MODULE 5

Transport Layer and Application Layer

TRANSPORT LAYER

TRANSPORT LAYER SERVICES

TRANSPORT LAYER 1. Process-to-Process Communication
●
The first duty of a transport-layer protocol is to provide process-to-process
●
Transport layer is responsible for process-to-process delivery communication.
●
Transport layer protocols: TCP, UDP, SCTP ●
A process is an application-layer entity (running program) that uses the
●
A transport layer protocol can be either connectionless or connection-oriented. services of the transport layer.
●
In the transport layer, a message is normally divided into transmittable segments. ●
A network-layer protocol can deliver the message only to the destination
●
FUNCTIONS OF TRANSPORT LAYER computer. However, this is an incomplete delivery.
– Process to process communication ●
The message still needs to be handed to the correct process. This is where a
– Port addressing transport-layer protocol takes over.
– Reliable delivery ●
A transport-layer protocol is responsible for delivery of the message to the
– Flow control & error control appropriate process.
2. Addressing: Port Numbers Socket Addresses
●
For communication, we must define the local host, local process, remote host, and remote ●
A transport-layer protocol in the TCP suite needs both the IP address and the
process. port number, at each end, to make a connection.
●
The local host and the remote host are defined using IP addresses
●
The combination of an IP address and a port number is called a socket address.
●
To define the processes, we need second identifiers, called port numbers.
●
In the TCP/IP protocol suite, the port numbers are integers between 0 and 65,535 (16 bits). ●
The client socket address defines the client process uniquely just as the server
●
TCP/IP has decided to use universal port numbers for servers; these are called well-known port
socket address defines the server process uniquely.
numbers.
●
Every client process knows the well-known port number of the corresponding server process
●
Internet Corporation for Assigned Names and Numbers (ICANN) divided the port numbers
into three ranges
– Well-known ports - The ports ranging from 0 to 1,023 are assigned and controlled by ICANN. These are
the well-known ports.
– Registered ports - The ports ranging from 1,024 to 49,151 are not assigned or controlled by ICANN.
They can only be registered with ICANN to prevent duplication.
– Dynamic ports - The ports ranging from 49,152 to 65,535 are neither controlled nor registered. They can
be used as temporary or private port numbers.

3. Encapsulation and Decapsulation

●
Encapsulation happens at the sender site.
4. Flow Control
●
When a process has a message to send, it passes the message to the transport layer along with a pair of
socket addresses and some other pieces of information, which depend on the transport-layer protocol.
●
Delivery of items from a producer to a consumer can occur in one of two ways:
●
The transport layer receives the data and adds the transport-layer header. pushing or pulling
●
The packets at the transport layers in the Internet are called user datagrams, segments, or packets, ●
If the sender delivers items whenever they are produced without a prior request from
depending on what transport-layer protocol we use. the consumer, the delivery is referred to as pushing.
●
Decapsulation happens at the receiver site. ●
If the producer delivers the items after the consumer has requested them, the delivery
●
When the message arrives at the destination transport layer, the header is dropped and the transport is referred to as pulling.
layer delivers the message to the process running at the application layer.
●
When the producer pushes the items, the consumer may be overwhelmed and there is
●
The sender socket address is passed to the process in case it needs to respond to the message received.
a need for flow control, in the opposite direction, to prevent discarding of the items.
●
Although flow control can be implemented in several ways, one of the solutions is 5. Error Control
normally to use two buffers: one at the sending transport layer and the other at the
receiving transport layer.
●
Error control at the transport layer is responsible for
●
A buffer is a set of memory locations that can hold packets at the sender and receiver.
– 1. Detecting and discarding corrupted packets.
●
When the buffer of the sending transport layer is full, it informs the application layer to
– 2. Keeping track of lost and discarded packets and resending them.
stop passing chunks of messages. – 3. Recognizing duplicate packets and discarding them.
●
When the buffer of the receiving transport layer is full, it informs the sending transport – 4. Buffering out-of-order packets until the missing packets arrive.
layer to stop sending packets.
●
When there are some vacancies, it informs the sending transport layer that it can send
packets again.

Acknowledgment 6. Sequence Numbering

– We can use both positive and negative signals as error control. ●
Error control requires that the sending transport layer knows which
– positive signals are more common at the transport layer. packet is to be resent and the receiving transport layer knows which
– The receiver side can send an acknowledgment (ACK) for each of a collection of packet is a duplicate, or which packet has arrived out of order.
packets that have arrived safe and sound. ●
This can be done if the packets are numbered. We can add a field to the
– The receiver can simply discard the corrupted packets. transport-layer packet to hold the sequence number of the packet.
●
The sender can detect lost packets if it uses a timer. ●
When a packet is corrupted or lost, the receiving transport layer can
somehow inform the sending transport layer to resend that packet using
●
When a packet is sent, the sender starts a timer.
the sequence number.
●
If an ACK does not arrive before the timer expires, the sender resends the ●
The receiving transport layer can also detect duplicate packets if two
packet. received packets have the same sequence number.
●
Duplicate packets can be silently discarded by the receiver. ●
The out-of-order packets can be recognized by observing gaps in the
●
Out-of- order packets can be either discarded (to be treated as lost packets sequence numbers.
by the sender), or stored until the missing ones arrives.
7. Connectionless and Connection-Oriented Services
●
In a connectionless service, the source process (application program) needs to
divide its message into chunks of data of the size acceptable by the transport layer
and deliver them to the transport layer one by one.
●
The transport layer treats each chunk as a single unit without any relation between
the chunks.
●
When a chunk arrives from the application layer, the transport layer encapsulates it
in a packet and sends it.
●
However, since there is no dependency between the packets at the transport layer,
the packets may arrive out of order at the destination and will be delivered out of
order to the server process.
●
We can say that no flow control, error control, or congestion control can be
effectively implemented in a connectionless service.

