Unit V

Transport &
Application
Layer Protocols
CO5:- Analyze the services provided by Transport & Application layers

1
 TOPICS
• Port Numbers
• User Datagram Protocol (UDP)
• Transmission Control Protocol (TCP)
• World Wide Web (WWW) & HTTP
• File Transfer Protocol (FTP)
• Telnet
• E-Mail & DNS
Resources:
Behrouz A. Forouzan, “Data Communication & Networking”, 5th edition, 2010.
William Stallings, Data and Computer Communications”, 9th edition, 2010.
2
Transport Layer Protocols
• The transport layer in the TCP/IP suite is located between the application layer and the
network layer. It provides services to the application layer and receives services from the
network layer.
• The transport layer acts as a liaison between a client program and a server program, a
process-to-process connection.
• The transport layer is the heart of the TCP/IP protocol suite; it is the end-to-end logical
vehicle for transferring data from one point to another on the Internet.
• Three Protocols: 1) UDP 2) TCP 3) SCTP
• UDP: UDP is an unreliable connectionless transport-layer protocol used for its simplicity
and efficiency in applications where error control can be provided by the application-layer
process.
• TCP: TCP is a reliable connection-oriented protocol that can be used in any application
where reliability is important.
• SCTP: SCTP is a new transport-layer protocol that combines the features of UDP and
TCP. 3
Port Numbers
• Transport-layer protocol usually has several responsibilities. One is to create a process-to-
process communication; these protocols use port numbers to accomplish this.
• Port numbers provide end-to-end addresses at the transport layer and allow multiplexing
and demultiplexing at this layer, just as IP addresses do at the network layer.

4
USER DATAGRAM PROTOCOL (UDP)
UDP – An Introduction
 Connectionless service
 Unreliable transport protocol.
 No flow control / No Acknowledgement
 Process to Process communication
 Powerless
 It uses minimum of over heads
 No reliability is obtained using UDP
 Less interaction between sender and receiver

5
UDP (Contd.)

Above picture depicts user data gram format

UDP packets are called user datagrams(messages)
It has fixed size header of 8 bytes

6
UDP Fields
 Source Port Number:  Length: UDP length=IP length – IP headers Length

• 16 bits long – port ranges from 0- Length field specifies the entire length
65535. of UDP packet (including header).
• This port number will be used by It is 16-bits field and minimum value
the source host for identification. is 8-byte, i.e. the size of UDP header
Destination Port Number: • itself.
• 16 bits long. A user datagram is encapsulated in an
• Used by the process running on IP datagram.
the Destination machine.  Checksum:
• Application level service on end • This field is used to detect errors over the
machine entire user datagram (header plus data)

7
Example

8
UDP Services
• Process-to-Process Communication
• UDP provides process-to-process communication using socket addresses, a combination of IP addresses
and port numbers.
• Connectionless Services
• As mentioned previously, UDP provides a connectionless service. This means that each user datagram sent
by UDP is an independent datagram. There is no relationship between the different user datagrams even
if they are coming from the same source process and going to the same destination program.
• Flow Control
• UDP is a very simple protocol. There is no flow control, and hence no window mechanism.
• Error Control
• There is no error control mechanism in UDP except for the checksum. This means that the sender does
not know if a message has been lost or duplicated.
• Checksum
• UDP checksum calculation includes three sections: a pseudoheader, the UDP header, and the data coming
from the application layer. 9
Pseudoheader for checksum calculation

10
UDP Services (Contd.)
• Congestion Control
• Since UDP is a connectionless protocol, it does not provide congestion
control. UDP assumes that the packets sent are small and sporadic and
cannot create congestion in the network.
• This assumption may or may not be true today, when UDP is used for
interactive real-time transfer of audio and video.
• Encapsulation and Decapsulation
• To send a message from one process to another, the UDP protocol
encapsulates and decapsulates messages.
• Queuing
• We have talked about ports without discussing the actual
implementation of them. In UDP, queues are associated with ports.
• Multiplexing and Demultiplexing
• In a host running a TCP/IP protocol suite, there is only one UDP but
possibly several processes that may want to use the services of UDP. To
handle this situation, UDP multiplexes and demultiplexes.

