, line editing (echoing, character erasing, line erasing, and so on) is
done by the client.
• The client then sends the whole line to the server.
Telnet connection(default mode)
SECURE SHELL (SSH)

Another popular remote login application

program is Secure Shell (SSH). SSH, like
TELNET, uses TCP as the underlying transport
protocol, but SSH is more secure and provides
more services than TELNET.

TCP/IP Protocol Suite 155

Topics Discussed in the Section
 Versions
 Components
 Port Forwarding
 Format of the SSH Packet

TCP/IP Protocol Suite 156

Components of SSH

TCP/IP Protocol Suite 157

Port forwarding(Tunneling)

TCP/IP Protocol Suite 158

SSH packet format

TCP/IP Protocol Suite 159