Transport Service Primitives

●
Transport Service Primitives allow transport users (application programs)
to access the transport service.
●
The following are the primitives for a simple transport service
 USER DATAGRAM PROTOCOL (UDP)
Service primitive example ●
The User Datagram Protocol (UDP) is a connectionless, unreliable transport protocol.
●
Eg: Consider an application with a server and a number of remote clients.
●
UDP is a very simple protocol using a minimum of overhead.
●
1. The server executes a “LISTEN” primitive by calling a library procedure that makes a System call to block
●
If a process wants to send a small message and does not care much about reliability, it can use UDP.
the server until a client turns up.
●
Sending a small message using UDP takes much less interaction between the sender and receiver than
●
2. When a client wants to talk to the server, it executes a “CONNECT” primitive, with “CONNECTION using TCP.
REQUEST” TPDU sent to the server. ● UDP packets, called user datagrams, have a fixed-size header of 8 bytes made of four fields, each of 2
●
3. When it arrives, the TE unblocks the server and sends a “CONNECTION ACCEPTED” TPDU back to the bytes (16 bits).

client. ●
The first two fields define the source and destination port numbers. The third field defines the total length
of the user datagram, header plus data.
●
4. When it arrives, the client is unblocked and the connection is established. Data can now be exchanged using
“SEND” and “RECEIVE” primitives.
●
5. When a connection is no longer needed, it must be released to free up table space within the 2 transport
entries, which is done with “DISCONNECT” primitive by sending “DISCONNECTION REQUEST” TPDU.
●
This disconnection can b done either by asymmetric variant (connection is released, depending on other one) or
by symmetric variant (connection is released, independent of other one).

UDP Services
●
Source port (16 bits) : It defines the port number of the application ●
Process-to-Process Communication
program in the sender host – UDP provides process-to-process communication using socket addresses, a
combination of IP addresses and port numbers
●
Destination port (16 bits): it defines the port number of the
application program in the receiver host
●
Connectionless Services
– UDP provides a connectionless service. This means that each user datagram sent
●
UDP length : Specifies the length of entire UDP packet. It includes by UDP is an independent datagram.
length of header information and data – There is no relationship between the different user datagrams even if they are
●
UDP checksum : Used for error control. coming from the same source process and going to the same destination program.
– The user datagrams are not numbered. There is no connection establishment and
– A checksum is used to verify that end to end data has not been corrupted.
no connection termination. This means that each user datagram can travel on a
different path.
●
Flow Control
– UDP is a very simple protocol. There is no flow control, and hence no window
mechanism. The receiver may overflow with incoming messages.
●
Congestion Control User Datagram Protocol (UDP) is used in many applications, including:
– Since UDP is a connectionless protocol, it does not provide congestion control. ●
Voice over Internet Protocol (VoIP) : UDP is used in VoIP applications because
– UDP assumes that the packets sent are small and sporadic and cannot create congestion in the
network. This assumption may or may not be true today, when UDP is used for interactive real-
it's better to hear what someone said relatively soon than wait for a clear
time transfer of audio and video. transmission. Eg: voice call and video call over internet
●
Error Control ●
Online gaming : UDP is used in online gaming because it's better to experience
– There is no error control mechanism in UDP except for the checksum. some video or sound issues for a few moments than wait for a clear transmission
– This means that the sender does not know if a message has been lost or duplicated. and risk losing the game.
– When the receiver detects an error through the checksum, the user datagram is silently discarded ●
Domain Name Systems (DNS) : UDP is used in DNS because DNS servers need
●
Multiplexing and Demultiplexing to be fast and efficient. When a user enters a URL in their web browser, the DNS
– In a host running a TCP/IP protocol suite, there is only one UDP but possibly several processes protocol uses UDP to fetch websites for users quickly.
that may want to use the services of UDP.
●
Real-time multimedia streaming : UDP is used in real-time multimedia streaming
– To handle this situation, UDP multiplexes and demultiplexes.
because speed and simplicity are more important than reliability. Eg: live
●
Encapsulation and Decapsulation streaming of sports
– To send a message from one process to another, the UDP protocol encapsulates and decapsulates
messages. UDP is often used in applications where speed and simplicity are more important
than reliability

