Professional Documents
Culture Documents
UNIT 5
Application Layer and Standard Client-Server Protocols
Syllabus
Introduction to Application Layer, Services, Application-Layer Paradigms, Client-Server
Programming: Application Programming Interface, Using Services of the Transport Layer,
Iterative Communication using UDP, Iterative Communication using TCP, Concurrent
Communication, World Wide Web and HTTP: FTP: Two Connections, Control Connection,
Data Connection, Security for FTP, E-Mail: Architecture, Web Based Mail, TELNET: Local
versus Remote Logging, Secure Shell (SSH): Components, Applications, Domain Name
System (DNS): Name Space, DNS in the Internet, Resolution, Caching, Resource Records,
DNS Messages, Registers, DDNS, Security of DNS.
Services:
The Services provide by the application layer are:
1. Network Layer
2. File Transfer, Access and Management (FTAM)
3. Addressing
4. Mail Services
5. Directory Services
6. Authentication
3. Addressing
To obtain communication between client and server, there is a need for addressing.
When a client made a request to the server, the request contains the server address and
its own address.
1
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
The server response to the client request, the request contains the destination address,
i.e., client address.
To achieve this kind of addressing, DNS is used.
4. Mail Services
An application layer provides Email forwarding and storage.
5. Directory Services
An application contains a distributed database that provides access for global
information about various objects and services.
6. Authentication
It authenticates the sender or receiver's message or both.
Application-layer Paradigms:
It should be clear that to use the Internet we need two application programs to interact with
each other:
one running on a computer somewhere in the world, the other running
on another computer somewhere else in the world.
The two programs need to send messages to each other through the Internet infrastructure.
However, we have not discussed what the relationship should be between these programs.
Should both application programs be able to request services and provide services, or should
the application programs just do one or the other?
Two paradigms have been developed during the lifetime of the Internet to answer this
question:
1. The client-server paradigm
2. The peer-to-peer paradigm
2
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
One of the areas that really fits in this paradigm is the Internet telephony.
Communication by phone is indeed a peer-to-peer activity.
No party needs to be running forever waiting for the other party to call. Another area
in which the peer-to-peer paradigm can be used is when some computers connected to
the Internet have something to share
with each other.
Although the peer-to-peer paradigm has been proved to be easily scalable and cost-
effective in eliminating the need for expensive servers to be running and maintained
all the time, there are also some challenges.
There are some new applications, such as BitTorrent, Skype, IPTV, and Internet
telephony, that use this paradigm.
Mixed Paradigm
An application may choose to use a mixture of the two paradigms by combining the
advantages of both.
For example, a light-load client-server communication can be used to find the address
of the peer that can offer a service.
3
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
When the address of the peer is found, the actual service can be received from the
peer by using the peer-to-peer paradigm.
Client-Server Programming:
In a client-server paradigm, communication at the application layer is between two running
application programs called processes: a client and a server.
A client is a running program that initializes the communication by sending a request.
A server is another application program that waits for a request from a client. The server
handles the request received from a client, prepares a result, and sends the result back to the
client.
The lifetime of a server is infinite: it should be started and run forever, waiting for the clients.
The lifetime of a client is finite.
It sends a finite number of requests to the corresponding server, receives the responses, and
stops.
Socket Interface
Socket interface started in the early 1980s at UC Berkeley as part of a UNIX environment.
The socket interface is a set of instructions that provide communication between the
application layer and the operating system.
It is a set of instructions that can be used by a process to communicate with another process.
For example, in most computer languages, like C, C++, or Java, we have several instructions
that can read and write data to other sources and sinks such as a keyboard (a source), a
monitor (a sink), or a file (source and sink).
Following diagram shows the socket format.
4
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
In application layer, communication between a client process and a server process is the
communication between two sockets.
As far as the application layer is concerned, communication between a client process and a
server process is communication between two sockets, created at two ends, as shown in
following diagram.
The client thinks that the socket is the entity that receives the request and gives the response
The server thinks that the socket is the one that has a request and needs the response.
If we create two sockets, one at each end, and define the source and destination addresses
correctly, we can use the available instructions to send and receive data.
The rest is the responsibility of the operating system and the embedded TCP/IP protocol.
Socket Address
The interaction between a client and a server is two-way communication.
In a two-way communication, we need a pair of addresses:
a. Local (sender)
b. Remote (receiver).
