Computer Communication Networks-

Chapter 6 : Application Layer

- Jyoti Bagate
Hypertext Transfer Protocol (HTTP)
 HTTP
◻ The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to access data on
the World Wide Web. HTTP functions like a combination of FTP and SMTP.
◻ It is similar to FTP because it transfers files and uses the services of TCP.
◻ However, it is much simpler than FTP because it uses only one TCP connection. There is
no separate control connection; only data are transferred between the client and the server.
◻ HTTP is like SMTP because the data transferred between the client and the server look
like SMTP messages. In addition, the format of the messages is controlled by MIME-like
headers. Unlike SMTP, the HTTP messages are not destined to be read by humans; they
are read and interpreted by the HTTP server and HTTP client (browser).
◻ SMTP messages are stored and forwarded, but HTTP messages are delivered immediately.
◻ The commands from the client to the server are embedded in a request message.
◻ The contents of the requested file or other information are embedded in a response
message. HTTP uses the services of TCP on well-known port 80.
◻ HTTP uses the services of TCP on well-known port 80.
 HTTP Transaction
◻ Figure illustrates the HTTP transaction between the client and server.
◻ Although HTTP uses the services of TCP, HTTP itself is a stateless protocol, which means that the
server does not keep information about the client.
◻ The client initializes the transaction by sending a request. The server replie by sending a response
◻ Request Message
◻ The format of the request is shown in Figure 22.11. A request message consists of a request line, a
header, and sometimes a body.
◻ Request Line
◻ The first line in a request message is called a request line.
◻ There are three fields in this line separated by some character delimiter as shown in Figure
◻ The fields are called methods, URL, and Version. These three should be separated by a space
character. At the end two characters, a carriage return followed by a line feed terminate the line.
The method field defines the request type. In version 1.1 of HTTP, several methods are defined, as
shown in Table .
HTTP Transaction
Format of Request Message

⮚ The second field, URL:

defines the address and name
of corresponding Web page.
⮚ The third field, version,
gives the version of the
protocol; the most current
version of HTTP is 1.1.
Format of Request Message: Method
Format of Request Message

◻ Header Lines In Request Message After the request line, we can have
zero or more request header lines. Each header line sends additional
information from the client to the server.
◻ For example, the client can request that the document be sent in a special
format. Each header line has a header name, a colon, a space, and a header
value (see Figure).
◻ We will show some header lines in the examples at the end of this chapter.
Table (next) shows some header names commonly used in a request.
◻ The value field defines the values associated with each header name.
◻ The list of values can be found in the corresponding RFCs.
Request Header Names

Body In Request Message:

The body can be present in a request message. Usually, it contains the comment to be sent.
Format of Response Message

The format of the response message is

shown in Figure.

A response message consists

of a status line, header lines, a blank
line and sometimes a body.
Response Message
◻ Status Line:
◻ The first line in a response message is called the status line.
◻ There are three fields in this line separated by spaces and terminated by a carriage return and line
feed.
◻ The first field defines the version of HTTP protocol, currently 1.1. The status code field defines
the status of the request. It consists of three digits. Whereas the codes in the 100 range are only
informational, the codes in the 200 range indicate a successful request. The codes in the 300
range redirect the client to another URL, and the codes in the 400 range indicate an error at the
client site. Finally, the codes in the 500 range indicate an error at the server site. The status
phrase explains the status code in text form.
◻ Header Lines:
◻ In Response Message After the status line, we can have zero or more response header lines.
◻ Each header line sends additional information from the server to the client. For example, the
sender can send extra information about the document.
Response Message

• Each header line has a header name, a colon, a space, and a header value.
• Next Table shows some header names commonly used in a response message.
• Body:
• The body contains the document to be sent from the server to the client.
• The body is present unless the response is an error message.
Response Message
Example 1

◻ This example retrieves a document. We use the GET method to

retrieve an image with the path /usr/bin/image1.

Solution:
We use the GET method to retrieve an image with the path /usr/bin/image1.
The request line shows the method (GET), the URL, and the HTTP version
(1.1). The header has two lines that show that the client can accept images in
the GIF or JPEG format. The request does not have a body. The response
message contains the status line and four lines of header. The header lines
define the date, server, MIME version, and length of the document. The body
of the document follows the header.
Example 1
Example 2

◻ In this example, the client wants to send data to the server. We use the POST
method.
◻ The request line shows the method (POST), URL, and HTTP version (1.1).
There are four lines of headers.
◻ The request body contains the input information. The response message
contains the status line and four lines of headers.
◻ The created document, which is a CGI document, is included as the body (see
Figure 22.14).
Example 2
Hypertext Transfer Protocol (HTTP)
⮚ The Hypertext Hypertext Transfer Protocol (HTTP) is a protocol protocol used mainly
to access data on the World Wide Web.
⮚ HTTP functions as a combination of FTP and SMTP
⮚ HTTP uses the services of TCP on well-known port 80.
Request and Response Message
Header Format
File Transfer Protocol (FTP)
File Transfer Protocol (FTP)
•FTP stands for File transfer protocol.
•FTP is a standard internet protocol provided by TCP/IP used for transmitting
the files from one host to another.
•It is mainly used for transferring the web page files from their creator to the
computer that acts as a server for other computers on the internet.
•It is also used for downloading the files to computer from other servers.

Objectives of FTP
•It provides the sharing of files.
•It is used to encourage the use of remote computers.
•It transfers the data more reliably and efficiently.
WHY FTP?

❖ Although transferring files from one system to another is very simple and straightforward, but sometimes it can cause problems.
For example, two systems may have different file conventions. Two systems may have different ways to represent text and data.
Two systems may have different directory structures. FTP protocol overcomes these problems by establishing two connections
between hosts. One connection is used for data transfer, and another connection is used for the control connection.
FTP Mechanism
✔ Figure shows the basic model of the FTP.
✔ The FTP client has three components: the user
interface, control process, and data transfer process.
✔ The server has two components: the server control
process and the server data transfer process.
Two types of Connections in FTP

•Control Connection: The control connection uses very simple rules for communication.
Through control connection, we can transfer a line of command or line of response at a
time. The control connection is made between the control processes. The control
connection remains connected during the entire interactive FTP session.
•Data Connection: The Data Connection uses very complex rules as data types may vary.
The data connection is made between data transfer processes. The data connection opens
when a command comes for transferring the files and closes when the file is transferred.
 FTP Client

•FTP client is a program that implements a file transfer protocol which allows
you to transfer files between two hosts on the internet.
•It allows a user to connect to a remote host and upload or download the files.
•It has a set of commands that we can use to connect to a host, transfer the
files between you and your host and close the connection.
•The FTP program is also available as a built-in component in a Web browser.
This GUI based FTP client makes the file transfer very easy and also does not
require to remember the FTP commands.
Advantages of FTP:
•Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest way to transfer the files
from one computer to another computer.
•Efficient: It is more efficient as we do not need to complete all the operations to get the entire file.
•Security: To access the FTP server, we need to login with the username and password. Therefore, we can say
that FTP is more secure.
•Back & forth movement: FTP allows us to transfer the files back and forth. Suppose you are a manager of the
company, you send some information to all the employees, and they all send information back on the same
server.