11
Queuing in UDP
• At the client site, when a process starts, it requests a
port number from the operating system. Some
implementations create both an incoming and an
outgoing queue associated with each process. Other
implementations create only an incoming queue
associated with each process
The client process can send messages to the
outgoing queue by using the source port number
specified in the request
UDP removes the messages one by one and, after
adding the UDP header, delivers them to IP. An
outgoing queue can overflow
12
Applications of UDP
• Used for simple request response communication when size of data is less
hence there is lesser concern about flow and error control.
• It is suitable protocol for multicasting as UDP supports packet
switching. Following implementations uses UDP as a transport
layer protocol:
• NTP (Network Time Protocol) DNS
(Domain Name Service) BOOTP, DHCP.
• NNP (Network News Protocol) Quote of
the day protocol TFTP, RTSP, RIP, OSPF.
• UDP is null protocol if you remove checksum field.
13
UDP Package

Five Components
Control Block Table (CBT)
Input Queues
Control block Module
Input Module
Output Module

14
UDP Package
 Control-Block Table
 UDP has a control-block table to keep track of the open
ports.
 Each entry in this table has a minimum of four fields: the
state, which can be FREE or IN-USE, the process ID, the port
number, and the corresponding queue number.
 Input Queues
 Our UDP package uses a set of input queues, one for each
process. In this design, we do not use output queues.
 Input Module
 The input module receives a user datagram from the IP. It
searches the control-block table to find an entry having the
same port number as this user datagram.
 If the entry is found, the module uses the information in the
entry to enqueue the data. If the entry is not found, it
generates an ICMP message..
 Output Module 15
 The output module is responsible for creating and sending user
UDP at a Glance
• UDP is connectionless

• UDP uses ports for data transmission

• UDP guarantees fast and delay-free communication

• UDP doesn’t care about data integrity or reliability

• UDP can be vulnerable to denial-of-service attacks (DOS)

16
TRANSMISSION CONTROL PROTOCOL (TCP)

• TCP is a connection-oriented, reliable protocol.

• TCP explicitly defines connection establishment, data transfer, and connection teardown phases to
provide a connection-oriented service.
• Handshake refers to the process to establish connection between the client and server. Handshake
is simply defined as the process to establish a communication link.
• TCP uses a combination of GBN and SR protocols to provide reliability. To achieve this goal, TCP uses
checksum (for error detection), retransmission of lost or corrupted packets, cumulative and
selective acknowledgments, and timers.
• The reliable communication in TCP is termed as par (positive acknowledgement re-transmission).
• When a sender sends the data to the receiver, it requires a positive acknowledgement from the
receiver confirming the arrival of data.
• If the acknowledgement has not reached the sender, it needs to resend that data.
17
A 3-way handshake

• The above diagram shows 3 steps for successful connection.

• A 3-way handshake is commonly known as SYN-SYN-ACK and requires both the client and
server response to exchange the data.
• SYN means synchronize Sequence Number and ACK means acknowledgment.
• Each step is a type of handshake between the sender and the receiver.
18
Steps in the 3-way handshake
Step 1: SYN Step 2: SYN-ACK Step 3: ACK
• SYN is a segment sent by the client to • ACK (Acknowledgment) is the last
the server. • It is an SYN-ACK segment or an step before establishing a successful
• It acts as a connection SYN + ACK segment sent by the TCP connection between the client
request between the client and and server.
server. It informs the server that the server.
• The ACK segment is sent by the client
client wants to establish a
• The ACK segment informs the as the response of the received ACK
connection.
and SYN from the server. It results in
• Synchronizing sequence numbers client that the server has received the establishment of a reliable data
also helps synchronize sequence connection.
the connection request and it is
numbers sent between any two
ready to build the connection. • After these three steps, the client
devices, where the same SYN
and server are ready for the data
segment asks for the sequence • The SYN segment informs the communication process
number with the connection request. sequence number with which the
server is ready to start with the
segments. 19
TCP Services
• Process-to-Process Communication
• Stream Delivery Service
• Sending and Receiving Buffers
• Segments
• Full-Duplex Communication
• Multiplexing and Demultiplexing
• Connection-Oriented Service
• Reliable Service

20
 TCP Segment & Header

• The segment consists of a header of 20 to 60 bytes, followed by data from the application program. The header
is 20 bytes if there are no options and up to 60 bytes if it contains options.