The local address in one direction is the remote address in the other direction and vice
versa.
Since communication in the client-server paradigm is between two sockets, we need a
pair of socket addresses for communication: a local socket address and a remote
socket address.
A socket address should first define the computer on which a client or a server is
running.
A computer in the Internet is defined by its IP address. a socket address should be a
combination of an IP address and a port number as shown in following diagram.
5
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
6
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
TCP a reliable protocol. TCP also can provide flow control and congestion control.
One problem with the TCP protocol is that it is not message-oriented, it
does not put boundaries on the messages exchanged.
Most of the standard applications that need to send long messages and require
reliability may benefit from the service of the TCP.
3. SCTP Protocol
SCTP provides a service which is a combination of the two other protocols.
Like TCP, SCTP provides a connection-oriented, reliable service, but it is not byte
stream oriented.
It is a message-oriented protocol like UDP. In addition, SCTP can provide multi-
stream service by providing multiple network-layer connections.
SCTP is normally suitable for any application that needs reliability and at the same
time needs to remain connected, even if a failure occurs in one network-layer
connection.
7
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Server Process
The server makes a passive open, in which it becomes ready for the communication,
but it
waits until a client process makes the connection.
It creates an empty socket.
It then binds the socket to the server and the well-known port, in which only part of
the socket (the server socket address) is filled (binding can happen at the time of
creation depending on the underlying language).
The server then issues a receive request command, which blocks until it receives a
request from a client.
The server then fills the rest of the socket (the client socket section) from the
information obtained in the request.
The request is the process and the response is sent back to the client.
The server now starts another iteration waiting for another request to arrive (an
infinite loop).
Note that in each iteration, the socket becomes only half-filled again; the client socket
address is erased.
It is totally filled only when a request arrives.
Client Process
The client process makes an active open. In other words, it starts a connection.
It creates an empty socket and then issues the send command, which fully fills the
socket, and sends the request.
The client then issues a receive command, which is blocked until a response arrives
from the server.
The response is then handled and the socket is destroyed.
8
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Flow Diagram
Following Diagram shows a simplified flow diagram for iterative communication using TCP.
There are multiple clients, but only one server. Each client is served in each iteration of the
loop.
The flow diagram is almost similar to the one for UDP, but there are differences that we
explain for each site.
Server Process
In following diagram, the TCP server process, like the UDP server process, creates a
socket and binds it, but these two commands create the listen socket to be used only
for the connection establishment phase.
The server process then calls the listen procedure, to allow the operating system to
start accepting the clients, completing the connection
phase, and putting them in the waiting list to be served.
The server process now starts a loop and serves the clients one by one.
In each iteration, the server process issues the accept procedure that removes one
client from the waiting list of the connected clients for serving.
If the list is empty, the accept procedure blocks until there is a client to be served.
When the accept procedure returns, it creates a new socket for data transfer.
The server process now uses the client socket address obtained during the connection
establishment to fill the remote socket address field in the newly created socket.
At this time the client and server can exchange data.
Client Process
9
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
The client flow diagram is almost similar to the UDP version except that the client
data-transfer box needs to be defined for each specific case.
Concurrent Communication:
A concurrent server can process several client requests at the same time. This can be done
using the available provisions in the underlying programming language.
In C, a server can create several child processes, in which a child can handle a client.
In Java, threading allows several clients to be handled by each thread.
1
0
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
The WWW today is a distributed client-server service, in which a client using a browser can
access a service using a server.
However, the service provided is distributed over many locations called sites. Each site holds
one or more web pages.
A web page can be simple or composite.
A simple web page has no links to other web pages
A composite web page has one or more links to other web pages.
Each web page is a file with a name and address.
Web Client (Browser)
A variety of vendors offer commercial browsers that interpret and display a web page, and all
of them use nearly the same architecture.
Each browser usually consists of three parts:
1. A controller
2. Client protocols
3. Interpreters (See below diagram)
The controller receives input from the keyboard or the mouse and uses the client programs to
access the document.
After the document has been accessed, the controller uses one of the interpreters to display
the document on the screen.
The client protocol can be one of the protocols described later, such as HTTP or FTP.
The interpreter can be HTML, Java, or JavaScript, depending on the type of document.
Some commercial browsers include Internet Explorer, Netscape Navigator, and Firefox.
Web Server
The web page is stored at the server.