Disadvantages of FTP:
•The standard requirement of the industry is that all the FTP transmissions should be encrypted. However, not all
the FTP providers are equal and not all the providers offer encryption. So, we will have to look out for the FTP
providers that provides encryption.
•FTP serves two operations, i.e., to send and receive large files on a network. However, the size limit of the file is
2GB that can be sent. It also doesn't allow you to run simultaneous transfers to multiple receivers.
•Passwords and file contents are sent in clear text that allows unwanted eavesdropping. So, it is quite possible
that attackers can carry out the brute force attack by trying to guess the FTP password.
•It is not compatible with every system.
Domain Name Server (DNS)
Introduction
⮚DNS is the second application program.
⮚DNS is a client/server application program used to help other
application programs.
⮚DNS is used to map a host name in the application layer to an IP
address in the network layer.
Need for DNS
⮚TCP/IP protocol use the IP address, which uniquely identifies the connection of a host to the
internet.
⮚People refer to use names instead of numeric addresses. Therefore we need a system that can map
to an address or an address to a name.
⮚When internet was small mapping was done using a host file which had two columns: name and
address.
⮚For large internet, options are:
1. One option is to store entire host file in a single computer and allow access to this centralized
information to every computer that needs mapping.
2. Other option is to divide this huge amount of information into smaller parts and store each
part on a different computer. The host that needs mapping can contact the closest computer
holding the needed information. This method is used by Domain Name System (DNS).
Purpose of DNS

⮚ Figure shows how TCP/IP uses a DNS client and DNS server to map a name to an address; the reverse mapping is
similar.
⮚ in Figure, a user wants to use a file transfer client to access the corresponding file transfer server running on a remote
host.
⮚The user knows only the file transfer server name, such as forouzan.com.
⮚However TCP/IP suits needs the IP address of the file transfer server to make the connection.
Purpose of DNS
The following six steps map the host name to an IP Address.
1. The user passes the host name to the file transfer client.
2. The file transfer client passes the host name to the DNS client.
3. Each computer, after being booted, knows the address of one DNS server.
The DNS client sends a message to a DNS server with a query that gives the
file transfer server name using the known IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer
server.
5. The DNS client passes the IP address to the file transfer server.
6. The file transfer client now uses the received IP address to access the file
transfer server.
Name space
⮚The name assigned to machines must be carefully selected from a name space
with complete control over the binding between the name and IP addresses.
⮚The name must be unique because the addresses are unique.
⮚A name space that maps each address to a unique name can be organized in
two groups.
1. Flat Name space
2. Hierarchical Name Space
Flat Name Space
⮚In a flat name space, a name is assigned to an address.
⮚A name in this space is sequence of characters without structure.
⮚The names may or may not have a common sections: if they do, it has
no meaning.
⮚Advantage: it cannot be used in a large system such as the internet
because it must be centrally controlled to avoid ambiguity and
duplication.
Hierarchical Name Space
⮚In a hierarchical Name space, each name is made of several parts.
⮚The first part can define the nature of the organization
⮚The second part can define the name of the organization
⮚The third part can define departments in the organization and so on.
⮚In this case, the authority to assign and control the name spaces can be decentralized.
⮚A central authority can assign the part of the name that defines the nature of the
organization and name of the organization.
⮚The responsibility of the rest of the name can be given to the organization itself.
⮚The organization can add suffixes (or prefixes) to the name to define its host or
resources.
⮚The management of the organization need not worry that the prefix chosen for a host
is taken by another organization because even if part of an address is same, the whole
address is different.
Domain Name space
⮚To have a hierarchical name space, a domain name space was designed.
⮚In this design, the names are defined in an inverted –tree structure with the root at the
top.
⮚The tree can have only 128 levels: level 0(root) to level 127
Domain Name space
⮚Label:
❖Each node in the tree has a label, which is a string with a maximum of 63
characters.
❖The root label is a null string (empty string).
❖DNS requires that children of a node ( nodes that branch from the same node)
have different labels, which guarantees the uniqueness of the domain names.
Domain Name:
✔ Each Node in the tree has a domain
name.
✔ A full domain name is a sequence of
labels separated by dots (.)
✔ the domain names are always read
from the node up to the root.
✔ the last label of the root (null).
✔ means a full domain always ends in a
null label, which means the last
character is a dot because the null string
is nothing.
Fully qualified domain name
⮚If a label is terminated by a null string, it is called fully qualified domain name
(FQDN).
⮚An FQDN is a domain name that contains the full name of a host.
⮚It contains all labels, from the most specific to the most general, that uniquely define the
name of the host.
⮚E.g the domain name is the FQDN of a computer named challenger installed at the Advanced
Technology Center (ATC) at De Anza college.
⮚A DNS server can only match an FQDN to an address.
⮚The name must end with a null label, but because null means nothing, the label ends with a
dot (.) challenger.atc.fhda.edu.
Partially qualified domain name (PQDN)
⮚If a label is not terminated by a null string, it is called a partially qualified domain
name (PQDN).
⮚A PQDN starts from a node, but it does not reach the root.
⮚It is used when the name to be resolved belongs to the same site as the client.
⮚Here the resolver can supply the missing part, called the suffix, to create an FQDN.
⮚E.g if a user at the fhda.edu. site wants to get the IP address of the challenger computer, he
or she can define the partial name challenger
⮚The DNS client adds the suffix stc.fhda.edu. before passing the address to the DNS server.
⮚The DNS client normally holds a list of suffixes. The following can be the list of suffixes
at De Anza College.
⮚The null suffix defines nothing. This suffix is added when the user defines an FQDN.
atc.fhda.edu fhda.edu null
Domain
⮚A domain is a structure of the
domain name space.
⮚The name of the domain is the
name of the node at the top of the
subtree.
⮚Next figure shows some domains.
⮚Domain may itself be divided into
domains (or subdomains as they
are sometimes called.)
Distribution of Name space
⮚The information contained in the domain name space must be stored.
⮚It is very inefficient and also not reliable to have just one computer store such
a huge amount of information.
⮚It is inefficient responding to requests from all over the world places a heavy
load on the systems.
⮚It is not reliable because any failure makes the data inaccessible.
Hierarchy of Name server