21
TCP Header Fields
1. Source Port- Acknowledgement Number-
• Source Port is a 16-bit field. • Acknowledgment number is a 32-bit field.
• It identifies the port of the sending application. • It contains sequence number of the data byte that
receiver expects to receive next from the sender.
• It is always sequence number of the last received
2. Destination Port- data byte incremented by 1.
• Destination Port is a 16-bit field.
• It identifies the port of the receiving application. Header Length-
• Header length is a 4-bit field.
3. Sequence Number- • It contains the length of TCP header.
• It helps in knowing from where the actual data
• Sequence number is a 32-bit field. begins.
• TCP assigns a unique sequence number to each
byte of data contained in the TCP segment.
Reserved Bits-
• This field contains the sequence number of the
first data byte. • The 6 bits are reserved.
• These bits are not used.
22
TCP Header Fields
Checksum-
SYN Bit- SYN bit is used to synchronize the • Checksum is a 16-bit field used for error control.
sequence numbers. • It verifies the integrity of data in the TCP payload.
• When SYN bit is set to 1, • Sender adds CRC checksum to the checksum field before sending
• It indicates the receiver that the sequence the data.
number contained in the TCP header is the initial • Receiver rejects the data that fails the CRC check.
sequence number. Urgent Pointer-
• Request segment sent for connection • Urgent pointer is a 16-bit field.
establishment during Three way handshake • It indicates how much data in the current segment counting from
contains SYN bit set to 1. the first data byte is urgent.
• Urgent pointer added to the sequence number indicates the end of
FIN Bit- FIN bit is used to terminate the TCP urgent data byte.
connection. • This field is considered valid and evaluated only if the URG bit is set
• When FIN bit is set to 1, to 1.

• It indicates the receiver that the sender wants to Options-

terminate the connection.
• Options field is used for several purposes.
• FIN segment sent for TCP Connection • The size of options field vary from 0 bytes to 40 bytes
Termination contains FIN bit set to 1.

23
TCP Flow Control
 Creates a balance between rate of data production and the rate of data consumption

 Assumption: Channel between sender & receiver is error-free

24
TCP Flow Control
1) Messages are pushed from the Sending application to TCP Client

2) Message segment from TCP Client is pushed to TCP Server

3) Messages are pulled by receiving application from TCP Server

4) Flow control feedback is sent from TCP server to TCP client

5) TCP client forwards the flow control feedback to sending application

 Opening and Closing Windows
 Buffer size of sender & receiver is fixed during connection establishment
 Window sizes of Sender / Receiver is controlled and adjusted by TCP Server
 Opening / Closing / Shrinking of client window is controlled by receiver

25
 Time-line
diagram for a
common
scenario

26
Send window in TCP

The send window in TCP is similar to the one used

with the Selective-Repeat protocol, but with some
differences:
1) One difference is the nature of entities related
to the window.
 The window size in SR is the number of
packets, but the window size in TCP is the
number of bytes.
 Although actual transmission in TCP occurs
segment by segment, the variables that control
the window are expressed in bytes.

2) The second difference is that, in some implementations, TCP can store data received from the
process and send them later, but we assume that the sending TCP is capable of sending segments
of data as soon as it receives them from its process.
3) Another difference is the number of timers. The theoretical Selective-Repeat protocol may use
several timers for each packet sent, but as mentioned before, the TCP protocol uses only one timer.
27
SCTP
• Stream Control Transmission Protocol (SCTP) is a connection-
oriented network protocol for transmitting multiple streams
of data simultaneously between two endpoints that have established a
connection in a computer network.
• It is similar to TCP, but it also provides message-oriented data transfer,
like User Datagram Protocol (UDP), making it useful for end-to-end
internet communications.
• SCTP is also intended to make it easier to establish connection over
wireless network and managing transmission of multimedia data. SCTP
is a standard protocol (RFC 2960) and is developed by Internet
Engineering Task Force (IETF).

28
SCTP
Advantages of SCTP
[Link] is a full- duplex connection i.e. users can send and receive data
simultaneously.
[Link] allows half- closed connections.
[Link] message’s boundaries are maintained and application doesn’t have to
split messages.
[Link] has properties of both TCP and UDP protocol.
[Link] doesn’t rely on IP layer for resilience of paths.
Disadvantages of SCTP
[Link] of key challenges is that it requires changes in transport stack on node.
[Link] need to be modified to use SCTP instead of TCP/UDP.
[Link] need to be modified to handle multiple simultaneous streams.
29
WWW Architecture
● WWW is a networked information system (repository of information) and it provides distributed client-
server service, in which a client using a browser can access a service using a server.