Each time a request arrives, the corresponding document is sent to the client.
To improve efficiency, servers normally store requested files in a cache in memory; memory
is faster to access than a disk.
A server can also become more efficient through multithreading or multiprocessing.
In this case, a server can answer more than one request at a time.
Some popular web servers include Apache and Microsoft Internet Information Server.
1
1
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
For example, in the URL's path, dates, authors, and topics can be included in a section
referred to as the "slug."
Consider, for example, the URL for this definition:
https://www.techtarget.com/searchnetworking/definition/URL
Parts of a URL
Using the URL https://www.techtarget.com/whatis/search/query?q=URL as an example,
components of a URL can include:
The protocol or scheme
Used to access a resource on the internet.
Protocols include http, https, ftps, mailto and file.
The resource is reached through the domain name system (DNS) name. In this
example, the protocol is https.
Host name or domain name
The unique reference the represents a webpage.
For this example, whatis.techtarget.com.
Port name
Usually not visible in URLs, but necessary.
Always following a colon, port 80 is the default port for web servers, but there are
other options.
For example, :port80.
Path
A path refers to a file or location on the web server
For this example, search/query.
Query
Found in the URL of dynamic pages.
The query consists of a question mark, followed by parameters.
For this example, ?.
Parameters
Pieces of information in a query string of a URL.
Multiple parameters can be separated by ampersands (&).
For this example, q=URL.
Fragment
This is an internal page reference, which refers to a section within the webpage.
It appears at the end of a URL and begins with a hashtag (#).
Although not in the example above, an example could be #history in the URL
https://en.wikipedia.org/wiki/Internet#History.
Web Documents
The documents in the WWW can be grouped into three broad categories:
1. Static Documents
2. Dynamic Documents
3. Active Documents
Static Documents
A static web document resides in a file which is related with a web server.
The developer of static document finds the contents at the time.
The document is written.
Since contents do not modify, each request for a static document result in particularly the
same response.
Dynamic Documents
1
2
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
1
3
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
HTTP version 1.1 specifies a persistent connection by default. In a persistent connection, the
server leaves the connection open for more requests after sending a response.
The server can close the connection at the request of a client or if a time-out has been
reached.
The sender usually sends the length of the data with each response. However, there are some
occasions when the sender does not know the length of the data.
This is the case when a document is created dynamically or actively.
In these cases, the server informs the client that the length is not known and closes the
connection after sending the data so the client knows that the end of the data has been
reached.
Time and resources are saved using persistent connections.
Only one set of buffers and variables needs to be set for the connection at each site.
The round-trip time for connection establishment and connection termination is saved.
Message Formats
The HTTP protocol defines the format of the request and response messages, as show in
Following diagram.
We have put the two formats next to each other for comparison.
Each message is made of four sections.
The first section in the request message is called the request line.
The first section in the response message is called the status line.
The other three sections have the same names in the request and response messages.
However, the similarities between these sections are only in the names; they may have
different contents.
We discuss each message type separately.
Request Message
As we said before, the first line in a request message is called a request line.
There are three fields in this line separated by one space and terminated by two as
shown in Following diagram.
The fields are called method, URL, and version.
The method field defines the request types.
1
4
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
In version 1.1 of HTTP, several methods are defined, as shown in following Table.
After the request line, we can have zero or more request header lines. Each header
line sends additional information from the client to the server.
The body can be present in a request message. Usually, it contains the comment to be
sent or the file to be published on the website when the method is PUT or POST.
Response Message
The format of the response message is also shown in Following diagram.
A response message consists of a status line, header lines, a blank line, and sometimes
a body.
The first line in a response message is called the status line.
After the status line, we can have zero or more response header lines. Each header
line sends additional information from the server to the client.
Following Table shows some header names commonly used in a
response message.
1
5
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
The body contains the document to be sent from the server to the client.
The body is present unless the response is an error message.
Conditional Request
A client can add a condition in its request. In this case, the server will send the requested web
page if the condition is met or inform the client otherwise.
One of the most common conditions imposed by the client is the time and date the web page
is modified.
The client can send the header line If-Modified-Since with the request to tell the server that it
needs the page only if it is modified after a certain point in time.
Cookies
Cookie in simpler terms means just the textual information about some website.
When you visit a particular website, some information is saved in your local system so that
when you visit the same website again, this website is able to recognize you and show you
the results according to your preferences.