Advantages of UDP
Disadvantages of UDP
●
Speed: UDP is faster than TCP because it does not have the overhead of
establishing a connection and ensuring reliable data delivery. ●
No reliability: UDP does not guarantee delivery of packets or order of delivery,
which can lead to missing or duplicate data.
●
Lower latency: Since there is no connection establishment, there is lower ●
No congestion control: UDP does not have congestion control, which means that it
latency and faster response time. can send packets at a rate that can cause network congestion.
●
Simplicity: UDP has a simpler protocol design than TCP, making it ●
Limited use cases: UDP is not suitable for applications that require reliable data
easier to implement and manage. delivery, such as email or file transfers, and is better suited for applications that can
tolerate some data loss, such as video streaming or online gaming.
●
Broadcast support: UDP supports broadcasting to multiple recipients,
making it useful for applications such as video streaming and online ●
No guaranteed ordering of packets while delivering.
gaming. ●
Not suitable for critical data : Not ideal for transferring important data where
accuracy and completeness matters, such as financial transactions
●
UDP uses smaller packet sizes than TCP, which can reduce network ●
Vulnerable to attacks: UDP is vulnerable to denial-of-service attacks , where an
congestion and improve overall network performance. attacker can flood a network with UDP packets, overwhelming the network and
User Datagram Protocol (UDP) is more efficient in terms of both latency causing it to crash.
and bandwidth.
 TCP Services
●
Process-to-Process Communication
TRANSMISSION CONTROL PROTOCOL (TCP) – As with UDP, TCP provides process-to-process communication using port numbers
●
Stream Delivery Service
●
TCP is a connection-oriented, reliable protocol. – TCP is a stream-oriented protocol. It allows the sending process to deliver data as a stream of bytes and
allows the receiving process to obtain data as a stream of bytes.
●
TCP explicitly defines connection establishment, data transfer, and – TCP creates an environment in which the two processes seem to be connected by an imaginary “tube” that
carries their bytes across the Internet.
connection teardown phases to provide a connection-oriented – The sending process produces (writes to) the stream and the receiving process consumes (reads from) it.
service.
●
TCP uses checksum (for error detection), retransmission of lost or
corrupted packets, cumulative and selective acknowledgments, and
timers.
●
TCP is the most common transport-layer protocol in the Internet. – Sending and Receiving Buffers : Because the sending and the receiving processes may not necessarily write
or read data at the same rate, TCP needs buffers for storage.
– There are two buffers, the sending buffer and the receiving buffer, one for each direction. One way to implement a buffer is to use a circular
array.
– Segments - At the transport layer, TCP groups a number of bytes together into a packet called a segment.

●
Full-Duplex Communication
– TCP offers full-duplex service, where data can flow in both directions at the same time. Each
TCP endpoint then has its own sending and receiving buffer, and segments move in both
TCP SEGMENT
directions. ●
A packet in TCP is called a segment
●
Multiplexing and Demultiplexing
– Like UDP, TCP performs multiplexing at the sender and demultiplexing at the receiver.
However, since TCP is a connection- oriented protocol, a connection needs to be established for
each pair of processes
●
Connection-Oriented Service
– TCP, unlike UDP, is a connection-oriented protocol. When a process at site A wants to send to
and receive data from another process at site B, the following three phases occur:
●
1. The two TCP’s establish a logical connection between them.
●
2. Data are exchanged in both directions.
●
3. The connection is terminated
– Note that this is a logical connection, not a physical connection
●
Reliable Service
●
TCP is a reliable transport protocol. It uses an acknowledgment mechanism to check
the safe and sound arrival of data.
 ●
Source port address- This is a 16-bit field that defines the port number of the
application program in the host that is sending the segment.
●
Destination port address - This is a 16-bit field that defines the port number of ●
Acknowledgment number - This 32-bit field defines the byte number that the
the application program in the host that is receiving the segment. receiver of the segment is expecting to receive from the other party.
– If the receiver of the segment has successfully received byte number x from the other
●
Sequence number - This 32-bit field defines the number assigned to the first party, it returns x + 1 as the acknowledgment number.
byte of data contained in this segment. During connection establishment each – When the above segment is received at the receiver side, it sends 10000+1=10001 as ack
party uses a random number generator to create an initial sequence number number.
(ISN).
– Now, the receiver will expect a segment with 10001 segment number.
– In transport layer, data is transmitted in the form of segments(collection of ●
Header length - This 4-bit field indicates the number of 4-byte words in the TCP
bytes).
header. The length of the header can be between 20 and 60 bytes. HLEN ranges
– Eg : let segment be [9001-10000]. segment number of this segment is from 5 to 15 in binary notation.
number assigned to the first byte of that segment.ie, 9001. ●
Reserved bits : For future purpose
●
Window size - This field defines the window size of the sending TCP in bytes.
Note that the length of this field is 16 bits