● Sites
● Web pages (simple / composite)

Request
Client Server
Response

30
Hypertext and Hypermedia
● Hypertext –creating a document that in turn refer to other document. In a
hypertext document, a part of text can be defined as a link to another document.
● Hypermedia is a term applied to document that contains links to other textual
document or documents containing graphics, video, or audio.

31
Web Client (Browser)
● It is an application software that allows us to view and explore information on
the web. User can request for any web page by just entering a URL into address
bar.
● Web browser can show text, audio, video, animation and more. It is the
responsibility of a web browser to interpret text and commands contained in the
web page.
● A variety of vendors offer commercial browsers that interpret and display a Web
document, and all of them use nearly the same architecture. Each browser
usually consists of three parts:
● a controller – receives input from keyboard
● client protocol – access the document
● Interpreters – display document on screen

32
Web Server
● Web site is collection of web pages while web server is a software that respond
to the request for web resources.
● When client sends request for a web page, the web server search for the
requested page if requested page is found then it will send it to client with an
HTTP response.
● If the requested web page is not found, web server will the send an HTTP
response : Error 404 Not found.
● A server can also become more efficient through multithreading or
multiprocessing. In this case, a server can answer more than one request at a
time.
● Some popular Web servers include Apache and Microsoft Internet Information
Server.

33
Uniform Resource Locator (URL)
● A URL (Uniform Resource Locator) is a unique identifier used to locate a
resource on the internet.

● Protocol - client-server application program used to retrieve the document (http)

● Host - domain name of the computer on which the information is located (www)
● Port – (optional) If the port is included, it is inserted between the host and the
path, and it is separated from the host by a colon.
● Path - pathname of the file where the information is located.
34
Static Documents
● The author of a static document determines the contents at the time
the document is written.
● Since the contents do not change, each request for a static document results in
exactly the same response.
● Static documents are prepared using – HTML, XML, XSL, XHTML.

35
Dynamic Documents
● A dynamic web document does not exist in a
predefined form.
● When a request arrives the web server runs
an application program that creates the
document.
● The server returns the output of the program
as a response to the browser that requested
the document.
● Since a fresh document is created for each
request, the contents of a dynamic document
can vary from one request to another.
● Technologies involved – PHP, JSP, ASP etc.
● Dynamic documents are sometimes referred
to as server-site dynamic documents.
36
Active Documents

●An active web document

consists of a computer
program that the server sends
to the browser and that the
browser must run locally.
●When it runs, the active
document program can
interact with the user and
change the display
continuously.
●Active documents are 37
sometimes referred to as
HTTP
● The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to
access data on the World Wide Web.

● HTTP functions as a combination of FTP and SMTP.

● HTTP uses the services of TCP on well-known port 80.

38
HTTP Transaction
● The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to access data
on the World Wide Web.
● HTTP functions as a combination of FTP and SMTP.
● HTTP uses the services of TCP on well-known port 80.

● Request message
● Request Line

39
HTTP Transaction (Cont . . .)
● Format of request message and response message

40
Conditional Request
● Request based on condition is possible.
● If condition is met, server sends it; else client is informed about it.
● Example conditions - time and date the Web page is modified.
○ Request
GET [Link] HTTP/1.1
If-Modified-Since: Thu, Sept 04 [Link] GMT
○ Response
HTTP/1.1 304 Not Modified
Date: Sat, Sept 06 08 [Link] GMT
Server: [Link]
(Empty Body)
41
Persistence
● HTTP version 1.1 specifies a persistent connection by default.
● Connection is left open for more requests.
● Connection will be closed only after a request or if a time-out is reached.
● Length of data is sent by the sender on each response, but if it is unknown
(Dynamic documents) then the server informs client and closes the connection.

42
Cookies
● It is a small piece of data stored in users' system by the browser while browsing
a website.
● When the client receives the response from server on request, the browser
stores the cookie in the cookie directory.
● Next time, when a client sends a request to a server, the browser looks in the
cookie directory to see if it can find a cookie sent by that server.
● If found, the cookie is included in the request.