Cookies have been long used in the internet history and have developed in a magnificent
way.
HTTP Security
HTTP per se does not provide security.
HTTP can be run over the Secure Socket Layer (SSL).
In this case, HTTP is referred to as HTTPS.
HTTPS provides confidentiality, client and server authentication, and data integrity.
1
6
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Two Connections:
The two connections in FTP have different lifetimes.
The control connection remains connected during the entire interactive FTP session. The data
connection is opened and then closed for each file transfer activity.
It opens each time commands that involve transferring files are used, and it closes when the
file is transferred.
In other words, when a user starts an FTP session, the control connection opens.
While the control connection is open, the data connection can be opened and closed multiple
times if several files are transferred.
FTP uses two well-known TCP ports: port 21 is used for the control connection, and port 20
is used for the data connection.
Control Connection:
For control communication, FTP uses the same approach as TELNET.
It uses the NVT ASCII character set as used by TELNET. Communication is achieved
through commands and responses.
This simple method is adequate for the control connection because we send one command (or
response) at a time.
Each line is terminated with a two-character (carriage return and line feed) end-of-line token.
During this control connection, commands are sent from the client to the server and responses
are sent from the server to the client.
Commands, which are sent from the FTP client control process, are in the form of ASCII
uppercase, which may or may not be followed by an argument. Some of the most common
commands are shown in Following Table.
1
7
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Data Connection:
For sending the actual file, FTP makes use of a data connection.
A data connection is initiated on port number 20.
FTP sends the control information out-of-band as it uses a separate control connection.
Some protocols send their request and response header lines and the data in the same TCP
connection.
For this reason, they are said to send their control information in-band. HTTP and SMTP
are such examples .
1
8
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Before sending the file through the data connection, we prepare for transmission through the
control connection.
The heterogeneity problem is resolved by defining three attributes
of communication:
1. File type
2. Data structure
3. Transmission mode
1. File Type
FTP can transfer one of the following file types across the data connection: ASCII
file, EBCDIC file, or image file.
2. Data Structure
FTP can transfer a file across the data connection using one of the following
interpretations of the structure of the data:
a. File structure
b. Record structure or page structure.
The file structure format (used by default) has no structure.
It is a continuous stream of bytes.
In the record structure, the file is divided into records.
This can be used only with text files.
In the page structure, the file is divided into pages, with each page having a page
number and a page header.
The pages can be stored and accessed randomly or sequentially.
3. Transmission Mode
FTP can transfer a file across the data connection using one of the following two
transmission modes:
a. Stream mode
b. Block mode or compressed mode.
a. Stream mode
The stream mode is the default mode where data are delivered from FTP to TCP
as a continuous stream of bytes.
b. Block mode or Compressed mode
In the block mode, data can be delivered from FTP to TCP in blocks. In this case,
each block is preceded by a 3-byte header.
The first byte is called the block descriptor and the next two bytes define the size
of the block in bytes.
File Transfer
File transfer occurs over the data connection under the control of the commands sent over the
control connection.
However, we should remember that file transfer in FTP means one of three things: retrieving
a file (server to client), storing a file (client to server), and directory listing (server to client).
1
9
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
To be secure, one can add a Secure Socket Layer between the FTP application layer and the
TCP layer.
In this case FTP is called SSL-FTP.
Electronic Mail:
E-mail is defined as the transmission of messages on the Internet.
It is one of the most commonly used features over communications networks that may
contain text, files, images, or other attachments.
Generally, it is information that is stored on a computer sent through a network to a specified
individual or group of individuals.
Email messages are conveyed through email servers; it uses multiple protocols within
the TCP/IP suite.
For example, SMTP is a protocol, stands for simple mail transfer protocol and used to send
messages.
Architecture:
The main components of e-mail system that facilitate sending and receiving of e-mail on
internet are:
An e-mail client
An e-mail server
Some protocols like SMTP (Simple Mail Transfer Protocol), POP (Post Office
Protocol), IMAP (Internet Massage Access Protocol)
Working:
For transferring an e-mail from one user to another, first the massage/mail goes to user agent
(UA) which provides services to make the process of sending and receiving the e-mail easy
on both ends then the message/mail is composed and sent to Message Transfer Agent (MTA).