●
Control - This field defines 6 different control bits or flags TCP CONNECTION
●
In TCP, connection-oriented transmission requires three phases:
– Connection establishment, data transfer, and connection termination
1. Connection Establishment
• TCP transmits data in full-duplex mode. When two TCPs in two machines are connected,
they are able to send segments to each other simultaneously
eg : SYN flag is set to 1 means, it wishes to establish a connection.
– ACK flag is set to 1 means, It wishes to send an ACK.
●
Three-Way Handshaking
– PSH set to 1 means sending data to receiver. – The connection establishment in TCP is called three-way handshaking
– URG set to 1 means segment contains some urgent data. So, that segment need to be handled urgently. – The process starts with the server. The server program tells its TCP that it is ready to
– RST set to 1 means if there is any issue in the connection made, then connection will be reset accept a connection. This request is called a passive open.
●
Checksum - This 16-bit field contains the checksum. The calculation of the checksum for – Now the server TCP is ready to accept a connection from any machine in the world.
TCP follows the same procedure as the one described for UDP.
●
Urgent pointer - This 16-bit field, which is valid only if the urgent flag is set, is used when
– The client program issues a request for an active open. A client that wishes to connect
the segment contains urgent data. to an open server tells its TCP to connect to a particular server. TCP can now start the
– It specifies the byte address of urgent data.
three-way handshaking process.
STEP 1 STEP 2
– The client sends the first segment (SYN segment) in which only the SYN flag is ●
The server sends the second segment, a SYN + ACK segment with two flag bits set as:
set. This segment is for synchronization of sequence Numbers. SYN and ACK. This segment has a dual purpose.
– The client chooses a random number as the first sequence number and sends
●
First, it is a SYN segment for communication in the other direction.
this number to the server. This sequence number is called the initial sequence ●
The server uses this segment to initialize a sequence number for numbering the bytes
number (ISN). sent from the server to the client.
– Note that the SYN segment is a control segment and carries no data. However, ●
The server also acknowledges the receipt of the SYN segment from the client by
it consumes one sequence number because it needs to be acknowledged. setting the ACK flag and displaying the next sequence number it expects to receive
from the client.
– A SYN segment cannot carry data, but it consumes one sequence number.
●
A SYN + ACK segment cannot carry data, but it does consume one sequence number.
STEP 3
●
The client sends the third segment. This is just an ACK segment.
●
It acknowledges the receipt of the second segment with the ACK flag and
acknowledgment number field.

Connection establishment using 3 way handshaking:summary

●
Step 1 (SYN): In the first step, the client wants to establish a connection with a server, so it sends a segment with
SYN(Synchronize Sequence Number) which informs the server that the client is likely to start communication and
with what sequence number it starts segments with
●
Step 2 (SYN + ACK): Server responds to the client request with SYN-ACK signal bits set.
Acknowledgement(ACK) signifies the response of the segment it received and SYN signifies with what sequence
number it is likely to start the segments with.
●
Step 3 (ACK): In the final part, client acknowledges the response of the server and they both establish a reliable
connection with which they will start the actual data transfer
2. Data Transfer
– After connection is established, bidirectional data transfer can take place.
– The client and server can send data and acknowledgments in both directions.
●
Pushing Data
– The sending TCP uses a buffer to store the stream of data coming from the sending 3. Connection Termination
application program. The sending TCP can select the segment size.
– The receiving TCP also buffers the data when they arrive and delivers them to the application ●
Either of the two parties involved in exchanging
program when the application program is ready or when it is convenient for the receiving
TCP. data (client or server) can close the connection,
– This type of flexibility increases the efficiency of TCP. although it is usually initiated by the client.
●
Urgent Data
– There are occasions in which an application program needs to send urgent bytes, some bytes
that need to be treated in a special way by the application at the other end.
– The solution is to send a segment with the URG bit set.
– The sending application program tells the sending TCP that the piece of data is urgent.
– The sending TCP creates a segment and inserts the urgent data at the beginning of the
segment. The rest of the segment can contain normal data from the buffer.

Real-Life Examples of TCP :

Features of TCP/IP Text Communication –
●
Some of the most prominent features of Transmission control protocol are mentioned below. ●
We all are aware of the importance of Text Communication in the present times. Any discrepancy in texting between
●
Segment Numbering System: TCP keeps track of the segments being transmitted or received by sender and receiver cannot be tolerated. Hence TCP is used in Text Communication due to its reliable transmission,
error control, and in order receiving of the data.
assigning numbers to each and every single one of them. A specific Byte Number is assigned to data
bytes that are to be transferred while segments are assigned sequence numbers. Acknowledgment ●
Example : Whatsapp, Instagram, Google Chat,iMessage.
Numbers are assigned to received segments. Transfer of files or FTP –
●
Connection Oriented: It means sender and receiver are connected to each other till the completion of ●
TCP is used in File transfer when we cannot tolerate the loss of data and receiving the data incorrect order is of
the process. The order of the data is maintained i.e. order remains same before and after transmission. utmost importance. FTP uses two TCP connections i.e control connection and data connection.
●
Control Connection : FTP sends information like user identification and passwords.
●
Full Duplex: In TCP data can be transmitted from receiver to the sender or vice – versa at the same
time. It increases efficiency of data flow between sender and receiver. ●
Data Connection: In this connection, files are sent over the network.
●
Ex : FileZilla Client and Server
●
Flow Control: Flow control limits the rate at which a sender transfers data. This is done to ensure
reliable delivery. The receiver continually hints to the sender on how much data can be received HyperText Transfer Protocol (HTTP) –
(using a sliding window). ●
It is used to access the data present on the World Wide Web. It uses TCP protocol for accessing the web pages present
on the internet due to the fact that TCP provides inorder data, error control and flow control, and retransmission of
●
Error Control: TCP implements an error control mechanism for reliable data transfer. Error control is data segments.
byte-oriented. Segments are checked for error detection. Error Control includes – Corrupted Segment
Simple Mail Transfer Protocol(SMTP)
& Lost Segment Management, Out-of-order segments, Duplicate segments, etc.
●
It is an application layer protocol that is used to send Emails from one system to another. SMTP uses the services of
●
Congestion Control: TCP takes into account the level of congestion in the network. Congestion level TCP to start a connection with the SMTP server. Once the SMTP server accepts the connection request, it allows the
is determined by the amount of data sent by a sender. sender to send the mails.
●
Ex: Yahoo, Gmail, Outlook, etc
Advantages of TCP TCP vs UDP
●
It is a reliable protocol.
●
It provides an error-checking mechanism as well as one for recovery.
●
It gives flow control.
●
It makes sure that the data reaches the proper destination in the exact order that it was sent.
●
It works in conjunction with IP (Internet Protocol) to establish connections between devices on a
network.
Disadvantages of TCP
●
TCP is slower than UDP especially at the beginning of a file transfer.TCP’s congestion control
can also slow down data transfer to avoid n/w congestion
●
Additional expense to create and maintain connections since it is a connection oriented protocol.
●
TCP’s use of ACKs and retransmissions can add latency which can affect real-time applications
●
Not suited for data transfers that require faster speed.
●
TCP uses more bandwidth than UDP, especially when establishing a connection,sending ACKs
and retransmitting data.