● Example – e-commerce

43
Web caching: Proxy server
● Proxy server acts as a gateway between client and server.
● It keeps copies of responses to recent requests.
● On receiving the request from client, proxy server checks its cache and if it is not
found then the request is sent to corresponding server.
● This reduces the load on the original server, decreases traffic, and improves
latency.
● However, to use the proxy server, the client must be configured to access the
proxy instead of the target server.

44
HTTP security
● HTTPS provides confidentiality, client and server authentication, and data
integrity.

● HTTP status codes are 3-digit codes most often used to indicate whether an HTTP
request has been successfully completed. Status codes are broken into the following 5
blocks:
○ 1xx Informational
○ 2xx Success
○ 3xx Redirection
○ 4xx Client Error
○ 5xx Server Error
45
DNS(Domain Name System)
● TCP/IP protocols uses IP address.
● Identifies connection of a host to the internet.
● System maps a name to an address
● Host file – only two columns (name, address)
● Single host file – maps the names to address
● Host file would be large to store in every host.
● Impossible to update the changes happens every time to the host file.
Solution 1
● Store the host file in a single system and allow the centralized information access to every system
that needs mapping.

Disadvantage
● Huge amount of traffic to the internet.
Solution 2
● Divide the huge amount of information into smaller parts and store on different systems.
● Host which needs mapping can communicate to the closest system that holds the information.
● This solution is called Domain Name System.
46
Purpose of DNS
Six steps to map host name to an IP address
1. User passes the host name to the file transfer client (FTC).
2. FTC passes the host name to DNS client.
3. DNS client sends a message to the DNS Server. The query gives the
file transfer server name using the known IP address of the DNS
server.
4. DNS server responses back with the IP address of the desired file
transfer server.
5. DNS client passes the IP address to file transfer server.
6. FTC uses the IP address it received to access the file transfer server.

Two Connections must be made

● Mapping the name to an IP address
● Transferring files

47
Namespace
● Maps the address to the unique names.
● Organized in two ways flat or hierarchical.
Flat Name Space
● Name is assigned to an address, name is the sequence of characters without
structures.
Disadvantage
● Cannot used in large system.
● Centrally controlled to avoid ambiguity and duplications.
Hierarchical Name Space
● Each name is made up of several parts.
● First part – nature of organization
● Second part – name of an organization
● Third part – departments in the organization
● Namespace can be decentralized.
● Suffixes (or prefixes) are added to the name that defines the host or system. 48
Domain Name Space
 Hierarchical name space – DNS was designed.
 Names are defined in inverted tree structure
with root at top.
 Tree have 128 levels – 0 (root) to 127.
Label
 Each node in a tree has a label – max of 63
characters.
Domain Name System  Root label is a null string.
 Children node should have different labels
that will ensure uniqueness in domain names.
Domain Name
 Full domain name is the sequence of labels
separated by dots.
 Domain names read from nodes up to the root.
 Full domain name always ends in a null label.

Domain names and labels 49

Fully Qualified Domain Names (FQDN)
Partially Qualified Domain Names (PQDN)
Fully Qualified Domain Names (FQDN)
● If the label is terminated by null string it is called fully qualified
domain names.
● Contains the full name of the host, contains all labels from most
specific to most general.
● DNS server can match an FQDN to an address.
Eg: [Link].

Partially Qualified Domain Names (PQDN)

FQDN and PQDN ● If the label is not terminated by null string it is called partially
qualified domain name.
● PQDN starts from the node but does not reach the root.
● The resolver will supply the missing part called the suffix to create a
PQDN.
● User at [Link] site wants to get the IP address of the challenger
computer, has to mention the partial name.
Eg: challenger
● The DNS client adds the suffix before parsing the address to the DNS
server.
Eg: [Link] 50
Domain Name Space
Domain
● It is the subtree of domain name space.
● The of the domain is the name of the node at the top
of the subtree.
● Domains may itself divided into sub domains.

Distribution of name space

● Information in the name space must be stored.
● It is inefficient and not reliable to store the
Domains information in a single system.
Solution
● Distribute the information among many computers
called DNS servers.
Hierarchy of name space
● Divide the whole space into many domains based on
the first level.