⮚ The solution to these problems is to distribute the information among many computers called DNS servers.
⮚ One way to do this is to divide the whole space into many domains based on the first level.
⮚ We let the root stand alone an create as many domains (subtrees) as there are first level nodes.
⮚ Because a domain created this way could be very large. DND allows domains to be divided further into
smaller domains (subdomains).
⮚ Each server can be responsible (authoritative) for either a large or small domain.
⮚ We have a hierarchy of servers in the same way that we have a hierarchy of names.
Zone ⮚ What a server is responsible for or has authority
over is called a ZONE. Zone is a contiguous part of
the entire tree.
⮚ If a server accepts responsibility for a domain and
does not divide the domain into smaller domains, the
“domains” and “zone” refers to the same thing.
⮚ The server makes the database called a “zone file” and
keeps all the information for every node under that
domain.
⮚ If the server divides its domain into subdomains and
delegates part of its authority to other servers,
“domain” and “zone” refer to different things.
⮚ The information about the nodes in the subdomains is
stored in the servers at the lower levels, with the
original server keeping some sort of reference to these
⮚Original server still has a zone, but the detailed information is kept
lower-level by the lower level servers.
servers.
⮚A server can also divide part of its domain and delegate responsibility but still keeps part of the domain for
itself.
⮚In this case, its zone is made of detailed information for the part of the domain that is not delegated and
references to those parts that are delegated.
Root server
⮚A root server is a server whose zone consists of whole tree.
⮚A root server usually does not store any information about domains but delegates
its authority to other services, keeping reference to those servers.
⮚There are several root servers, each covering the whole domain name space.
⮚The root servers are distributed all around the world.

Primary and Secondary Servers:

⮚DNS defines two types of servers: Primary and secondary
⮚A primary server is a server that stores a file about the zone for which it is an
authority.
⮚It is responsible for creating, maintaining and updating the zone file.
Primary and Secondary Servers:

⮚A secondary server is a server that transfers the complete information about a zone
from another server (primary or secondary) and stores the file on its local disk.
⮚The secondary server neither creates nor updates the zone files.
⮚If updating is required it must be done by the primary server, which sends the
updated version to the secondary.
⮚The primary and secondary servers are both authorities for the zones they serve.
⮚The idea is not to put the secondary server at a lower level of authority but to create
redundancy for the data so that if one server fails, the other can continue serving
clients.
⮚A server can be a primary server for a specific zone and a secondary server for
another zone.
⮚When we refer to a server as a primary or secondary server, we should be careful
about which zone we refer to.
Note:

A primary server loads all information from

the disk file; the secondary server loads
all information from the primary server.
When the primary downloads information
from the secondary, it is called zone transfer.
DNS in the internet
⮚DNS is a protocol that can be used in different platforms.
⮚In the internet, the domain name space (tree) is divided into three different sections:
1. Generic domains
2. Country domains
3. Inverse domain
Generic Domains
✔ The generic domain defines
registered hosts according to
their generic behavior.
✔ Each node in the tree defines a
domain, which is an index to the
domain space database.
✔ First level in the generic domain
section allows 14 possible levels.
✔ These labels describe the
organization types as listed in
next table.
Generic Domain Labels
Country domains
✔ The country domains section uses two
character country abbreviations
(e.g. us for United State)
✔ The second labels can be
organizational or they can be more
specific, national designation.
✔ E.g United states use state
abbreviations as a subdivision of us
(e.g., ca.us.)
✔ As shown in figure, the address
anza.cup.us can be translated to De
Anza College in California in the
united states.
Inverse Domain
✔ The inverse domain is used to map an address to a
name.
✔ This may happen, for example, when a server has
received a request from a client to do a task.
✔ Although the server has a file that contains a list of
authorized clients, only IP address of the client
(extracted from the received IP packet) is listed.
✔ The server asks its resolver to send a query to the DNS
server to map an address to a name to determine if
the client is on the authorized list.
✔ This type of query is called an inverse or pointer
(PTR) query.
✔ To handle a pointer query, the inverse domain is added
to the domain name space with the first level node
called arpa
✔ (for historical reason). The second level is also one
single node named in-addr (for inverse address).
Registrar
✔ The new domains are added to DNS, through a registrar, a commercial
entity accredited by ICANN.
✔ A registrar first verifies that the requested domain name is unique and then
enters it into the DNS database.
✔ A fee is charged.
Resolution
Mapping a name to an address or an address to a name is called name address
resolution.
Resolver:
✔ DNS is designed as a client server applications.
✔ A host that needs to map an address to a name or a name to an address calls a
DNS client called a resolver.
✔ The resolver accesses the closest DNS server with a mapping request.
✔ If the server has the information, it satisfies the resolver; otherwise, it either refers
the resolver to other servers or asks other servers to provide the information.
✔ After the resolver receives the mapping, it interprets the response to see if it is a real
resolver or an error and finally delivers the result to the process that requested it.
 Mapping names to addresses
⮚Most of the time, the resolver gives a domain name to the server and asks for the
corresponding address.
⮚In this case the server checks the generic domain or the country domains to find the
mapping.
⮚If the domain name is from the generic section, the resolver receives a domain name such as
“chal.atc.fhda.edu” .
⮚The query is sent by the resolver to the local DNS server for resolution.
⮚If the local server cannot resolve the query, it either refers the resolver to other servers or
asks other servers directly.
⮚If the domain name is from the country domain section, the resolver receives a domain
name such as “ch.fhda.cu.ca.us”
⮚The procedure is the same.
Mapping addresses to names
⮚A client can send an IP address to a server to be mapped to a domain name.
⮚As mentioned before, this is called a PTR query.
⮚To answer queries of this kind, DNS uses the inverse domain.
⮚In this request, the IP address is reversed and two labels, in-addr and arpa,
are appended to create a domain acceptable by the inverse domain section.
⮚E.g. if the resolver receives the IP address 132.34.45.121, the resolver first
inverts the address and then adds the two labels before sending.
⮚The domain name sent is “121.45.34.132.in-addr.arpa.” which is received by
the local DNS and resloved.
Recursive Resolution
⮚The client (resolver) can ask for a recursive answer from a name server.
⮚This means that the resolver expects the server to supply the final answer.
⮚If the server is the authority for the domain name, it checks its database and
responds.
⮚If the server is not the authority, it sends the request to the another server
(the parent usually) and waits for the response.
⮚If the parent is the authority, it respond; otherwise it sends the query to yet
another server.
⮚When the query is finally resolved, the response travels back until it finally
reaches the requesting client.
Recursive Resolution
 Iterative resolution
⮚If the client does not ask for a recursive answer, the mapping can be done
iteratively.
⮚If the server is an authority for the name, it sends the answer. If it is not, it returns
(to the client) the IP address of the server that it thinks can resolve the query.
⮚The client is responsible for reopening the query to this second server.
⮚If the newly added server can resolve the problem, it answers the query with the
IP address, otherwise it returns the IP address of a new server to the client.
⮚Now the client must repeat the query to the third server.
⮚This process is called iterative because the client repeats the same query to
multiple servers.
⮚In next fig the client queries five servers before it gets an answer from
mcgraw.com server.
ITERATIVE RESOLVING
caching
⮚Each time a server requires a query for a name that is not in its domain, it needs to
search its database for a server IP address.
⮚Reduction of this search time would increase efficiency.
⮚DNS handles this with a mechanism called caching.
⮚When a server asks for a mapping from another server and receives the response, it
stores this information in its cache memory before sending it to the client.
⮚If the same or another client asks for the same mapping, it can check its cache
memory and resolve the problem.
⮚However, to inform the client that the response is coming from the cache memory
and not from an authoritative source, the server marks the response as
unauthoritative.
 caching
⮚Caching speeds up the resolution but it can also be problematic.
⮚If a server caches a mapping for a long time, it may send an outdated mapping
to the client.
⮚To counter this two techniques are used.
1. The authoritative server always adds information to mapping called time-to-
live (TTL). It defines the time in seconds that the receiving server can cache
the information. After that time, the mapping is invalid and any query must be
sent again to the authoritative server.
2. DNS requires that each server keep a TTL counter for each mapping it caches.
The cache memory must be searched periodically and those mappings with an
expired TTL must be purged.
Simple Mail Transfer Protocol (SMTP)
• Message Transfer Agent: SMTP
⮚To send mail, a system must have the client MTA, and to retrieve mail, a
system must have a server MTA.
⮚The formal protocol that defines the MTA client and server in the internet is
called Simple Mail Transfer Protocol (SMTP).
⮚Two pairs of MTA client server programs are used in the most common
situation
⮚Next figure shows the range of the SMTP protocol in this scenario.
⮚SMTP is used two times between sender and the senders’ mail server and
between the two mail server.
⮚Another protocol is needed between the mail server and the receiver.
• Message Transfer Agent: SMTP
✔ SMTP simply defines how commands and responses must be sent back and forth.
✔ Each network is free to choose a software package for implementation.

SMTP Range
 • Commands and Responses:
⮚SMTP uses commands and responses to transfer messages between MTA client and an
MTA server.
⮚Each command or reply is terminated by a two character (carriage return and line feed)
end-of-line.

Commands:
⮚ Commands are sent from the client to the server.
⮚ Format is keyword: argument(s)
⮚ It consists of a keyword followed by zero or more arguments.
⮚ SMTP defines 14 commands listed in below table.
Commands:
⮚ HELO: is used by client to identify itself.
The argument is the domain name of the
client host. The format is
HELO:challenger.atc.fhda.edu
⮚ MAIL FROM: is used by client to identify
sender of the message. The argument is the
email address of the sender (local part plus
the domain name).The format is:
MAIL FROM:
[email protected]
⮚ RCPT TO: is used by the client to
identify the intended recipient of the
message. The argument is the email address
of the recipient. If there are multiple
recipients, the command is repeated. The
format is:
RCPT TO: betsy@ megraw-hill.com
⮚ DATA: is used to send the actual message. All lines that follows the data command treated as the
email message. The message is terminated by a line containing just one period. The format is:
DATA This is the message To be send to the McGraw –Hill Company.
⮚ QUIT: this command terminates the message. The format is QUIT
• RESET: this command aborts the current mail transaction. The stored information about the sender
and recipient is deleted. The connection will be reset. The format is: RESET
⮚ VEFY: is used to verify the address of the recipient, which is sent as the argument. The sender can ask
the receiver to confirm that a name identifies a valid recipient. Its format is: VEFY:
[email protected]
⮚ NOOP: is used by the client to check the status of the recipient. It requires an answer from the
recipient. Format: NOOP
⮚ TURN: This command lets the sender and recipient switch positions, whereby the sender becomes the
recipient and vice versa. Most SMTP implementations today do not support this feature. The format
is : TURN
⮚ EXPN: This command asks the receiving host to expand the mailing list sent as the arguments and to
return the mailbox addresses of the recipients that comprise the list. The format is: EXPN: x y z
⮚HELP: this command asks the recipient to send the information about the command
sent as the argument. The format is HELP: mail
⮚SEND FORM: this commands specifies that the mail is to be delivered to the
terminal of the recipient and not the mailbox. If the recipient is not logged in, the
mail is bounced back. The argument is the address of the sender .
The format is SEND FORM : [email protected]
⮚SMOL FROM: This command specifies that the mail is to be delivered to the
terminal or the mailbox of the recipient. This means that if the recipient is logged in,
the mail is delivered only to the terminal. If the recipient is not logged in, the mail is
delivered to the mailbox. The argument is the address of the sender.
The format is: SMOL FROM: [email protected]
⮚SMAL FROM: This command specifies that the mail is to be delivered to the
terminal or the mailbox of the recipient. This means that if the recipient is logged in,
the mail is delivered to the terminal and mailbox. If the recipient is not logged in, the
mail is delivered only to the mailbox. The argument is the address of the sender.
The format is: SMOL FROM: [email protected]
• Responses:
✔ Responses are sent from
the server to the client.
✔ A response is a three
digit code that may be
followed by additional
textual information.
✔ Next table gives lists of
the responses.
Table 20.5 Responses (Continued)
• Mail Transfer Phases:
✔ The process of transferring a mail message occurs in three phases: connection
establishment, mail transfer and connection termination.
⮚Connection establishment:
✔ After a client has made a TCP connection to the well known port 25, the SMTP
server starts the connection phase.
✔ This phase involves following three steps as shown in figure:
⮚Phase 1: Connection establishment:
1) The server sends code 220 (service ready) to tell the client that it is
ready to receive mail. If the server is not ready, it sends code 421
(service not available).
2) The client send the HELO message to identify itself using its domain
name address. This step is necessary to inform the server of the domain
name of the client. During TCP connection establishment, the sender
and receiver know each other through their IP address.
3) The server responds with code 250 (request command completed) or
some other code depending on the situation.
• Phase 2: Message
Transfer:
⮚After connection has
been established between
the SMTP client and
server, a single message
between a sender and one
or more recipients can be
exchanged. This phase
involves 8 steps. Steps 3
and 4 are repeated if there
is more that one recipient.
• Phase 2: Message Transfer: 8 steps:
1. The client sends the MAIL FROM message to introduce the sender of the message. It
includes the mail address of the sender (mailbox and domain name). This step is needs
to give the server the return mail address for returning errors and reporting messages.
2. The server responds with the code 250 or some other appropriate code.
3. The client sends the RCPT TO (recipient) message, which includes the mail address of
the recipient.
4. The server responds with the code 250 or some other appropriate code.
5. The client sends the DATA message to initialize the message transfer.
6. The server responds with code 354 (start mail input) or some other appropriate
message.
7. The client sends the contents of the message in consecutive lines. Each line is
terminated by a two character end of line token (carriage return and line feed). The
message is terminated by a line containing just one period.
8. The server responds with code 250 (OK) or some other appropriate code.
• Phase 3: Connection Termination
✔ After the message is transferred successfully, the client terminates the connection.
✔ This phase involves two steps.
1. The client sends the QUIT command.
2. The server responds with code 221 or some other appropriate code.
After the connection termination phase, the TCP connection must be closed.
Example 1
Let us see how we can directly use SMTP to send an email and simulate the
commands and responses we described in this section. We use TELNET to log into
port 25 (the well-known port for SMTP). We then use the commands directly to send
an email. In this example, [email protected] is sending an email to himself. The
first few lines show TELNET trying to connect to the adelphia mail server.
$ telnet mail.adelphia.net 25
Trying 68.168.78.100...
Connected to mail.adelphia.net (68.168.78.100).