TCP Connection management modelling

 TCP congestion control
●
Congestion control refers to techniques and mechanisms that can-
– Either prevent congestion before it happens
– Or remove congestion after it has happened
●
TCP uses a congestion window(cwnd) in the sender side to do congestion
avoidance
●
The congestion window indicates the maximum amount of data that can be sent
out on a connection with out being acknowledged.
●
TCP detects congestion when it fails to receive an acknowledgement within the
estimated time out.
●
In such situation it decreases the congestion window to one maximum segment
size.
 1. Slow Start Phase : exponential increment
Congestion Control in TCP ●
In Slow-start phase, TCP increases the congestion window each time an acknowledgement is received, by
number of packets acknowledged.
●
This strategy effectively doubles the TCP congestion window for every round trip time (RTT)
●
Congestion in TCP is handled by using these three phases: ●
In this phase after every RTT, the congestion window size increments exponentially.
●
This phase continues until the timeout occurs or congestion window size reaches the slow start threshold.
(1) Slow Start – Slow start Threshold (ssthresh) is the maximum number of TCP segments that receiver window can
accommodate / 2
(2) Congestion Avoidance (Additive Increase )
(3) Congestion Detection (Multiplicative Decrease)
- Phase 2 & 3 combinely known as AIMD technique (Additive
Increase Multiplicative Decrease)

Packets in transit during additive increase

2. Congestion Avoidance

●
To avoid congestion before it happens, it is necessary to slow down the exponential
growth.
●
The congestion avoidance algo works with additive increase instead of exponential
growth.
●
After cwnd exceeds the ssthresh size, the TCP Congestion control mechanism enters
the congestion avoidance phase
●
In this phase, Sender increases the congestion window size linearly to avoid the
congestion.
●
On receiving each acknowledgement, sender increments the congestion window size
by 1 and the technique is known as Additive increase.
●
This phase continues until the congestion window size becomes equal to the receiver
window size.
 3. Congestion Detection Phase Case-02: Detection On Receiving 3 Duplicate Acknowledgements-
• If congestions occurs, it is required to decrease the congestion window size. • If three ACKs are received, there is a weaker possibility of congestion; a segment may
• There are 2 cases: have been dropped, but some segments after that may have arrived safely since three
ACKs are received.
– In both cases, the threshold size can be dropped to half of the previous window • This is called fast transmission and fast recovery.
size.
• Sender receives 3 duplicate acknowledgements for a segment.
• Case-01: Detection On Time Out • This case suggests the weaker possibility of congestion in the network.
• In this, the timer time-out expires even before receiving acknowledgment for a • There are chances that a segment has been dropped but few segments sent later
segment. may have reached.
• In this case, sender sets the slow start threshold to half of the current congestion
window size. • In this case, sender reacts by-
• Each time a timeout occurs, the source sets Congestion Window to half of its • Setting the slow start threshold to half of the current congestion window size.
previous value. • Decreasing the congestion window size to slow start threshold.
• Resuming the congestion avoidance phase.

56
 FILE TRANSFER PROTOCOL
●
It is an application layer protocol
●
Used for transferring a file from one host to another
●
FTP uses the services of TCP
●
To transfer a file, FTP uses two TCP connections in parallel :
– 1. Control connection : for control information (commands and responses)
APPLICATION LAYER – 2. Data connection : Used for data transfer
●
Separation of commands and data transfer makes FTP more efficient.
●
FTP uses two well known TCP ports :
– 1. Port 21 is used for control connection.
– 2. Port 20 is used for data connection
FTP transfer files using any of the following modes:
●
Stream Mode: It is the default mode.
– In stream mode, the data is transferred from FTP to TCP in stream bytes. Here
TCP is the cause for fragmenting data into small segments. FTP Data Types
– The connection is automatically closed if the transforming data is in the stream
●
The data type of a file, which determines how the file is represented overall, is the first piece
of information that can be provided about it. The FTP standard specifies the following four
bytes. Otherwise, the sender will close the connection.
categories of data:
●
Block Mode: In block mode, the data is transferred from FTP to TCP in the form of – ASCII: Describes an ASCII text file in which each line is indicated by the previously mentioned type
blocks, and each block followed by a 3-byte header. of end-of-line marker.
– EBCDIC: For files that use IBM’s EBCDIC character set, this type is conceptually identical to ASCII.
– The first byte of the block contains the information about the block so it is – Image: This is the “black box” mode I described earlier; the file has no formal internal structure and is
known as the description block and the other two bytes contain the size of the transferred one byte at a time without any processing.
block. – Local: Files containing data in logical bytes with a bit count other than eight can be handled by this
data type.
●
Compressed Mode: This mode is used to transfer big files.
– As we know that, due to the size limit we can not transfer big files on the
internet, so the compressed mode is used to decrease the size of the file into
small and send it on the internet.