Hierarchy of name servers

51
Domain Name Space
Zone
● What a server is responsible for or has authority over
is called zones.
● Zone is the contiguous part of the entire tree.
● If server accepts the responsibility for a domain and
does not divide the domain into smaller domains then
“domain” and “zone” refers the same thing.
Zones and Domains
Root server
● It is the server whose zone consists of the whole tree.
● It does not store any information about the domains
but delegates the authority to other servers, keeping
references to those servers.

52
Domain Name Space
Primary and Secondary Servers

Primary Server
● Server that stores the file about the zone for which it is in authority.
● It is responsible for creating, maintaining and updating the zone files.
● It stores zone file on a local disk.

Secondary Servers
● Server that transfers the complete information about zone from another server
and stores the file on its local disk.
● Secondary server neither creates nor updates the zone files.

53
DNS in the Internet
● In internet the domain name space is divided into three different
sections.
● Generic domains, country domains and the inverse domains.
Generic Domains
● Define registered hosts according to their generic behaviour.
● Each node in a tree defines a domain which is an index to the
domain name space database.
DNS used in internet

Generic Domain Labels

Generic Domains
54
DNS in the Internet
Country Domains
● Uses two character country abbreviations.
Eg: US for United Sates
● Second label can be organizational or they can be
more specific national designations.
Eg: [Link]

Inverse Domain
● It is used to map an address to a name.
Country Domains
● This happens when the server has received a request
from the client.
● Type of query called an inverse or pointer (PTR)
query.
● To handle the pointer query the inverse domain is
added to the domain name space with the first level
node.
● Second level is also one single node named in addr
(for inverse address).
55
Inverse Domain
Resolution
Mapping a name to an address or an address to a name is called name address resolution.
Resolver
● DNS is designed as a client – server application.
● Host that needs to map an address to a name or a name to an address calls a DNS client
called a resolver.
● After the resolver receives the mapping, it interprets the response to see if it is a real
resolution or an error and finally delivers the results to the process that requested it.

Mapping Names to Addresses

● The resolver gives a domain name to the server and asks for the corresponding
address.
● If the domain name is from the generic domain the resolver receives a domain name
such as “[Link].
● if the domain name is from the country domain the resolver receives a domain name
such as “[Link].
56
Resolution
Mapping Addresses to Names
● A client can send an IP address to a server to be mapped
to a domain name.
● To answer the PTR query DNS uses the inverse domain.
● in the request the IP address is reversed and two labels
in-addr and arpa are appended to create a domain
acceptable by the inverse domain.

Recursive Resolution
● The client can ask for a recursive answer from a name
server.
Recursive resolution ● If the server is the authority for the domain name, it
checks its database and responds.
● If the server is not the authority it sends the request to
another server and waits for the response.
● If the parent is the authority it responds otherwise it
sends the query to another server.
57
Resolution Iterative Resolution
● If server is an authority for the name it sends the answer.
● If not it returns the IP address of the server that thinks it
can resolve the query.
● The client is responsible for repeating the request to the
second server.
● The client repeats the same procedure to next server and so
on
● This process is called iterative because the client repeats
the same query to multiple servers.

Catching
● Each time the server receives the query for a name that is
Iterative Resolution
not in domain it needs to search its database for a server IP
address.
● Reduction in search time would increase the efficiency.
● DNS handles this with the mechanism called catching.
58
Resolution
● Reduction of search time would increase the efficiency.
● DNS handles this with the mechanism called catching.
● Catching speeds up resolution but it can also be problematic.
● If the server catches the mapping for a long time it may send an outdated
mapping to the client.

Two counter techniques are used

 The authoritative server always adds information to the mapping called time to
live.

 DNS requires each server keep a TTL counter for each mapping it caches.

59
DNS Messages
● DNS messages are of two types

 Query

 Response

● The query message consists of header and

question records.

● The response message consists of header,

question records, answer records,
authoritative records and additional records.

Query and Response Messages

60
DNS Messages
Header
● Both query and response message have the same
header format with some fields set to zero for query
messages.
● The header is of 12 bytes.
● Identification - 16 bit field used by client to match the
response with the query.
● Flags – 16 bit field consisting of the subfields.
Header Format ● QR (Query/Response) – 1 bit sub field defines type of
message.
0 – message is query
1 – message is response

● OpCode - 4 bits, defines the type of query or response

0 – standard
Flags Field
1 – inverse
2 – server status request

61
DNS Messages
● AA (Authoritative Answer) – 1 bit subfield
Set to 1 - name server is the authoritative server
Used only in response message.

● TC (Truncate) – 1 bit subfield

Set to 1 – response was mor than 512 bytes and
truncated
It is used when DNS uses the services of UDP
Flags Field
● RD (Recursion Desired) – 1 bit subfield
Set to 1 – client desires a recursive answer
It is set in query message and repeated in the
response message
● RA (Recursion Available) – 1 bit subfield
Set in response, means that a recursive response
is available Set only in response message
62
DNS Messages
● Reserved – 3 bit sub field set to 000.
rcode – 4 bit field shows status of error in response
Only authoritative server can make the judgement
● Number of question records – 16 bit field
Flags Field
Contains the number of queries in question section of
the message
● Number of answer records – 16 bit field
Contains the number of answer records in answer
section of the response message
● Number of authoritative records – 16 bit field
Contains number of authoritative records in
authoritative section of the response message
It’s value is zero in query message
● Number of additional records – 16 bit field
Values of rcode Contains number of additional records in additional
section of a response message

63
DNS Messages
● Question Section
Consists of one or more question records
It is present in both query and response messages
● Answer Section
Consists of two or more resource records
It is present only on response messages
● Authoritative Section
Consists of two or more resource records
It is present only on response messages
Gives information (domain name) about one or more authoritative servers for the query
● Additional Information Section
Consists of two or more resource records
It is present only on response messages
Gives additional information that helps the resolver

64
FTP
● File Transfer Protocol (FTP) is the standard mechanism provided by TCP/IP
for copying a file from one host to another.
● FTP uses the services of TCP
● The well-known port 21 is used for the control connection
● The well-known port 20 for the data connection.

65
FTP

66
FTP – Data Connection
FTP creates a data connection with the following steps
1. The client issues a passive open using an ephemeral port.

2. The client sends the port number to the server using the PORT command.
3. The server receives the port number and issues an active open using the
well-known port 20 and the received ephemeral port number.

67
FTP – Communication

● Control Connection

68
FTP – Communication
● Data Connection

69
FTP - Commands

70
FTP- Commands
Type of Command Description Example
Access commands commands let the user access USER – Provides user information
the remote system PASS – Password
ACCT – Account Information
REIN – Reinitialize
QUIT – Logout
ABOR – Abort the previous commands

File management commands let the user CWD – Change to another directory
commands access the file system on DELE – Delete a file
the remote computer. LIST – List subdirectories

71
FTP- Commands
Type of Command Description Example
File Transfer commands commands let the user transfer RETR – Retrieve files
files STOR – Store files
APPE – if file exists append the
data
STAT – Return status of files

Miscellaneous commands commands deliver HELP – Ask for information

information to the FTP user at about the server
the client side NOOP – Check if the server is
alive
SITE – Specify the site-specific
commands
SYST – Ask about operating
system used by the server
72
FTP – Responses
● A response has two parts: a three-digit number followed by text.
● The numeric part defines the code; the text part defines needed parameters or extra explanations.
● We represent the three digits as xyz
● First Digit - The first digit defines the status of the command. One of five digits can be used in
this position:
❑ 1yz (positive preliminary reply). The action has started. The server will send another reply
before accepting another command.
❑ 2yz (positive completion reply). The action has been completed. The server will accept another
command
❑ 3yz (positive intermediate reply). The command has been accepted, but further information is
needed.
❑ 4yz (transient negative completion reply). The action did not take place, but the error is
temporary. The same command can be sent later.
❑ 5yz (permanent negative completion reply). The command was not accepted and should not
be retried again.
73
FTP – Responses
● Second Digit The second digit also defines the status of the command. One of six digits can be
used in this position:
❑ x0z (syntax).
❑ x1z (information).
❑ x2z (connections).
❑ x3z (authentication and accounting).
❑ x4z (unspecified).
❑ x5z (file system).
● Third Digit The third digit provides additional information.

74
FTP – File Transfer

75
Example Using FTP
for retrieving a list of
items in a directory.

76
Example –

The colored lines show the

responses from the server
control connection;
The black lines show the
commands sent by the client.
The lines in white with black
background show data transfer.