It follows some protocols for travelling from one server to other over internet which are:
1. SMTP (Simple Mail Transfer Protocol),
2. POP (Post Office Protocol),
3. IMAP (Internet Massage Access Protocol)
And then the message/mail is received at another terminal by Massage Access Agent (MAA)
then the e-mail is further goes to User Agent (UA) which receives it and provides it to end
user.
User Agent
2
0
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
The first component of an electronic mail system is the user agent (UA).
It provides service to the user to make the process of sending and receiving a message easier.
A user agent is a software package (program) that composes, reads, replies to, and forwards
messages.
It also handles local mailboxes on the user computers.
There are two types of user agents:
1. Command-driven
2. GUI-based
1. Command Driven
A command-driven user agent normally accepts a one character
command from the keyboard to perform its task.
Some examples of command driven user agents are mail, pine, and elm.
2. GUI Based
Modern user agents are GUI-based.
They contain graphical user interface (GUI) components that allow the user to interact
with the software by using both the keyboard
and the mouse.
They have graphical components such as icons, menu bars, and windows that make
the services easy to access. Some examples of GUI-based user agents are Eudora and
Outlook.
Commands
Commands are sent from the client to the server. The format of a command
is shown below:
Keyword: argument(s)
It consists of a keyword followed by zero or more arguments. SMTP defines 14 commands,
listed in Following Table.
2
1
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Responses
Responses are sent from the server to the client.
A response is a three-digit code that may be followed by additional textual information.
Following Table shows the most common response types.
2
2
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
3. Connection Termination
After the message is transferred successfully, the client terminates
the connection.
2
3
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Working of MIME:
2
4
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Sender’s side:
Suppose sender wants to send an email to receiver through email system (SMTP) and it is in
a non-ASCII format so there is a MIME protocol which converts it into 7-bit NVT ASCII
format.
Message is transferred through e-mail system (SMTP) to the other side in 7-bit format.
Receiver’s side:
Before receiver receiving that ASCII format data, MIME protocol again converts it back into
non-ASCII code and now the receiver side reads it and then information is finally read by the
receiver.
MIME header is basically inserted at the beginning of any e-mail transfer.
MIME Header:
It is added to the original email header to define transformation.
There are 5 fields in the MIME header. They are
Header Meaning
It defines the MIME version.
MIMIE-Version
Current MIME version is 1.1
Content-Description It defines whether the body of message is actually
image, audio or video etc.
Content-ID It helps in uniquely identifying the message.
It tells what type of encoding method is used to
Content-Transfer-Encoding
encrypt and transfer the content.
It defines the type of data used in message like audio,
Content-Type
video etc.
Structure of MIME
2
5
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Wen-Based Mail:
Webmail is a cloud-based service or Web-based email system that allows you to access and
use your email from almost anywhere through an internet connection. Unlike Thunderbird or
Microsoft Outlook, it does not need software installation. It is a kind of service, which is
provided by certain companies and ISPs (Internet service providers).
These kinds of server-based email systems are more popular for younger users.
Some popular webmail services
In modern times, many webmail services are available for users, which are not software-
based.
Below, a list contains some the free webmail services.
Gmail
Gmail is a type of Webmail, a free Web-based e-mail service that allows users a
gigabyte of storage for messages or other data.
It is a very popular email service developed by Google.
There are 1.5 billion active users of Gmail by October 2019.
Yahoo! Mail
It is a web and cloud-based messaging solution that is launched by the American
company Yahoo! on 8 October 1997.
You can connect with your email with one-tap access to your inbox with the help of
Yahoo! Mail, and it had 225 million users by January 2020. You can use to create
Yahoo account by using this link https://overview.mail.yahoo.com/
Com
It is a free web-based e-mail service that allows you to send and receive e-mail on
your computer.
Somewhat, it is like Google's Gmail service but something different in terms of
linking desktop Outlook data.
Outlook has two types of versions: Microsoft Outlook and Microsoft Outlook
Express.
To create an Outlook account, you can use this link https://signup.live.com/?lic=1
Proton Mail
Unlike Gmail and Outlook.com., it uses client-side encryption to protect user data and
email content, which is founded in 2013.
To create a Proton Mail account, use this link https://protonmail.com/
Zoho
It holds a lot of potential for businesses, which is the first of the lesser-known free
email accounts for making a list.
It is an email service that very user-friendliness.
2
6
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
It provides an easier way to accomplish all of your daily tasks by integrating with
Google Drive, cloud-based file managers, Box.
GMX Mail
GMX Mail is a free advertising-supported email service that may be accessed via
POP3 and IMAP4 protocols as well as through webmail.
It is provided by GMX (Global Mail exchange) in Germany in 1997 that offers 65GB
of storage.
E-Mail Security
The protocol discussed in this chapter does not provide any security provisions per se.
However, e-mail exchanges can be secured using two application-layer securities designed in
particular for e-mail systems.
Two of these protocols, Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail
Extensions (S/MIME).
TELNET:
TELNET stands for TErminaL NETwork. It is a type of protocol that enables one
computer to connect to local computer.
It is a used as a standard TCP/IP protocol for virtual terminal service which is given
by ISO.
Computer which starts connection known as the local computer.
Computer which is being connected to i.e., which accepts the connection known as remote
computer.
When the connection is established between local and remote computer. During telnet
operation whatever that is being performed on the remote computer will be displayed by
local computer.
Telnet operates on client/server principle.
Local computer uses telnet client program and the remote computers uses telnet server
program.
2
7
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
2
8
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
NVT uses two sets of characters, one for data and one for control. Both are 8-bit bytes as
shown in above diagram.
For data, NVT normally uses what is called NVT ASCII.
This is an 8-bit character set in which the seven lowest order bits are the same as US ASCII
and the highest order bit is 0.
To send control characters between computers (from client to server or vice versa), NVT uses
an 8-bit character set in which the highest order bit is set to 1.
Components:
The components of SSH are:
1. SSH Transport Protocol (SSH-TRANS)
2. SSH Connection Protocol (SSH-CONN)
3. SSH Authentication Protocol (SSH-AUTH)
4. SSH Applications
2
9
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Applications:
Although SSH is often thought of as a replacement for TELNET, SSH is, in fact, a general-
purpose protocol that provides a secure connection between a client and server.
SSH for Remote Logging
Several free and commercial applications use SSH for remote logging. Among them, we can
mention PuTTy, by Simon Tatham, which is a client SSH program that can be used for
remote logging.
Another application program is Tectia, which can be used on several platforms.
SSH for File Transfer
One of the application programs that is built on top of SSH for file transfer is the Secure File
Transfer Program (SFTP).
The sftp application program uses one of the channels provided by the SSH to transfer files.
Another common application is called Secure Cop (SCP).
This application uses the same format as the UNIX copy command, cp, to copy files.
Port Forwarding
One of the interesting services provided by the SSH protocol is port forwarding.
We can use the secured channels available in SSH to access an application program that does
not provide security services.
Applications such as TELNET and Simple Mail Transfer Protocol (SMTP), which are
discussed above, can use the services of the SSH port forwarding mechanism.
The SSH port forwarding mechanism creates a tunnel through which the messages belonging
to other protocols can travel.
For this reason, this mechanism is sometimes referred to as SSH tunnelling.
3
0
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Name Space
A name space that maps each address to a unique name can be organized in
two ways:
1. Flat
2. Hierarchical
1. Flat
3
1
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
The tree can have only 128 levels: level 0 (root) to level 127 (see below diagram).
Label
Each node in the tree has a label, which is a string with a maximum of 63 characters.
The root label is a null string (empty string).
DNS requires that children of a node (nodes that branch from the same node) have different
labels, which guarantees the uniqueness of the domain names.
Domain Name
Each node in the tree has a domain name.
A full domain name is a sequence of labels separated by dots (.).
The domain names are always read from the node up to the root.
The last label is the label of the root (null).
This means that a full domain name always ends in a null label, which means the last
character is a dot because the null string is nothing.
Following diagram shows some domain names.
3
2
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Looking at the tree, we see that the first level in the generic domains section allows 14
possible labels.
These labels describe the organization types as listed in following Table.
3
3
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
2. Country Domains
The country domains section uses two-character country abbreviations (e.g., us for
United States).
Second labels can be organizational, or they can be more specific
national designations.
The United States, for example, uses state abbreviations as a subdivision of us (e.g.,
ca.us.).
Following diagram shows the country domains section.
The address uci.ca.us. can be translated to University of California, Irvine, in the state
of California in the United States.
Resolution
Mapping a name to an address is called name-address resolution.
DNS is designed as a client-server application.