After connection, we can type the SMTP commands and then receive the responses as
shown below. We have shown the commands in black and the responses in color. Note
that we have added for clarification some comment lines, designated by the “=” sign.
These lines are not part of the email procedure.
TCP/IP Protocol Suite
78
 Example 1 (Continued)
================== Connection Establishment ============
220 mta13.adelphia.net SMTP server ready Fri, 6 Aug 2004 . . .
HELO mail.adelphia.net
250 mta13.adelphia.net
===================== Envelope ===================
MAIL FROM: [email protected]
250 Sender <[email protected]> Ok
RCPT TO: [email protected]
250 Recipient <[email protected]> Ok
=================== Header and Body ==================
DATA
354 Ok Send data ending with <CRLF>.<CRLF>
From: Forouzan
TO: Forouzan

This is a test message

to show SMTP in action.
.
TCP/IP Protocol Suite 79
Example 1 (Continued)

============= Connection Termination===============

250 Message received: [email protected]
QUIT
221 mta13.adelphia.net SMTP server closing connection
Connection closed by foreign host.

TCP/IP Protocol Suite 80

TErminaL NETwork (TELNET)
TELNET
• TELNET is an abbreviation for TErminaL NETwork.
• Standard TCP/P protocol for virtual service as proposed by ISO.
• TELNET enables the establishment of a connection to a remote system in such
a way that the local terminal appears to be a terminal at the remote system.
• TELNET is a general purpose client-server application program.
 Time sharing Environment
• TELNET was designed at a time when most operating systems, such as Unix were operating in a time sharing
environment.
• In such an environment, a large computer supports multiple users. The interaction between a user and the computer
occurs through a terminal, which is usually a combination of keyboard, monitor and mouse.
• In time sharing environment, all of the processing must be done by central computer.
Login:-
⮚ In a time sharing environment, users are part of the system with some right to access resources.
⮚ Each authorized user has an identification and probably a password.
⮚ The user identification defines the user as part of the system
⮚ To access the system, the user logs into the system with a user id or login name.
⮚ The system also includes password checking to prevent an unathorized user from accessing the resources.
⮚ Two categories:-
1. Local Login
2. Remote Login
 Local
logina user logs into a local time
⮚When
sharing systems, it is called Local login.
⮚As a user types at a terminal or at a
work station running a terminal
emulator,
⮚The keystrokes are accepted by the
terminal driver. The terminal driver
passes the characters to the operating
system.
⮚The operating system, in turn,
interprets the combination of
characters and invokes the desired
application program or utility.
Remote
login
⮚ When a user wants to access an application program or utility located on a remote machine, he or she
performs a remote login.
⮚ The user sends the keystrokes to the terminal driver where the operating system accepts the
characters but does not interpret them.
⮚ The characters are sent to client which transforms the characters to a universal character are called
Network Virtual Terminal ( NVT) characters and delivers them to the local TCP/IP stack.
 Remote
login
⮚ The commands in NVT form travel through the internet and arrive at the TCP/IP stack at
the remote machine.
⮚ The characters are delivered to the operating system and passed to the TELNET server,
which changes the character to the corresponding characters understandable by the
remote computer.
⮚ The characters can not be passed directly to the operating system because the remote
operating is not designed to receive characters from a TELNET server.
⮚ It is designed to receive characters from a terminal driver, the solution is to add piece of
software called pseudoterminal driver; which pretends that the characters are coming
from a terminal. The operating system then passes the characters to the appropriate
application program.
Network Virtual Terminal (NVT)
⮚ The mechanism to access a remote computer is complex. This is because every computer and its
operating system accepts a special combination of characters as tokens.
⮚ For ex: the end of life token in a computer running the DOS operating system is Ctrl+z, while the
UNIX operating system recognizes Ctrl+d.
⮚ Heterogeneous system. For accessing any remote computer in the world, we first know what type of
computer we will be connected to, and we must also install the specific terminal emulator used by
that computer.
 Network Virtual Terminal (NVT)
⮚ acceptable by the remote computer.
NVT Character set:-
⮚ NVT uses two sets TELNET solves this problem by defining a universal interface called
the Network Virtual Terminal (NVT).
⮚ Via the interface, the client TELNET translates character that come from the local
terminal into NVT form and delivers them to the network.
⮚ The server TELNET, on the other hand, translates data and commands from NVT form
into the form of characters
1. Data
2. Control
Both are 8-bit bytes.
 Data characters
⮚ For data, NVT normally uses what is called NVT ASCII.
⮚ 8-bit character set I which seven lowest order bits are the same as US ASCII and the
highest order bit is 0.
⮚ Possible to send an 8-bit ASCII ( with the highest order bit set to be 0 or 1), this must first
be agreed upon between client and server using option negotiation.
Control Characters
⮚ To send control characters between computers, NVT uses an 8-bit character set in which the
highest order bit is set to 1.