FTP Commands : For more commands refer How FTP works?

https://www.javatpoint.com/ftp-commands ●
FTP works on a client-server model.
●
The FTP client is a program that runs on the user’s computer to enable the user to
talk to and get files from remote computers.
●
FTP client contacts FTP server at port 21 specifying TCP as transport protocol.
●
As user logins using User ID and password, Client obtain authorization over control
connection.
●
Client browse remote directory by sending commands over control connection.
●
When server receives a command for a file transfer (get), the server open a TCP
‘data connection’ to client.
●
After transferring one file, server closes data connection.
●
Server opens a second TCP data connection to transfer another file.
●
Control connection remains open throughout the FTP session.
Applications of FTP
●
The following are the applications of FTP: Disadvantages
●
FTP connection is used by different big business organizations for transferring files in between them, like sharing files to ●
Less security: FTP does not provide an encryption facility when transferring files.
other employees working at different locations or different branches of the organization.
●
FTP connection is used by IT companies to provide backup files at disaster recovery sites.
– Moreover, the username and passwords are in plain text and not a combination of symbols,
digits, and alphabets, which makes it easier to be attacked by hackers.
●
Financial services use FTP connections to securely transfer financial documents to the respective company, organization,
or government. – So, it is quite possible that attackers can carry out the brute force attack by trying to guess
●
Employees use FTP connections to share any data with their co-workers. the FTP password.
Advantages ●
Old technology: FTP is one of the oldest protocols and thus it uses multiple
●
Multiple transfers: FTP helps to transfer multiple large files in between the systems. TCP/IP connections to transfer files.
●
Efficiency: FTP helps to organize files in an efficient manner and transfer them efficiently over the network. – These connections are hindered by firewalls.
●
Security: FTP provides access to any user only through user ID and password. Moreover, the server can create multiple
levels of access. ●
Virus: The FTP connection is difficult to be scanned for viruses, which again
●
Continuous transfer: If the transfer of the file is interrupted by any means, then the user can resume the file transfer increases the risk of vulnerability.
whenever the connection is established. ●
Limited: The FTP provides very limited user permission and mobile device access.
●
Simple: FTP is very simple to implement and use, thus it is a widely used connection.
●
Speed: It is the fastest way to transfer files from one computer to another.
●
Memory and programming: FTP requires more memory and programming efforts,
●
Back & forth movement: FTP allows us to transfer the files back and forth. Suppose you are a manager of the company, as it is very difficult to find errors without the commands.
you send some information to all the employees, and they all send information back on the same server

Distribution of Name space

Domain Name System ●
Information contained in domain name space must be stored.
●
However it is very inefficient and unreliable to have just one computer store
●
The Domain Name System (DNS) is like the internet’s phone book.
such a huge amount of information.
●
It helps you find websites by translating easy-to-remember names (like www.example.com) into the
numerical IP addresses (like 192.0.2.1) that computers use to locate each other on the internet. ●
The solution to these problems is to distribute the information among many
●
Without DNS, you would have to remember long strings of numbers to visit your favorite websites. computers called DNS servers
What is the Need for DNS?
●
Every host is identified by the IP address but remembering numbers is very difficult for people also
the IP addresses are not static therefore a mapping is required to change the domain name to the IP
address.
●
So DNS is used to convert the domain name of the websites to their
numerical IP address.
 Root server
DNS servers
●
Let the root stand alone and create as many domains(subtree) as there are
first-level nodes.
●
DNS allows domains to be divided further into smaller domains(subdomains)
●
Each server can be responsible (authoritative) for either a large or a small
domain.
●
Ie, we have a hierarchy of servers in the same way that we have a hierarchy
of names.
●
Zone : what a server is responsible for or has authority over is called a Zone

●
In the Internet, the domain name space (tree) is divided into 3 different sections
1) Generic domain
2) Country domain
3) Inverse domain
 Inverse domain
●
It is used to map an address to a name.