A host that needs to map an address to a name or a name to an
address calls a DNS client called a resolver.
The resolver accesses the closest DNS server with a mapping request.
If the server has the information, it satisfies the resolver; otherwise, it either refers the
resolver to other servers or asks other servers to provide
the information.
After the resolver receives the mapping, it interprets the response to
see if it is a real resolution or an error, and finally delivers the result to the process that
requested it.
A resolution can be either
3
4
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
1. Recursive
2. Iterative
1. Recursive Resolution
Following diagram shows a simple example of a recursive resolution. We assume that
an application program running on a host named some.anet.com needs to find the IP
address of another host named engineering.mcgraw-hill.com to send a message to.
The source host is connected to the Anet ISP; the destination host is connected to the
McGraw-Hill network.
2. Iterative Resolution
In iterative resolution, each server that does not know the mapping sends the IP
address of the next server back to the one that requested it.
Following diagram shows the flow of information in an iterative resolution in the
same scenario.
Normally the iterative resolution takes place between two local servers.
The original resolver gets the final answer from the local server.
Note that the messages shown by events 2, 4, and 6 contain the same query. However,
the message shown by event 3 contains the IP address of the top-level domain server.
The message shown by event 5 contains the IP address of the McGraw-Hill local DNS
server, and the message shown by event 7 contains the IP address of the destination.
When the Anet local DNS server receives the IP address of the destination, it sends it
to the resolver (event 8).
Caching:
DNS caching allows any DNS server or client to locally store the DNS records and re-
use them in the future – eliminating the need for new DNS queries.
3
5
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
The Domain Name System implements a time-to-live (TTL) on every DNS record. TTL
specifies the number of seconds the record can be cached by a DNS client or server.
Resource Records:
The zone information associated with a server is implemented as a set of resource records.
In other words, a name server stores a database of resource records.
A resource record is a 5-tuple structure, as shown below:
The domain name field is what identifies the resource record.
The value defines the information kept about the domain name.
The TTL defines the number of seconds for which the information is valid.
The class defines the type of network.
We are only interested in the class IN (Internet).
The type defines how the value should be interpreted.
Following Table lists the common types and how the value is interpreted for each type.
DNS Messages:
To retrieve information about hosts, DNS uses two types of messages:
1. Query
2. Response.
Both types have the same format as shown in following diagram.
The identification field is used by the client to match the response with the query.
The flag field defines whether the message is a query or response.
It also includes status of error.
The next four fields in the header define the number of each record type in the message.
The question section consists of one or more question records.
It is present in both query and response messages.
3
6
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
Registrars:
How are new domains added to DNS?
This is done through a registrar, a commercial entity accredited by ICANN.
A registrar first verifies that the requested domain name is unique and then enters it into the
DNS database. A fee is charged.
Today, there are many registrars; their names and addresses can be found at
http://www.intenic.net
To register, the organization needs to give the name of its server and the IP address of the
server.
For example, a new commercial organization named wonderful with a
server named ws and IP address 200.200.200.5 needs to give the following information to
one of the registrars:
Domain name: ws.wonderful.com IP address: 200.200.200.5
Security of DNS:
DNS is one of the most important systems in the Internet infrastructure.
It provides crucial services to Internet users.
Applications such as Web access or e-mail are heavily dependent on the proper operation of
DNS.
DNS can be attacked in several ways including:
1. The attacker may read the response of a DNS server to find the nature or names of
sites the user mostly accesses.
This type of information can be used to find the user’s profile.
To prevent this attack, DNS messages need to be confidential.
3
7
COMPUTER NETWORKS JSS COLLEGE OF ARTS, COMMERECE AND SCIENCE
2. The attacker may intercept the response of a DNS server and change it or create a
totally new bogus response to direct the user to the site or domain the attacker wishes
the user to access.
This type of attack can be prevented using message origin authentication and message
integrity.
3. The attacker may flood the DNS server to overwhelm it or eventually crash it.
This type of attack can be prevented using the provision against denial-of-service
attack.
To protect DNS, IETF has devised a technology named DNS Security (DNSSEC) that
provides message origin authentication and message integrity using a security service called
digital signature (see Chapter 31).
DNSSEC, however, does not provide confidentiality for the DNS messages. There is no
specific protection against the denial-of-service attack in the specification of DNSSEC.
However, the caching system protects the upper-level servers against this attack to some
extent.
3
8