Introduction to Network — #15 Application Layer
Cisco Networking Academy, Hands-on Course!
15.0 — Introduction
15.0.1 — Why should I take this module?
there are a lot of details that have to be determined so that this data transport happens correctly.
This is why there is an application layer in both the OSI and the TCP/IP models. As an example, before there was streaming video over the internet, we had to watch home movies in a variety of other ways.
15.0.2 — What will I learn to do in this module?
Module Title: Application Layer
Module Objective: Explain the operation of application layer protocols in providing support to end-user applications.
15.1 — Applications, Presentation, and Session
15.1.1 — Application Layer
In the OSI and the TCP/IP models, the application layer is the closest layer to the end user.
Application layer protocols are used to exchange data between programs running on the source and destination hosts.
Based on the TCP/IP model, the upper three layers of the OSI model (application, presentation, and session) define functions of the TCP/IP application layer.
Some of the most widely known application layer protocols include Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), Internet Message Access Protocol (IMAP), and Domain Name System (DNS) protocol.
15.1.2 — Presentation and Session Layer
Presentation Layer
The presentation layer has three primary functions:
- Formatting, or presenting, data at the source device into a compatible format for receipt by the destination device.
- Compressing data in a way that can be decompressed by the destination device.
- Encrypting data for transmission and decrypting data upon receipt.
Some well-known standards for video include Matroska Video (MKV), Motion Picture Experts Group (MPG), and QuickTime Video (MOV). Some well-known graphic image formats are Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPG), and Portable Network Graphics (PNG) format.
Session Layer
As the name implies, functions at the session layer create and maintain dialogs between source and destination applications. The session layer handles the exchange of information to initiate dialogs, keep them active, and to restart sessions that are disrupted or idle for a long period of time.
15.1.3 — TCP/IP Application Layer Protocols
Application layer protocols are used by both the source and destination devices during a communication session. For the communications to be successful, the application layer protocols that are implemented on the source and destination host must be compatible.
Name System
DNS — Domain Name System (or Service)
- TCP, UDP client 53
- Translates domain names, such as cisco.com, into IP addresses.
Host Config
BOOTP — Bootstrap Protocol
- UDP client 68, server 67
- Enables a diskless workstation to discover its own IP address, the IP address of a BOOTP server on the network, and a file to be loaded into memory to boot the machine
- BOOTP is being superseded by DHCP
DHCP — Dynamic Host Configuration Protocol
- UDP client 68, server 67
- Dynamically assigns IP addresses to be re-used when no longer needed
SMTP — Simple Mail Transfer Protocol
- TCP 25
- Enables clients to send email to a mail server
- Enables servers to send email to other servers
POP3 — Post Office Protocol
- TCP 110
- Enables clients to retrieve email from a mail server
- Downloads the email to the local mail application of the client
IMAP — Internet Message Access Protocol
- TCP 143
- Enables clients to access email stored on a mail server
- Maintains email on the server
File Transfer
FTP — File Transfer Protocol
- TCP 20 to 21
- Sets rules that enable a user on one host to access and transfer files to and from another host over a network
- FTP is a reliable, connection-oriented, and acknowledged file delivery protocol
TFTP — Trivial File Transfer Protocol
- UDP client 69
- A simple, connectionless file transfer protocol with best-effort, unacknowledged file delivery
- It uses less overhead than FTP
Web
HTTP — Hypertext Transfer Protocol
- TCP 80, 8080
- A set of rules for exchanging text, graphic images, sound, video, and other multimedia files on the World Wide Web
HTTPS — HTTP Secure
- TCP, UDP 443
- The browser uses encryption to secure HTTP communications
- Authenticates the website to which you are connecting your browser
15.2 — Peer to Peer
15.2.1 — Client-Server Model
Client and server processes are considered to be in the application layer. The client begins the exchange by requesting data from the server, which responds by sending one or more streams of data to the client.
Application layer protocols describe the format of the requests and responses between clients and servers.
As shown in the figure, files are downloaded from the server to the client.
15.2.2 — Peer to Peer Networks
Peer-to-Peer (P2P) networking model, the data is accessed from a peer device without the use of a dedicated server.
The P2P network model involves two parts: P2P networks and P2P applications. Both parts have similar features, but in practice work quite differently.
P2P network
two or more computers are connected via a network and can share resources (such as printers and files) without having a dedicated server.
In addition to sharing files, a network such as this one would allow users to enable networked games or share an internet connection.