Resolution Mapping name to address

●
Most of the time, the resolver gives a domain name to the server and asks for
the corresponding address.
●
In this case, the server checks the generic domains or the country domains to
find the mappings
●
If the domain name is from generic domain section, the resolver receives a
domain name such as ‘chal.atc.jhda.edu’.
●
The query is sent by the resolver to the local DNS server for resolution.
●
If the local server cant resolve the query, it either refers the resolver to
another servers or ask other servers directly.
●
If the domain name is from other country domain section, the resolver
resolves a domain name such as ‘ch.jhda.cu.ca.us’. The procedure is the
same.
Mapping address to name
Resolution
●
A client can send an IP address to a server to be mapped to a domain 1. Recursive resolution
name. ●
The client(resolver) can ask for a recursive answer from a name server.
●
To answer this types of queries, DNS uses inverse domain. ●
This means that the resolver expects the name server to supply the final answer.
●
However in the request, the IP address is reversed and the two labels, ●
If the server is the authority for the domain name, it checks its database and
in-addr and arpa are appended to create a domain acceptable by the responds.
inverse domain section ●
If the server is not the authority, it sends the request to another server (the parent
●
Eg: if the resolver receives the IP address 132.34.45.121 , the resolver usually) and waits for the response.
first inverts the address and then adds the two labels before sending ●
If the parent is the authority, it responds.otherwise it sends the query to yet another
server.
●
The domain name sent is ‘121.45.34.132.in-addr.arpa’ which is ●
When the query is finally resolved, the response travels back until it finally
received by local DNS server and resolved reaches the requesting client.
●
This is called recursive resolution

2. Iterative resolution
●
If the client doesnt ask for a recursive answer, the mapping can be done
iteratively
●
If the server is the authority for the name, it sends an answer.
●
If it is not , it returns to the client, the IP address of the server that it thinks can
resolve the query.
●
The client is responsible for repeating the query to this second server.
●
If the newly addressed server can resolve the problem, it answers the query with
the IP address
●
Otherwise it returns the IP address of a new server to the client.
●
Now the client must repeat the query to the third server.
●
This process is called iterative resolution because the client repeats the same
query to multiple servers.
 DNS messages
●
DNS allows you to interact with devices on the Internet without having to remember
long strings of numbers.
●
Changing of information between client and server is carried out by two types of
DNS messages:
– Query message
– Response message.

●
In the figure above, the client queries 4 servers before it gets
answer from mcgraw.com

2. Flags:
Dns message header format ●
QR (query/response): It is a 1-bit subfield. If its value is 0, the message is of request type and if its
value is 1, the message is of response type.
●
opcode: It is a 4-bit subfield that defines the type of query carried by a message. This field value is
repeated in the response. Following is the list of opcode values with a brief description:

– If the value of the opcode subfield is 0 then it is a standard query.

– The value 1 corresponds to an inverse of query that implies finding the domain name from the IP Address.
– The value 2 refers to the server status request. The value 3 specifies the status reserved and therefore not used.
1. Identification: The identification field is made up of 16 bits which are used to match ●
AA: It is an Authoritative Answer. It is a 1-bit subfield that specifies the server is authoritative if the
the response with the request sent from the client-side. value is 1 otherwise it is non-authoritative for a 0 value.
– The client uses a different identification number each time it sends a query. ●
TC: It is Truncation. This is a 1-bit subfield that specifies if the length of the message exceeds the
allowed length of 512 bytes, the message is truncated when using UDP services.
●
RD: It is Recursion Desired. It is a 1-bit subfield that specifies if the value is set to 1 in the query
message then the server needs to answer the query recursively. Its value is copied to the response
message.
 ●
3.Number of Questions- It is a 16-bit field to specify the count of questions in the
●
RA: It is Recursion Available. It is a 1-bit subfield that specifies the availability Question Section of the message.
of recursive response if the value is set to 1 in the response message. – It is present in both query and response messages.
●
Zero: It is a 3-bit reserved subfield set to 0. ●
4. A number of answer RRs- It is a 16-bit field that specifies the count of answer records
in the Answer section of the message.
●
rCode: It stands for Response Code. It is a 4-bit subfield used to denote
– This section has a value of 0 in query messages. The server answers the query received from the
whether the query was answered successfully or not. If not answered client.
successfully then the status of error is provided in the response. Following is – It is available only in response messages.
the list of values with their error status – ●
5. A number of authority RRs- It is a 16-bit field that gives the count of the resource
– The value 0 of rcode indicates no error. records in the Authoritative section of the message.
– A value of 1 indicates that there is a problem with the format specification. – This section has a value of 0 in query messages.
– Value 2 indicates server failure. – It is available only in response messages.
– Value 3 refers to the Name Error that implies the name given by the query does not – It gives information that comprises domain names about one or more authoritative servers.
exist in the domain. ●
6. A number of additional RRs– It is a 16-bit field that holds additional records to keep
– Value of 4 indicates that the request type is not supported by the server. additional information to help the resolver.
– The value 5 refers to the nonexecution of queries by the server due to policy reasons. – This section has a value of 0 in query messages.
– It is available only in response messages.

DNS Attacks
1. DNS hijacking
●
DNS hijacking involves unauthorised redirection of DNS queries to malicious sites.
●
Attackers manipulate DNS records to redirect users to fraudulent websites, which can lead to data theft
or the spread of malware.
●
This can occur through various methods, such as compromising DNS servers or through man-in-the-
middle attacks where the attacker intercepts and alters DNS queries.

2. DNS flood attack

●
A DNS flood attack is a type of denial-of-service attack where the attacker sends many DNS requests to
a target server with the intent to overwhelm it and cause a denial of service.
●
This can prevent legitimate users from accessing services provided by the targeted DNS server.
 4. DNS tunneling
●
DNS tunnelling is a method where attackers encapsulate the data of other
programs or protocols within DNS queries and responses.
●
This technique can be used for command and control (C2) communications, data
3. DNS cache poisoning attack exfiltration, or to bypass network security measures, as DNS traffic is often not
scrutinised as closely as web or email traffic.
●
DNS cache poisoning involves injecting false DNS data into a DNS resolver's cache, causing the
resolver to return an incorrect IP address for a domain.
●
This can redirect users to malicious sites without their knowledge.
●
The attack exploits vulnerabilities in the DNS system to replace legitimate IP addresses with those
controlled by the attacker.

EMAIL USER AGENT (UA)

●
Email is an electronic way to send or retrieve personal or business-related messages, ●
UA is a program that accepts a variety of commands for composing, receiving and
including text and pictures. replying to messages, as well as for manipulating mailboxes.
●
E-mail system consists of two parts ●
It provide services to the user to make the process of sending and receiving a message.
– User agents, which allow people to read and send email. ●
But, UA is not responsible for sending or receiving emails
– Message transfer agents(referred as mail servers), which move the messages from source to
destination.
●
Email is delivered through a client/server architecture.
●
An email message is created using a mail client program.
●
This program then sends the message to a server.
●
The server then forwards the message to the recipient’s email server, where the message is then supplied to the
recipient’s email client.
●
To enable this process, a variety of standard network protocols are used;
MAIL TRANSFER AGENT (MTA)
●
The actual mail transfer requires a MTA
●
The most commonly discussed protocols used in the transfer of email
– Mail transport protocols(SMTP). ●
To send a mail, a system must have a client MTA and to receive a mail, a system must have a server
MTA.
– Mail access protocols (POP, IMAP).
 SMTP
●
The primary purpose of SMTP is to transfer email between mail servers.
●
The client sends the message to an outgoing mail server, which in turn contacts the
destination mail server for delivery.
●
It is necessary to specify an SMTP server when configuring an email client.
●
The three phases of transfer are;
– Handshaking(Greeting).
– Transfer of messages.
– Closure.

Model of SMTP System

●
Ie, SMTP is an application layer protocol.
●
The client who wants to send the mail opens a TCP connection to the
SMTP server and then sends the mail across the connection.
●
The SMTP server is an always-on listening mode.
●
As soon as it listens for a TCP connection from any client, the SMTP
process initiates a connection through port 25.
●
After successfully establishing a TCP connection, the client process
sends the mail instantly.
 POP3
●
The user can retrieve the email messages, one by one.
●
Emails can only be accessed by one device.
●
POP3 has two modes: the delete mode and the keep mode. In the delete mode, the mail is
Mail Access Protocols deleted from the mailbox after each retrieval.
●
There are two primary protocols used by email client application to
●
The user must enable “Keep email on server” in the settings if they wish to save their
messages on their device; otherwise, POP3 will erase them
retrieve email from mail servers. ●
In the keep mode, the mail remains in the mailbox after retrieval.
– Post Office Protocol(POP). IMAP(Internet Mail Access Protocol)
●
A user can check the email header prior to downloading.
– Internet Message Access Protocol(IMAP). ●
A user can partially download email.
●
Every email is kept on the server by it.
●
All of a user’s emails may be simply synchronized and accessed from different devices
and places.
●
A user can create, delete, or rename mailboxes on the mail server.
●
A user can create a hierarchy of mailboxes in a folder for email storage.

POP3 Vs IMAP
 MIME – Multi purpose Internet Mail Extensions
●
Electronic mail has a simple structure.
●
It can sent messages only in NVT 7-bit ASCII format.
●
For eg: it can’t be used for languages that are not supported by 7-bit ASCII
characters(suchas French, German etc).
●
Also it can’t be used to send binary files/videos/audio data
●
MIME is a supplementary protocol that allows non-ASCII data to be sent ●
MIME headers can be added to the original email header section to define the
through email. transformation parameters.
●
MIME transforms non-ASCII data at the sender side to NVT ASCII data
and delivers them to the client MTA to be sent through the Internet.
●
The message at the receiver side is transformed back to the original data.
●
MIME can be defined as the set of software functions that transforms non
ASCII data to ASCII data and viceversa
SNMP – Simple Network Management Protocol
 World Wide Web (WWW)
●
The World Wide Web (WWW), often called the Web, is a system of interconnected webpages and
information that you can access using the Internet.
●
Web pages are linked together using hyperlinks which are HTML-formatted and, also referred to as
hypertext, these are the fundamental units of the Internet and are accessed through Hypertext Transfer ●
www is a distributed client server service, in which a client using a
Protocol(HTTP).
browser that can access a service from a server.
●
HTTP specifies the communication of browsers and servers.
●
A Web browser is used to access web pages. Web browsers can be defined as programs which display
●
But, the service provided is distributed over many locations called
text, data, pictures, animation and video on the Internet. sites.
●
The below diagram indicates how the Web operates just like client-server architecture of the internet.
●
When users request web pages or other information, then the web browser of your system request to the
●
Each site hold one or more documents,ie, web pages
server for the information and then the web server provide requested services to web browser back and
finally the requested service is utilized by the user who made the request.
●
Each web page can contain a link to other pages in the same site or at
other sites.
●
The pages can be retrieved and viewed by using browsers