Advanced Computer Network (CO5I)

Unit 5 : Application Layer Protocols

Total Marks-20

Topics and Sub-topics

5.1 World Wide Web and HTTP

5.2 File Transfer: FTP and TFTP

5.3 Electronic Mail: Architecture Web-Based Mail, Email Security, SMTP, POP, IMAP and
MIME, SNMP.

5.4 DNS-Concept of Domain name space, DNS operation.

5.5 DHCP-Static and Dynamic Allocation, DHCP Operation.

5.6 Remote Login: TELNET and SSH.

Application Layer
The application layer in the OSI model is the closest layer to the end user which means that the ap-
plication layer and end user can interact directly with the software application. The application layer
programs are based on client and servers.

Functions of Application Layer

 Application Layer provides a facility by which users can forward several emails and it also
provides a storage facility.
 This layer allows users to access, retrieve and manage files in a remote computer.
 It allows users to log on as a remote host.
 This layer provides access to global information about various services.
 This layer provides services which include: e-mail, transferring files, distributing results to
the user, directory services, network resources and so on.
 It provides protocols that allow software to send and receive information and present mean-
ingful data to users.
 It handles issues such as network transparency, resource allocation and so on.
 This layer serves as a window for users and application processes to access network ser-
vices.
 Application Layer is basically not a function, but it performs application layer functions.
 The application layer is actually an abstraction layer that specifies the shared protocols and
interface methods used by hosts in a communication network.
 Application Layer helps us to identify communication partners, and synchronizing commu-
nication.
 This layer allows users to interact with other software applications.
 In this layer, data is in visual form, which makes users truly understand data rather than
remembering or visualize the data in the binary format (0’s or 1’s).
 This application layer basically interacts with Operating System (OS) and thus further pre-
serves the data in a suitable manner.
 This layer also receives and preserves data from it’s previous layer, which is Presentation
Layer (which carries in itself the syntax and semantics of the information transmitted).
 The protocols which are used in this application layer depend upon what information users
wish to send or receive.
 This application layer, in general, performs host initialization followed by remote login to
hosts.

Services Provided by Application Layer

The services provided by application layer in OSI model are:
 It provides interface between user and application.
 It is used for remote login.
 It is used for file transfer.
 It is used for mail services and transfers.
 It is also used to transfer multimedia files.
 It is used for resource sharing.
 It is used for data synchronization.
 It is used for authentication services.

5.1 World Wide Web and HTTP

World Wide Web
World Wide Web(WWW):
• WWW is a collection of millions of files stored on thousands of servers all over the world.
• Those files represent documents, pictures, videos, sounds, programs etc.
Web Browsers-
• A web browser is a program.
• Is used to communicate with web server on the internet, which enables it to download and display
the webpages.
• Netscape Navigate & Microsoft internet explorer are the most popular browsers.
Working of Browsers-
• WWW works on client-server interaction.
• The browser program acts as a client that uses the internet to contact a remote server for a copy of
the requested page.
• The server on the remote system returns a copy of page along with the additional information.
Following steps explain how web works:
1. User enters the URL (say https:// www.google.com of the web page in address bar of web brow-
ers.
2. Then browser request the Domain Name server for IP address corresponding to www.google.com.
3. After receiving IP address, browsers sends the request for webpage to web server using HTTP
protocol which specifies the way the browser and web server communicates.
4. Then web server receives request using HTTP protocol and check it search for the requested
webpage. If found it returns back to the web browsers and close the HTTP connection.
5. Now, the web browser receives the web page, it interprets it and display the contents of web page
in web browser’s windows.

Working of World Wide Web(WWW)

The World Wide Web (WWW), also known as the Web, is an interconnected network of web
pages and documents accessible through the Internet.
Tim Berners- Lee created it in 1989 as a way for researchers to share information through linked
documents.