Format of data characters Format of control characters

 Embedding
⮚ TELNET uses only one TCP connection.
⮚ The server uses the well known port 23 and the client uses an ephemeral port.
⮚ The same connection is used for sending both data and control characters.
⮚ TELNET accomplishes this by embedding the control characters in the data
stream.
⮚ To distinguish data from control characters, each sequence of control characters is
preceded by a special control character called interpret as control (IAC).
⮚ For example: Imagine a user wants a server to display a file (file 1) on a remote
server.
⮚ She types;

Cat file 1
 Embedding
⮚ Cat is a unix command that displays the content of the file on the screen.
⮚ However the name of the file has been mistyped (filea instead of file 1). The user uses
backspace key to correct this situation.
Cat filea<backspace>1
⮚ However, in the default implementation of TELNET, the user cannot edit locally, the
editing is done at the remote server.
⮚ The backspace character is translated into two remote characters(IAC EC), which is
embedded in the data and sent to the remote server.
 Options
⮚ TELNET lets the client and server negotiate options before or during the use of
the service. Options are extra features
available to a user with a more sophisticated terminal.
Code Option Meaning
0 Binary Interpret as a8-bit binary transmission
1 Echo Echo the data received on one side to the
other
3 Suppress go- Suppress go-ahead signals after data
ahead
5 Status Request the status of TELNET
6 Timing mark Define the timing marks
24 Terminal type Set the terminal type
32 Terminal speed Set the terminal speed
34 Line mode Change to line mode
 Option Negotiation

⮚ To use any of the options mentioned in the section first requires

option negotiation between client and the server.
⮚ Four control characters are used for this purpose.

Character Code Meaning 1 Meaning 2 Meaning 3

WILL 251 Offering to enable Accepting to
enable
WONT 252 Rejecting to enable Offering to Accepting to
disable disable
DO 253 Approving to Requesting to
enable enable
DONT 254 Disapproving to Approving to Requesting to
enable disable disable
Enabling an option

Some options can only be enabled by the server, some only by the client or some by both.
An option is enabled either through an offer or request.
1. Offer to enable:
⮚ A party can offer to enable an option if it has right to do so.
⮚ The offering can be approved or disapproved by the other party.
⮚ The offering party sends the WILL command, which means “Will I enable the
option?”. The other party sends either the DO command, which means “Please do,”
or the DON’T command, which means “Please don’t.”
2. Request to enable:-
⮚ A party can request from the other party the enabling of an option.
⮚ The request can be accepted or refused by the other party.
⮚ The requesting party sends the DO command, which means “Please do
enable the option.”
⮚ The other party sends either the WILL command, which means “I will.”
or the WONT command, which means “I won’t.”
 Disabling an option
An option that has been enabled can be disabled by one of the parties. An option is
disabled either through an offer or a request.
1. Offer to disable:-
⮚ A party can offer to disable an option. The other party must approve the offering: it
cannot be disapproved.
⮚ The offering party sends the WONT command which means “I won’t use the option
any more.”
⮚ The answer must be the DONT command, which means “ Don’t use it anymore.”
2. Request to disable:-
⮚ A party can request from another party the disabling of an option.
⮚ The other party must accept the request; it cannot be rejected.
⮚ The requesting party sends the DON’T command, which means “Please
don’t use this option anymore.”
⮚ The answer must be the WONT command, which means “I won’t use it
anymore.
SECURE SHELL (SSH)
SECURE SHELL (SSH)
Anther popular remote login application program is SSH like TELNET, uses
TCP as the underlying transport protocol, but SSH is more secure and
provides more services than TELNET.

Versions:-
Two versions of SSH
1. SSH 1
2. SSH-2
which are totally incompatible. The first version SSH-1 is now
deprecated because of security flaws in it. So, only SSH-2 is discussed.
 Components
Proposed application layer protocol with four components.

1. SSH Transport Layer Protocol ( SSH-TRANS):-

⮚ Since TCP is not a secured transport layer protocol, SSH first uses a protocol that creates a
secured channel on the top of TCP.
⮚ This new layer is an independent protocol referred to as SSH-TRANS.
⮚ Services provided by this protocol:-
i. Privacy or confidentiality of the message exchanged.
ii. Data integrity, which means that it is guarantees that the message exchanged between the
client and server are not changed by an intruder.
iii. Server authentication, which means that the client is now sure that the server is the one
that it claims to be.
iv. Compression of the messages that improve the efficiency of the system amd makes attack
more difficult.
Components

2. SSH Authentication Protocol (SSH-AUTH):-

⮚ After a secure channel is established between the client and the server is
authenticated for the client, SSH can call another software that can authenticate the
client for the server.

3. SSH Connection Protocol (SSH-CONN):-

⮚ After the secure channel is established and both server and client are authenticated
for each other, SSH can call a piece of software that implements the third protocol,
SSH-CONN.
⮚ One of the services provided by the SSH-CONN protocol is to do multiplexing.
⮚ SSH-CONN takes the secure channel established by the two previous protocols and
lets the client create multiple logical channels over it.
Components

4. SSH applications:-
⮚ After the connection phase is completed, SSH allows several
application programs to use the connection.
⮚ Each application can create a logical channel and then benefit from
the secured connection.
⮚ Remote login is one of the services that can use the SSH-CONN
protocols; other applications such as a file transfer application can
use one of the logical channels for this purpose.
Format of SSH Packets
⮚ Length:-
4-byte field defines the length of the packet including the type, the data and the
CRC field, but not the padding and the length field.
⮚ Padding:-
One to eight bytes of padding is added to the packet to make the attack on the
security provision more difficult.
⮚ Type:-
This one byte field defines the type of the packet used by SSH protocols.
⮚ Data:-
This field is of variable length. The length of the data can be found by deducting
the five bytes from the value of the length field.
⮚ CRC:-
The cyclic redundancy check field is used for error detection.
Dynamic Host Control Protocol
(DHCP)
 Introduction
• Each computer that uses the TCP/IP protocol suite needs to know its IP address.
• If the computer uses classless addressing or is a member of a subnet, it also needs to know
its subnet mask.
• Four pieces of information are normally needed.
1. The IP address of the computer
2. The subnet mask of the computer
3. The IP address of a router
4. The IP address of a name server
 Previous Protocols
• RARP: is a version of ARP
• ARP maps an IP address to a physical address; RARP maps a physical address to an IP address.
• RARP is deprecated today for two reasons:
1. RARP used the broadcast service of the data link layer, which means that a RARP server must be present
in each network.
2. RARP can provide only the IP address of the computer, but a computer today needs all four piece of
information

• BOOTP: is a pre-runner of DHCP.

• It is a client/server protocol designed to overcome the two deficiencies of the RARP protocol.
1. BOOTP server can be anywhere in the internet.
2. It can provide all pieces of information including IP address.
• BOOTP is a static configuration protocol.
• When a client request its IP address, the BOOTP server consults a table that matches the physical address
of client with its IP address. Means binding between the physical address and IP address of the client is
already exist.
 Need Of DHCP
• There are some situations in which we need a DHCP.
• E.g1: when a host moves from one physical network to another, its physical address
changes.
• E.g2: There are occasions when a host wants a temporary IP address to be used for a period
of time. BOOTP cannot handle these situations because the binding between the physical
and IP address is static and fixed in a table until changed by the administrator.
DHCP:
✔ DHCP is a client/server protocol designed to provide the four piece of information for a
diskless computer or a computer is booted for the first time.
✔ DHCP is a successor to BOOTP and is backward compatible with it.
Operation of DHCP
• The DHCP client and server can either be on the same network or on different networks.
• Same Network:
Operation of DHCP (on same network)
1. The DHCP server issues an passive open command on UDP port number 67 and waits for a
client.
2. The booted client issues an active open command on port number 68. The message is
encapsulated in a UDP user datagram, using the destination port number 67 and source port
number 68.
⮚ The UDP user datagram, in turn, is encapsulated in an IP datagram.
⮚ The client uses all 0s as the source address and all 1s as the destination address.
3. The server responds with either a broadcast or unicast message using UDP source port number
67 and destination port number 68.
⮚ The response can be unicast because the server knows the IP address of the client.
⮚ It also knows the physical address of the client, which means it does not need the services of ARP for
logical to physical address mapping.
⮚ However, some systems do not allow the bypassing of ARP, resulting in the use of the broadcast address.
Operation of DHCP (on Different network)
• In other application layer process, a client can be in one network and server in
another, separated by several other networks.

⮚ There is one problem that must be solved. The DHCP request is broadcast because the client does not know the IP address
of the server.
⮚A broadcast IP datagram cannot pass through any router. A router receiving such packets discards it. (recall that an IP
address of all 1s is a limited broadcast address.)
Operation of DHCP (on Different network)
• To Solve the problem, there is a need for an intermediary.
• One of the hosts (for a router that can be configured to operate at the application layer) can
be used as a relay. The host in this case is called a relay agent.
• The relay agent knows the unicast address of a DHCP server and listens for broadcast
message on port 67.
• When it receives this type of packet, it encapsulates the message in a unicast datagram and
sends the request to the DHCP server.
• The packet carrying a unicast destination address, is routed by any router and reaches the
DHCP server.
• The DHCP server knows the message comes from a relay agents because one of the fields in
the request message defines the IP address of a relay agent.
• The relay agent after receiving reply, sends it to the DHCP client.
UDP PORTS
• Next figure shows the interaction between a client and a DHCP server.

✔ The use of a well known port (less than 1024) prevents the use of the same two destination port numbers.
✔ Host B cannot select 68 as the ephemeral port because ephemeral port numbers are greater than 1023.
✔ If both host uses DHCP client, transaction ID is used to differentiate the clients.
✔ Transaction ID is randomly chosen for each connection involving DHCP.
✔ It is highly importable that two hosts will choose the same ID at the same time.
Error Control
• DHCP uses UDP which does not provide error control. Therefore DHCP must provide error
control.

• Error control is accomplished through two strategies:

1. DHCP requires that UDP uses the checksum. The use of the checksum in UDP is optional.
2. The DHCP client uses timers and a retransmission policy if it does not receive the DHCP
reply to a request. To prevent a traffic jam when several hosts need to retransmit a request
(for example, after a power failure). DHCP forces the client to use a random number to set
its timers.
Packet Format ⮚ Operation Code: 8 bit field defines the type
of DHCP packet: request(1) or request (2)
⮚ Hardware Type: 8 bit field defines the type of
the physical network. E.g. for Ethernet the value
is 1.
⮚ Hardware Length: 8 bit field defines the
length of the physical address in bytes. E.g. for
Ethernet the value is 6.
⮚ Hop count: 8 bit filed defining the maximum
number of hopes the packet can travel.
⮚ Transaction ID: 4 byte field carrying an
integer. The transaction identification is set by
the client and is used to match a reply with the
request. The server returns the same value in its
reply.
⮚ Number of Seconds: 16 bit field, includes the
number of seconds elapsed since the time the
client started to boot.
⮚ Flag: 16 bit field in which only the leftmost
bit used and the rest of the bits should be set to
0s. A leftmost bit specifies a forced broadcast
reply (instead of unicast) from the server.
Packet Format ⮚ Flag: If the reply were to be unicast to the client, the
destination IP address of the IP packet is the address assigned to
the client. Since the client does not know its IP address, it may
discard the packet. However, if the IP datagram is broadcast,
every host will receive and process the broadcast message.
Next figure shows the flag format.
⮚ Client IP address: 4 byte field, contains client IP address. If
client does not have this information , this field has a value of
0.
⮚ Your IP address : 4 byte field, contains client IP address. It
is filled by the server (in the reply message) at the request of
the client.
⮚ Server IP address: 4 byte field, contains server IP address.
It is filled by the server in a reply message.
⮚ Gateway IP address : 4 byte field, contains IP address of
router. It is filled by the server in a reply message.
⮚ Client Hardware address: is the physical address of the
client. Although the server can retrieve this address from the
frame sent by the client, it is more efficient if the address is
supplied explicitly by the client in the request message.
Packet Format ⮚ Server Name: 64 byte field, optionally filled by the
server in a reply packet. It contains null terminated
string consisting of the domain name of the server. If
the server does not want to fill this field with data, the
server must fill it with all 0s.
⮚ Boot filename: 128 byte field, optionally filled by
the server in a reply packet. It contains a null terminated
string consisting of the full pathname of the boot file.
The client can use this path to retrieve other booting
information. If the server doest not want to fill the field
with data, the server must fill it with all 0s.
⮚ Options: 64 byte field with a dual purpose. It can
carry either additional information (such as the network
mask or default router address) or some specific vendor
information. This field is used only in a reply message.
The server uses a number, called a magic cookie, in the
format of an IP address with the value of 99.130.83.99.
when the client finishes reading the message, it looks
for this magic cookie.
If present, the next 60 bytes are options.
 Flag Format & Option Format An option composed of
Flag Format: 3 fields:
1 byte tag field, 1 byte
length field and a
variable length
Value field.
The length field defines
the length of the value
field, not the whole
option.
Option Format:
Options for DHCP
▪ The length of the fields
that contain IP addresses
are multiples of the 4
bytes.
▪ The padding option,
which is only 1 byte long,
is used only for
alignment. The end of list
option which is also
only 1 byte long, indicates
the end of the option field.
▪ Vendor can use option
tags 128 to 254 to supply
extra information in a
reply message.
 Configuration
1. Static Address Allocation:
⮚ In this capacity, DHCP sever has a database that statistically binds physical address to IP address.
⮚ when working in this way, DHCP is backward compatible with the deprecated protocol BOOTP

2. Dynamic Address Allocation:

⮚ DHCP has a second database with a pool of available IP addresses. This second database makes DHCP dynamic.
⮚ When a DHCP client requests a temporary IP address, the DHCP server goes to the pool of available (unused) IP
addresses and assigns an IP address for a negotiable period of time.
⮚ When DHCP client sends a request to DHCP server, the server first checks its static database. If an entry with
requested physical address exists in the static database, permanent IP address of the client is returned. If the entry
does not exist in the static database, the server selects an IP address from available pool, assigns the address to the
client and adds the entry to the dynamic database.
⮚ The dynamic aspect is needed when a host moves from network to network or is connected and disconnected from
a network.
⮚ The addresses assigned from the pool are temporary addresses.
⮚ The DHCP issues a lease for a specific period of time. When lease expires, the client must either stop using IP
address or renew the lease. The server has choice to agree or disagree with the renewal. If the server disagrees, the
client stops using the address.
Transition states
• To provide dynamic address allocation, the DHCP client acts as a state machine that
performs transitions from one state to another depending on the message it receives or
sends.
• The type of the message in this case is defined by the option with tag 53 that is included in
the DHCP packet.
• Instead of adding an extra field to the BOOTP protocol to define DHCP type, the designer
decided to add an extra option for this purpose..
• Next figure shows the type option and the interpretation of its value to define type of the
DHCP packet.
Transition states ⮚ INIT state:
when the DHCP client first starts, it is in
INIT state (initializing state). The client
broadcasts a DHCPDISCOVER
message (a request message with the
DHCPDISCOVER) option, using port
67.
⮚ SELECTING state:
After sending the DHCPDISCOVER
message, the client goes to the selecting
state. Those servers that can provide this
type of services respond with a
DHCODISCOVER message.
In this message, the servers offer an IP
address. They can also offer the lease
duration. The default is 1 hr.
The server that sends DHCPOFFER
locks the offered IP address so that it is
not available to any other clients. The
client chooses one of the offers and sends
a DHCPREQUEST message to the
selected server.
Transition states ⮚ SELECTING state:
(continued..)
It then goes to the requesting state. If the
client receives no DHCPOFFER
message, it tries four more times, each
with a span of 2 seconds. If there is no
reply to any of these
DHCPDISCOVERs, the client sleeps for
5 minutes before trying again.
⮚ REQUESTING state:
The client remains in the requesting state
until it receives a DHCPACK message
from the server that creates the binding
between the client physical address and
its IP address. After receipt of
DHCPACK, the client goes to the bound
state.
Transition states ⮚ BOUND state:
In this state, client can use the IP address
until the lease expires. When 50 percent
of the lease period is reached, the client
sends another DHCPREQUEST to ask for
renewal. It then goes to the renewing
state. When in the bound state, the client
can also cancel the lease and go to the
initializing state.
⮚ RENEWING state:
The client remains in the receiving state
until one of two events happens. 1. It can
receive a DHCPACK, which renews the
lease agreement. In this case, the client
resets its timer and goes back to the bound
state.
2. Or if a DHCPACK is not received, and
87.5 percent of the lease time expires, the
client goes to the rebinding state.
Transition states
⮚ REBINDING state:
the client remains in the rebinding state until
one of three events happens. If the client
receives a DHCPNACK or the lease expires, it
goes back to the initializing state and tries to
get another IP address. If the client receives a
DHCPACK, it goes to the bound state and
resets the timer.
Issues related to DHCP states
• Early Release:
⮚A DHCP client that has assigned an address for a period of time may release the address
before the expiration time.
⮚The client may send a DHCPRELEASE message to tell server that the address is no
longer needed. This helps the server to assign the address to another client waiting for it.
• Timers:
⮚Client uses three timers:
1. Renewal timer 2. rebinding timer 3.expiration timer
⮚ If the server does not specify the time out values for these timers when the address is
allocated the client needs to use the default value. The default value for each timer is:
Renewal Timer 50% of lease time

Rebinding Timer 87.5% of lease time

Expiration Timer 100% of lease time

Exchanging Messages