15.2.3 — Peer to Peer Applications
A P2P application allows a device to act as both a client and a server within the same communication. every client is a server and every server is a client.
P2P applications require that each end device provide a user interface and run a background service.
Some P2P applications use a hybrid system where resource sharing is decentralized, but the indexes that point to resource locations are stored in a centralized directory.
15.2.4 — Common P2P Applications
Common P2P networks include the following:
- BitTorrent
- Direct Connect
- eDonkey
- Freenet
Some P2P applications are based on the Gnutella protocol, where each user shares whole files with other users.
Many Gnutella client applications are available, including μTorrent, BitComet, DC++, Deluge, and emule.
Many P2P applications allow users to share pieces of many files with each other at the same time. Clients use a torrent file to locate other users who have pieces that they need so that they can then connect directly to them.
This file also contains information about tracker computers that keep track of which users have specific pieces of certain files. Clients ask for pieces from multiple users at the same time.
This is known as a swarm and the technology is called BitTorrent. BitTorrent has its own client. But there are many other BitTorrent clients including uTorrent, Deluge, and qBittorrent.
Any type of file can be shared between users. Many of these files are copyrighted, meaning that only the creator has the right to use and distribute them. It is against the law to download or distribute copyrighted files without permission from the copyright holder. Copyright violation can result in criminal charges and civil lawsuits.
15.3 — Web and Email Protocols
15.3.1 — HTTP and HTML
When a web address or Uniform Resource Locator (URL) is typed into a web browser, the web browser establishes a connection to the web service. The web service is running on the server that is using the HTTP protocol. URLs and Uniform Resource Identifiers (URIs) are the names most people associate with web addresses.
Step 1
The browser interprets the three parts of the URL:
- http (the protocol or scheme)
- www.cisco.com (the server name)
- index.html (the specific filename requested)
Step 2
The browser then checks with a name server to convert www.cisco.com into a numeric IP address, which it uses to connect to the server. The client initiates an HTTP request to a server by sending a GET request to the server and asks for the index.html file.
Step 3
In response to the request, the server sends the HTML code for this web page to the browser.
Step 4
The browser deciphers the HTML code and formats the page for the browser window.
15.3.2 — HTTP and HTTPS
HTTP is a request/response protocol. When a client, typically a web browser, sends a request to a web server, HTTP specifies the message types used for that communication. The three common message types are GET (see figure), POST, and PUT:
- GET — This is a client request for data. A client (web browser) sends the GET message to the web server to request HTML pages.
- POST — This uploads data files to the web server, such as form data.
- PUT — This uploads resources or content to the web server, such as an image.
HTTP is remarkably flexible, it is not a secure protocol.
For secure communication across the internet, the HTTP Secure (HTTPS) protocol is used. HTTPS uses authentication and encryption to secure data as it travels between the client and server.
HTTPS uses the same client request-server response process as HTTP, but the data stream is encrypted with Transport Layer Security (TLS) or its predecessor Secure Socket Layer (SSL) before being transported across the network.
15.3.3 — Email Protocols
Email is a store-and-forward method of sending, storing, and retrieving electronic messages across a network. Email messages are stored in databases on mail servers.
Email clients communicate with mail servers to send and receive email. Mail servers communicate with other mail servers to transport messages from one domain to another.
Email supports three separate protocols for operation: Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), and IMAP. The application layer process that sends mail uses SMTP. A client retrieves email using one of the two application layer protocols: POP or IMAP.
15.3.4 — SMTP, POP, and IMAP
SMTP
SMTP message formats require a message header and a message body. Although the message body can contain any amount of text, the message header must have a properly formatted recipient email address and a sender address.
SMTP process on well-known port 25
POP
POP is used by an application to retrieve mail from a mail server. With POP, mail is downloaded from the server to the client and then deleted on the server. This is the default operation of POP (TCP port 110).
With POP, email messages are downloaded to the client and removed from the server, so there is no centralized location where email messages are kept.
POP3 is the most commonly used version
IMAP
IMAP is another protocol that describes a method to retrieve email messages. Unlike POP, when the user connects to an IMAP-capable server, copies of the messages are downloaded to the client application.
Users can create a file hierarchy on the server to organize and store mail. That file structure is duplicated on the email client as well. When a user decides to delete a message, the server synchronizes that action and deletes the message from the server.
15.4 — IP Addressing Services
15.4.1 — Domain Name Service (DNS)
In data networks, devices are labeled with numeric IP addresses to send and receive data over networks. Domain names were created to convert the numeric address into a simple, recognizable name.