Working of WWW:
1. A web browser is a software application that allows users to access and view web pages on
the Internet.
2. It acts as an interface between the user and the World Wide Web by displaying web pages
Web browsers communicate with web servers using the HTTP or HTTPS protocol, which allows
users to access websites hosted on remote servers.
3. A web server is a computer program that serves web pages to clients, such as web browsers,
upon request. It is responsible for hosting websites, processing HTTP requests, and delivering
web content to users online.
4. Hyperlinks one of the key features of the Web is hyperlinks, which allow you to navigate be-
tween web pages by clicking on links.
5. Uniform Resource Locators (URLs) Web pages are identified by URLs, which are unique
addresses that point to the location of the web page on the Internet.

Web Documents

1. STATIC DOCUMENTS-
• The contents of static documents are fixed. These contents are created and stored in a server.
• If required the client can get a copy of static documents.
• The contents of static documents are determined when it is created.

2. DYNAMIC DOCUMENT-

• It is not defined in a pre-define format, like static documents.

• It is created by a web browser on the request for the document from a browser.

1. Client sends request.

2. Server runs a program create a dynamic doc.
3. Server sends the doc to client.
Architecture of World Wide Web(WWW)
The WWW (World Wide Web) is a way of exchanging information between computers on the Inter-
net. WWW works on client server architecture, in which a client using a browser can access a service
using a server. Today, the WWW is a distributed client server service. The service provided is dis-
tributed over many locations called sites and each site holds one or more documents i.e., Web pages.

Client sends a request through its browser to the server using HTTP protocol which specifies the way
the browser and web server communicates. Then server receives request using HTTP protocol and
checks its search for the requested web page. If found it returns it back to the web browser and close
the HTTP connection. Now the browser receives the web page, it interprets it and display the con-
tents of web page in web browser's window.

Fig. shows how WWW works

The main web document and the image are stored in two separate files in the same site (file X and
file Y) and the referenced text file is stored in another site (file Z). Since, we are dealing with three
different files, (namely, X, Y and Z) we need three transactions if we want to see the whole docu-
ment. The first transaction (request/response) retrieves a copy of the main document (file X), which
has a reference (pointer) to the second and the third files.
When a copy of the main document is retrieved and browsed, the user can click on the reference to
The image to invoke the second transaction and retrieve a copy of the image (file Y). if the user fur-
ther needs to see the contents of the referenced text file, she can click on its reference pointer) invok-
ing the third transaction and retrieving a copy of the file Z. Note that although file x and y both are
stored in site x, they are independent files with different names and addresses. Two transactions are
needed to retrieve them.

The HTTP response message format

A Response message consists of a status line header line, a blank line and sometimes a body. HTTP
Response sent by a server to the client. The response is used to provide the client with the resource it
requested. It is also used to inform the client that the action requested has been carried out. It can also
inform the client that an error occurred in processing its request
An HTTP response contains the following things:
1. Status Line
2. Response Header Fields or a series of HTTP headers
3. Blank Line
4. Message Body

In the request message, each HTTP header is followed by a carriage returns line feed (CRLF). After
the last of the HTTP headers, an additional CRLF is used and then begins the message body.

1) Status Line :
In the response message, the status line is the first line. The status line contains three items:
a) HTTP Version Number: It is used to show the HTTP specification to which the server has tried
to make the message comply.
b) Status Code: It is a three-digit number that indicates the result of the request. The first digit de-
fines the class of the response. The last two digits do not have any categorization role. There are five
values for the first digit, which are as follows:
Code and Description: 1xx: Information It shows that the request was received and continuing the
process. 2xx: Success It shows that the action was received successfully, understood, and accepted.
3xx: Redirection It shows that further action must be taken to complete the request. 4xx: Client Error
It shows that the request contains incorrect syntax, or it cannot be fulfilled. 5xx: Server Error It
shows that the server failed to fulfil a valid request.
c) Reason Phrase: It is also known as the status text. It is a human-readable text that summarizes the
meaning of the status code.

2) Header Lines : The HTTP Headers for the response of the server contain the information that a
client can use to find out more about the response, and about the server that sent it. This information
is used to assist the client with displaying the response to a user, with storing the response for the use
of future, and with making further requests to the server now or in the future. The name of the Re-
sponse-header field can be extended reliably only in combination with a change in the version of the
protocol.

3) Blank Line : It contains cr (Carriage Return) & if (Line Feed)

4) Entire Body: The body of the message is used for most responses. The exceptions are where a
server is using certain status codes and where the server is responding to a client request, which asks
for the headers but not the response body.

5.2 File Transfer: FTP and TFTP

FTP:
FTP or File Transfer Protocol is said to be one of the earliest and also the most common forms
of transferring files on the internet. Located in the application layer of the OSI model, FTP is a
basic system that helps in transferring files between a client and a server. It is what makes the
FTP unique that the system provides a reliable and efficient means of transferring files from
one system to another even if they have different file structures and operating systems.

Transmission modes of FTP:

1. Stream mode
2. Block mode
3. Compressed mode

A suitable diagram for each below commands of FTP to show its use
i) get
ii) mget
iii) put
iv) mput

Command Purpose Syntax

i) get Download a single file get<filename>

ii) mget Download multiple files mget<filename1 filename2 filename3>

iii) put Upload a single file put<filename>
iv) mput Upload multiple files mput< filename1 filename2 filename3 >
TFTP:
Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows
a client to get a file from or put a file onto a remote host. One of its primary uses is in the early
stages of nodes booting from a local area network. TFTP has been used for this application be-
cause it is very simple to implement.

Difference between FTP and TFTP

5.3 Electronic Mail: Architecture Web-Based Mail, Email Security, SMTP,
POP, IMAP and MIME, SNMP

Header fields in message format of e-mail system

Electronic Mail (e-mail) is one of the most widely used services of the Internet.
This service allows an Internet user to send a message in a formatted manner (mail) to other Internet
users in any part of the world. Message in the mail not only contain text, but it also contains images,
audio and videos data. The person who is sending mail is called sender and person who receives mail
is called the recipient.
Format of E-mail: An e-mail consists of three parts that are as follows:
1. Envelope
2. Header
3. Body

Header:
The header consists of a series of lines. Each header field consists of a single line of ASCII text spec-
ifying field name, colon and value. The main header fields related to message transport are:
1. To: It specifies the DNS address of the primary recipient(s).
2. Cc: It refers to carbon copy. It specifies address of secondary recipient(s).
3. BCC: It refers to blind carbon copy. It is very similar to Cc. The only difference between Cc and
Bcc is that it allows user to send copy to the third party without primary and secondary recipient
knowing about this.
4. From: It specifies name of person who wrote message.
5. Sender: It specifies e-mail address of person who has sent message.
6. Received: It refers to identity of sender’s, data and also time message was received. It also con-
tains the information which is used to find bugs in routing system.
7. Return-Path: It is added by the message transfer agent. This part is used to specify how to get
back to the sender.

Architecture of e-mail system using four scenario

To explain the architecture of e-mail, we give four scenarios. We begin with the simplest situation and
add complexity as we proceed. The fourth scenario is the most common in the exchange of e-mail.
TCP/IP Protocol Suite 2
• First Scenario
• Second Scenario
• Third Scenario
• Fourth Scenario

• First Scenario

When the sender and the receiver of an e-mail are on the same mail server, we need only two user agents.


• Second Scenario

When the sender and the receiver of an e-mail are on different mail servers, we need two UAs and a pair
of MTAs (client and server).
• Third Scenario

When the sender is connected to the mail server via a LAN or a WAN, we need two UAs and two pairs of
MTAs (client and server).

• Fourth Scenario

When both sender and receiver are connected to the mail server via a LAN or a WAN, we need two UAs,
two pairs of MTAs (client and server), and a pair of MAAs (client and server). This is the most common
situation today.
Email security Over non-secure channel
 Email security describes different techniques for keeping sensitive information in email
communication and accounts secure against unauthorized access, loss or compromise
 Email is often used to spread malware, spam and phishing attacks. Attackers use deceptive
messages to entice recipients to part with sensitive information, open attachments or click on
hyperlinks that install malware on the victim‟s device.
 Email encryption involves encrypting, or disguising, the content of email messages to pro-
tect potentially sensitive information from being read by anyone other than intended recipi-
ents. Email encryption often includes authentication.
 Email allows attackers to use it as a way to cause problems in attempt to profit. Whether
through spam campaigns, malware and phishing attacks, sophisticated targeted attacks, or
business email compromise (BEC), attackers try to take advantage of the lack of security of
email to carry out their actions.
 Since most organizations rely on email to do business, attackers exploit email in an attempt to
steal sensitive information.
 Because email is an open format, it can be viewed by anyone who can intercept it. It can be
easily read and the contents of an email by intercepting it.
 Email Security Policies can be established by viewing the contents of emails flowing through
their email servers. It‟s important to understand what is in the entire email in order to act ap-
propriately. After these baseline policies are put into effect, an organization can enact various
security policies on those emails.
 These email security policies can be as simple as removing all executable content from
emails to more in-depth actions, like sending suspicious content to a sandboxing tool for de-
tailed analysis.
 If security incidents are detected by these policies, the organization needs to have actionable
intelligence about the scope of the attack.
 Enforce email encryption policies to prevent sensitive email information from falling into the
wrong hands.
 An email gateway scans and processes all incoming and outgoing email and makes sure that
threats are not allowed in. Because attacks are increasingly sophisticated, standard security
measures, such as blocking known bad file attachments, are no longer effective.

SMTP (Simple Mail transfer Protocol)

• It is an application layer protocol of TCP/IP model.
• It transfer messages from sender’s mail servers to receivers mail server.
• SMTP interacts with local mail system and not user.
• SMTP uses a TCP socket on port 25 to transfer email reliably from client to server.
• Email is temporarily stored on the local and eventually transferred directly to receiving server.
• It is simple ASCII protocol.
COMMANDS & RESPONSE
SMTP uses commands and response to transfer message between MTA client and MTA server .

❑ SMTP Commands:
1. HELO: Used by client to identify itself.
2. MAIL FROM: Identify sender.
3. RCPT TO: Identify intended recipient.
4. DATA: Send actual message.
5. QUIT: Terminate the message.
6. RSET: Reset the connection
7. VRFY: Verify the add of recipient
8. HELP: Mail
Example: Scenario: Alice sends message to Bob
1. Alice uses user agents (UA) to compose message and send to [email protected].
2. Alice UA sends message to her mail server, message placed in message queue.
3. Client side of SMTP opens TCP connection with Bob’s mail server.
4. SMTP client sends Alice message over TCP connection.
5. Bob’s mail server places the message in Bob’s mailbox.
6. Bob invokes his user agent to read message.
POP3(Post Office Protocol version 3)
Uses port 110 (unencrypted) or port 995 (encrypted/SSL). Emails are typically downloaded from the
server to the client device. The emails are then stored locally on the device, and the server copy is
usually deleted. Generally faster to connect because it involves downloading emails to the client de-
vice. Connection time is minimal since it retrieves emails and disconnects from the server. Usually
does not support multiple mailboxes. Emails are typically downloaded to a single device, and man-
aging emails on multiple devices can be challenging.

Difference between SMTP and POP3

IMAP (Internet Message Access Protocol)

IMAP (Internet Message Access Protocol) is a protocol used for accessing and managing email
messages on a remote mail server. Emails are stored on the mail server. The client accesses and
manages emails directly on the server, allowing for synchronization across multiple devices.

Key Features of IMAP:

1. Remote email access
2. Folder management
3. Message searching
4. Message flags (e.g., seen, answered)
5. Multiple account support.
Comparison of POP3 and IMAP

MIME (Multipurpose Internet Mail Extensions)

Purpose: Formatting and attaching files in email.
Key Features:
1. Content-Type header specifies file type.
2. Content-Transfer-Encoding header specifies encoding.
3. MIME types categorize file types (e.g., text/plain, image/jpeg).

SNMP (Simple Network Management Protocol)

Purpose: Monitoring and managing network devices.
Key Features:
1. Managed devices (agents) send data to management station.
2. SNMP uses UDP ports 161/162.
Comparison: MIME vs SNMP
Feature MIME SNMP
Purpose Email attachments Network management
Protocol TCP/IP UDP
Ports None 161/162
Data Type Files Network data
Security None Authentication, Encryption

Complexity Simple Complex

5.4 DNS-Concept of Domain name space, DNS operation

Need of DNS

1. DNS ensures the internet is not only user-friendly but also works smoothly, loading whatever con-
tent we ask for quickly and efficiently.
2. It allows the user to access remote system by entering human readable device hostnames instead
of IP address. It translates domain name into IP addresses so browser can load internet resources.
3. It translates human readable domain names into the numerical identifiers associated with network-
ing equipment, enabling devices to be located and connected worldwide. Analogous to a network
“phone book,” DNS is how a browser can translate a domain name (e.g., “facebook.com”) to the ac-
tual IP address of the server, which stores the information requested by the browser.

The process of resolving the given host name into IP address using DNS
You can find the hostname of any computer with a public IP address by passing the address to any
Domain Name System (DNS) server. However, since the computers on a small business network
have private IP addresses, you can only discover their hostnames if the network has a local DNS
server. To discover the hostname of a computer with a private IP address and no local DNS server,
you need to use a Windows utility to query the host itself.
Querying DNS
1. Click the Windows Start button, then "All Programs" and "Accessories." Right-click on "Com-
mand Prompt" and choose "Run as Administrator."
2. Type "nslookup %ipaddress%" in the black box that appears on the screen, substituting %ipad-
dress% with the IP address for which you want to find the hostname.
3. Find the line labeled "Name" underneath the line with the IP address you entered and record the
value next to "Name" as the hostname of the computer.
5.5 DHCP-Static and Dynamic Allocation, DHCP Operation.
DHCP with its operation & static dynamic allocation.
The Domain Name System, more popular as DNS, and the Dynamic Host Configuration Protocol,
also known as DHCP, represent two crucial TCP/IP areas of a Windows NT Server network. The
DNS is responsible for converting hostnames into IP addresses, while the DHCP is engaged in
assigning unique dynamic IP addresses and the corresponding subnet masks and default gateways to
TCP/IP running computers within a particular server network. Thanks to the dynamic addressing
executed by the DHCP, a computer can have a different IP address every time it connects to the
network it belongs to, without the intervention of a UNIX administrator. Through this DHCP
functionality every new computer added to a network is automatically assigned a unique IP address.

DHCP servers greatly simplify the configuration of networks and are built in the majority of the wireless
access points and wired Ethernet routers. In a network, a DHCP server manages a pool of IP addresses, as
well as default gateway details, DNS details and other information for the clients’ network configuration.
When a new computer is introduced into a DHCP server-enabled network, it will send a query to the
DHCP server requesting all the necessary information. When the query reaches the DHCP server, it will
grant the new computer a new IP address and a lease - a time frame for which the computer can use this
IP address, as well as other configuration details. The whole process takes place immediately after the
new computer boots, and to be successful, it has to be completed before initiating IP based communica-
tion with other hosts in the network.
STATIC ALLOCATION
The static allocation method is very popular in modern ISP networks, which do not use dial-up methods.
With the static allocation, the DHCP sever keeps a database with all clients' LAN MAC addresses and
gives them an IP address only if their MAC address is in the database. This way, the clients can be sure
that they will be getting the same IP address every time.
DYNAMIC ALLOCATION
When the DHCP server is configured to use dynamic allocation, this means that it uses a lease policy.
This way, when an assigned IP address from the available pool is no longer used, it will be
transferred back to the pool, making it available for someone else to use. The advantage of this
method is that the IP addresses are used to their maximum - as soon as they are no longer used by the
client, they are instantly made available to others. The disadvantage of this method is that a client
will always have a random IP address

DHCP operations, when DHCP client and server on same network.

DHCP is based on a client-server model and based on discovery, offer, request, and ACK.DHCP
client and server can either be on the same network or on different networks. DHCP (Dynamic
Host Configuration Protocol) is a network management protocol used to dynamically assign an
IP address to any device, or node, on a network so it can communicate using IP. DHCP
automates and centrally manages these configurations rather than requiring network
administrators to manually assign IP addresses to all network devices. DHCP can be
implemented on small local networks, as well as large enterprise networks. DHCP assigns new
IP addresses in each location when devices are moved from place to place, which means network
administrators do not have to manually configure each device with a valid IP address or
reconfigure the device with a new IP address if it moves to a new location on the network.

In this case, the operation can be described as follows:

1. The DHCP server issues a passive open command on UDP port number 67 and waits for a
client.

2. A booted client issues an active open command on port number 68. The message is
encapsulated in a UDP user datagram, using the destination port number 67 and the source port
number 68.

3. The server responds with either a broadcast or a unicast message using UDP source port
number 67 and destination port number 68.

5.6 Remote Login: TELNET and SSH

Working of TELNET

TELNET: TELNET is an abbreviation for TErminaLNETwork. It is the standard TCP/IP

protocol for virtual terminal service.

TELNET Working:
• TELNET is a client-server application that allows a user to log on to a remote machine, giving
the user access to the remote system.

• The user sends the keystrokes to the terminal driver, where the local operating system accepts
the characters but does not interpret them.

• A terminal driver correctly interprets the keystrokes on the local terminal or terminal emulator.
The characters are sent to the TELNET client, which transforms the characters to a universal
character set called network virtual terminal (NVT) characters and delivers them to the local
TCP/IP protocol stack.

• The commands or text, in NVT form, travel through the Internet and arrive at the TCP/IP stack
at the remote machine.

• Here the characters are delivered to the operating system and passed to the TELNET server,
which changes the characters to the corresponding characters understandable by the remote
computer.

• However, the characters cannot be passed directly to the operating system because the remote
operating system is not designed to receive characters from a TELNET server: It is designed to
receive characters from a terminal driver.
• A piece of software called a pseudo terminal driver is added which pretends that the characters
are coming from a terminal. The operating system then passes the characters to the appropriate
application program

SSH(Secure Shell)
Frame format of SSH

SSH Format

1. Length: It indicates the size of the packet, not including the length field or the variable
length random padding fields that follows it.

2. Padding: It causes an intrusion to be more difficult.

3. Type: It identifies the type of message.

4. CRC: It is an error detection field.

Working of SSH

SSH (Secure Shell) is the most popular remote login application program. SSH uses client-server
architecture in its implementation. An SSH server can be deployed and allow several SSH clients
to connect to it. The architecture of SSH is shown in following Fig. and the SSH process is as
follows: 1) The SSH client on the left provides authentication to the SSH server on the right. In
the initial connection, the client receives a host key of the server, therefore, in all subsequent
connections, the client will know it is connecting to the same SSH server. This places less em-
phasis on the IP address of the SSH server, which can be easily spoofed, and more emphasis on
the host key of the server, which cannot be spoofed very easily. 2) The SSH server determines if
the client is authorized to connect to the SSH service by verifying the username/password or
public key that the client has presented for authentication. This process is completely encrypted.
3) If the SSH server authenticates the client and the client is authorized, the SSH session begins
between the two entities. All communication is completely encrypted.

Fig. SSH Communication from an SSH Client to an SSH Server

The steps involved in creating an SSH session go like this:

1. Client contacts server to initiate a connection.
2. The server responds by sending the client a public cryptography key.
3. The server negotiates parameters and opens a secure channel for the client.
4. The user, through their client, logs into the server.
A diagram to show the application of cookies in a scenario in which the server
uses cookies for advertisement
Use of Cookies for advertisements: A cookie is also used by advertising agencies. An advertising
agency can place banner ads on some main website that is often visited by users. The advertising
agency supplies only a URL that gives the banner address instead of the banner itself. When a
user visits the main website and clicks on the icon of an advertised corporation, a request is sent
to the advertising agency. The advertising agency sends the banner, a GIF file, for example, but it
also includes a cookie with the ill of the user. Any future use of the banners adds to the database
that profiles the Web behaviour of the user. The advertising agency has compiled the interests of
the user and can sell this information to other parties. This use of cookies has made them very
controversial. Hopefully, some new regulations will be devised to preserve the privacy of users.

OR

 Figure below shows a scenario in which an electronic store can benefit from the use of cookies.

 A shopper wants to buy a toy from an electronic store named BestToys.com.

 The Server sends the Webpage, but it also includes a cookie with the ID 12343.
 Using this a file is created such that the information clicked by the user is sent and stored in the
file, which are used by the server.