77
Example of how an
image (binary) file is
stored.

78
Anonymous FTP Example - assume that some public data are
available at [Link].

79
Security - FTP

● To be secure, one can add a Secure Socket Layer between the FTP application layer
and the TCP layer - In this case FTP is called SSL-FTP
● Another way to transfer files using a secure channel is to use another independent
protocol called sftp (secure file transfer protocol). This is actually a program in Unix
called sftp that is part of the SSH protocol

80
TFTP
● There are occasions when we need to simply copy a file without the need for
all of the features of the FTP protocol.
● For example, when a diskless workstation or a router is booted, we need to
download the bootstrap and configuration files.
● Trivial File Transfer Protocol (TFTP) is designed for these types of file transfer
● TFTP uses the services of UDP on the well-known port 69.

81
 Message categories

The read request (RRQ) message is used by the client to establish a connection for reading data from the server
RRQ format

The write request (WRQ) message is used by the client to establish a connection for writing data to the server
WRQ format

DATA The data (DATA) message is used by the client or the server to send blocks of data.

Data Format
TFTP – Connection Establishment

83
UDP port numbers used by TFTP

84
TFTP - Example

85
Application - Use of TFTP with DHCP

86
REMOTE LOGGING
● It would be impossible to write a specific client/server program for
each demand. The better solution is a general-purpose client/server
program that lets a user access any application program on a remote
computer.

Topics discussed in this section:

TELNET
SSH

87
TELNET

• TELNET is a general-purpose client/server application program

• Remote virtual terminal

• One server supports multiple VTs

88
Example of Telnet (Character mode)

89
Image Source: [Link]
Common Features of Telnet
• Telnet is on a single TCP connection to port 23
• Telnet connection is unencrypted

• So easy for eavesdropper!

• In most cases, telnet is a remote terminal. Each character is transmitted in a separated packet

• The same is true for SSH login stage

• A feature that could be exploited for “timing attack”.

90
Telnet Commands
• telnet [Link]

• setup a remote shell to the server

• telnet [Link] 25

• Setup a TCP connection to port 25 (email service)

91
SSH – Secure Shell
• Replacement of old unsecure Telnet program
• Both ends authenticate with each other
• Rely on public key cryptography
• All communication messages are encrypted
• SSH is used also as a secure tunneling channel for other applications
• File transfer
• Port forwarding (such as X window)
• Virtual private network (VPN)

92
SSH – Secure Shell
• Under Unix machine:
• Hidden directory .ssh saves all configuration files

• “known_hosts” saves public keys of all previous connected SSH servers

• Attacker cannot impersonates as a known SSH server anymore

• Have to trust what you get in the first connection attempt

93
SSH Programs and Usages

• Many open source ssh client software

• OpenSSH, PuTTY, Kitty, WinSCP

• SSH uses TCP connection on port 22

• Login methods:
• Password

• private key kept on client, public key stored on server (come to this in later security
chapter)

94
What is Email?

95
How Email works?

96
How Email works?
● Once an email message has been sent, it follows several steps to its final
destination:
● The sender’s mail server, also called a Mail Transfer Agent (MTA), initiates
a Simple Mail Transfer Protocol (SMTP) connection.
● The SMTP checks the email envelope data — the text that tells the server
where to send a message — for the recipient’s email address, then uses
the Domain Name System (DNS) to translate the domain name into an IP
address.
● The SMTP looks for a mail exchange (MX) server associated with the
recipient’s domain name. If one exists, the email is forwarded to the
recipient’s mail server.
● The email is stored on the recipient’s mail server and may be accessed via
the Post Office Protocol (POP)* or Internet Message Access Protocol (IMAP).97
Architecture

98
POP3 & IMAP4

99
Advantages & Disadvantages
Advantages of email:
● Convenient and fast communication with individuals or groups globally.
● Easy to store and search for past messages.
● Ability to send and receive attachments such as documents, images, and videos.
● Cost-effective compared to traditional mail and fax.
● Available 24/7.

Disadvantages of email:
● Risk of spam and phishing attacks.
● Overwhelming amount of emails can lead to information overload.
● Can lead to decreased face-to-face communication and loss of personal touch.
● Potential for miscommunication due to lack of tone and body language in written
messages.
● Technical issues, such as server outages, can disrupt email service.
100