The DNS protocol defines an automated service that matches resource names with the required numeric network address.
Step 1
The user types an FQDN into a browser application Address field.
Step 2
A DNS query is sent to the designated DNS server for the client computer.
Step 3
The DNS server matches the FQDN with its IP address.
Step 4
The DNS query response is sent back to the client with the IP address for the FQDN.
Step 5
The client computer uses the IP address to make requests of the server.
15.4.2 — DNS Message Format
The DNS server stores different types of resource records that are used to resolve names.
- A — An end device IPv4 address
- NS — An authoritative name server
- AAAA — An end device IPv6 address (pronounced quad-A)
- MX — A mail exchange record
The ipconfig /displaydns command displays all of the cached DNS entries.
DNS uses the same message format between servers, consisting of a question, answer, authority, and additional information for all types of client queries and server responses, error messages, and transfer of resource record information.
15.4.3 — DNS Hierarchy
The DNS protocol uses a hierarchical system to create a database to provide name resolution
The different top-level domains represent either the type of organization or the country of origin. Examples of top-level domains are the following:
- .com — a business or industry
- .org — a non-profit organization
- .au — Australia
- .co — Colombia
15.4.4 — The nslookup Command
When configuring a network device, one or more DNS Server addresses are provided that the DNS client can use for name resolution.
When the nslookup command is issued, the default DNS server configured for your host is displayed. The name of a host or domain can be entered at the nslookup prompt. The Nslookup utility has many options available for extensive testing and verification of the DNS process.
15.4.5 — Dynamic Host Configuration Protocol (DHCP)
The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters.
The DHCP server chooses an address from a configured range of addresses called a pool and assigns (leases) it to the host.
Many networks use both DHCP and static addressing. DHCP is used for general purpose hosts, such as end user devices. Static addressing is used for network devices, such as gateway routers, switches, servers, and printers.
DHCP for IPv6 (DHCPv6) provides similar services for IPv6 clients. One important difference is that DHCPv6 does not provide a default gateway address.
15.4.6 — DHCP Operation
When an IPv4, DHCP-configured device boots up or connects to the network, the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify any available DHCP servers on the network. A DHCP server replies with a DHCP offer (DHCPOFFER) message, which offers a lease to the client. The offer message contains the IPv4 address and subnet mask to be assigned, the IPv4 address of the DNS server, and the IPv4 address of the default gateway. The lease offer also includes the duration of the lease.
The client may receive multiple DHCPOFFER messages if there is more than one DHCP server on the local network. Therefore, it must choose between them, and sends a DHCP request (DHCPREQUEST) message that identifies the explicit server and lease offer that the client is accepting. A client may also choose to request an address that it had previously been allocated by the server.
Assuming that the IPv4 address requested by the client, or offered by the server, is still available, the server returns a DHCP acknowledgment (DHCPACK) message that acknowledges to the client that the lease has been finalized. If the offer is no longer valid, then the selected server responds with a DHCP negative acknowledgment (DHCPNAK) message. If a DHCPNAK message is returned, then the selection process must begin again with a new DHCPDISCOVER message being transmitted. After the client has the lease, it must be renewed prior to the lease expiration through another DHCPREQUEST message.
DHCPv6 has a set of messages that is similar to those for DHCPv4. The DHCPv6 messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY.
15.5 — File Sharing Services
15.5.1 — File Transfer Protocol (FTP)
Like HTTP, email, and addressing protocols, FTP is commonly used application layer protocol.
FTP was developed to allow for data transfers between a client and a server. An FTP client (TCP port 21) is an application which runs on a computer that is being used to push and pull data from an FTP server (TCP port 20).
The data transfer can happen in either direction. The client can download (pull) data from the server, or the client can upload (push) data to the server.
One of the weaknesses that FTP has is the timeout and limitation size.
15.5.2 — Server Message Block (SMB)
The Server Message Block (SMB) is a client/server file sharing protocol that describes the structure of shared network resources, such as directories, files, printers, and serial ports.
All SMB messages share a common format. This format uses a fixed-sized header, followed by a variable-sized parameter and data component.
Here are three functions of SMB messages:
- Start, authenticate, and terminate sessions.
- Control file and printer access.
- Allow an application to send or receive messages to or from another device.
The SMB file exchange process between Windows PCs is shown in the next figure.
The LINUX and UNIX operating systems also provide a method of sharing resources with Microsoft networks by using a version of SMB called SAMBA. The Apple Macintosh operating systems also support resource sharing by using the SMB protocol.
References:
