23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

UNIT IV
TRANSPORT LAYER AND APPLICATION LAYER
Transport layer: Introduction — Transport Layer Protocols — Services — Port Numbers —
User Datagram Protocol — Transmission Control Protocol: Connection Management – Flow Control
– Congestion Control – Congestion avoidance (DEC bit, RED) Application layer: WWW and HTTP
— FTP — Email –Telnet –SSH — DNS — SNMP.
4.1 TRANSPORT LAYER: INTRODUCTION

 The transport Layer is the second layer in the TCP/IP model and the fourth layer in the OSI
model.
 It is an end-to-end layer used to deliver messages to a host.
 It is termed an end-to-end layer because it provides a point-to-point connection rather than hop-
to-hop, between the source host and destination host to deliver the services reliably.
 The unit of data encapsulation in the Transport Layer is a segment.

Working of Transport Layer

 The transport layer takes services from the Application layer

 provides services to the Network layer.
 At the sender’s side: The transport layer receives data (message) from the Application layer and then
performs Segmentation, divides the actual message into segments, adds the source and destination’s
port numbers into the header of the segment, and transfers the message to the Network layer.
 At the receiver’s side: The transport layer receives data from the Network layer, reassembles the
segmented data, reads its header, identifies the port number, and forwards the message to the
appropriate port in the Application layer.

4.2 SERVICES OF A TRANSPORT LAYER

1. The Process to Process Delivery

2. End-to-End Connection between Hosts
3. Multiplexing and De-multiplexing
4. Congestion Control
5. Data integrity and Error correction
6. Flow control

1. The Process to Process Delivery

 While Data Link Layer requires the MAC address of source-destination hosts to correctly deliver a
frame
 and the Network layer requires the IP address for appropriate routing of packets, in a similar way
Transport Layer requires a Port number to correctly deliver the segments of data to the correct
process amongst the multiple processes running on a particular host.
 A port number is a 16-bit address used to identify any client-server program uniquely.

2. End-to-end Connection between Hosts

 The transport layer is also responsible for creating the end-to-end Connection between hosts for
which it mainly uses TCP and UDP.
 TCP is a secure, connection-orientated protocol that uses a handshake protocol to establish a robust
connection between two end hosts.
1
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 TCP ensures the reliable delivery of messages and is used in various applications. UDP, on the other
hand, is a stateless and unreliable protocol that ensures best-effort delivery.
 It is suitable for applications that have little concern with flow or error control and requires sending
the bulk of data like video conferencing.
 It is often used in multicasting protocols.

3. Multiplexing and De-multiplexing

 Multiplexing (many to one) is when data is acquired from several processes from the sender and
merged into one packet along with headers and sent as a single packet.
 Multiplexing allows the simultaneous use of different processes over a network that is running on a
host.
 The processes are differentiated by their port numbers.
 Similarly, Demultiplexing (one to many) is required at the receiver side when the message is
distributed into different processes.
 Transport receives the segments of data from the network layer distributes and delivers it to the
appropriate process running on the receiver’s machine.

4. Congestion Control

 Congestion is a situation in which too many sources over a network attempt to send data and the
router buffers start overflowing due to which loss of packets occurs.
 As a result, the retransmission of packets from the sources increases the congestion further.
 In this situation, the Transport layer provides Congestion Control in different ways.

2
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
 It uses open-loop congestion control to prevent congestion and closed-loop congestion control to
remove the congestion in a network once it occurred.
 TCP provides AIMD (Additive Increases Multiplicative Decrease) and leaky
bucket technique for congestion control.

5. Data integrity and Error Correction

The transport layer checks for errors in the messages coming from the application layer by using
error detection codes, and computing checksums, it checks whether the received data is not corrupted and
uses the ACK and NACK services to inform the sender if the data has arrived or not and checks for the
integrity of data.

6. Flow Control

The transport layer provides a flow control mechanism between the adjacent layers of the TCP/IP model.
TCP also prevents data loss due to a fast sender and slow receiver by imposing some flow control
techniques. It uses the method of sliding window protocol which is accomplished by the receiver by
sending a window back to the sender informing the size of data it can receive.

4.3 TRANSPORT LAYER PROTOCOLS [UDP, TCP, SCTP]

 The transport layer is represented majorly by TCP and UDP protocols.

 Today almost all operating systems support multiprocessing multi-user environments.
 This transport layer protocol provides connections to the individual ports.
 These ports are known as protocol ports.
 Transport layer protocols work above the IP protocols and deliver the data packets from IP
serves to destination port and from the originating port to destination IP services.
 Below are the protocols used at the transport layer.
1. UDP
 UDP stands for User Datagram Protocol.
 This provides a non-sequential transmission of data.
 It is a connectionless transport protocol.
 UDP protocol is used in applications where the speed and size of data transmitted is considered as
more important than the security and reliability.

 User Datagram is defined as a packet produced by User Datagram Protocol.

3
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
 UDP protocol adds checksum error control, transport level addresses, and information of length to
the data received from the layer above it.
 Services provided by User Datagram Protocol(UDP) are connectionless service, faster delivery of
messages, checksum, and process-to-process communication.

UDP Segment

 While the TCP header can range from 20 to 60 bytes, the UDP header is a fixed, basic 8 bytes.
 All required header information is contained in the first 8 bytes, with data making up the
remaining portion.
 Because UDP port number fields are 16 bits long, the range of possible port numbers is defined as
0 to 65535, with port 0 being reserved.
UDP Format

 Source Port: Source Port is a 2 Byte long field used to identify the port number of the source.
 Destination Port: This 2-byte element is used to specify the packet’s destination port.
 Length: The whole length of a UDP packet, including the data and header. The field has sixteen bits.
 Cheksum: The checksum field is two bytes long. The data is padded with zero octets at the end (if
needed) to create a multiple of two octets. It is the 16-bit one’s complement of the one’s complement
sum of the UDP header, the pseudo-header containing information from the IP header, and the data.

Advantages of UDP
4
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
 UDP also provides multicast and broadcast transmission of data.
 UDP protocol is preferred more for small transactions such as DNS lookup.
 It is a connectionless protocol, therefore there is no compulsion to have a connection-oriented
network.
 UDP provides fast delivery of messages.

Disadvantages of UDP
 In UDP protocol there is no guarantee that the packet is delivered.
 UDP protocol suffers from worse packet loss.
 UDP protocol has no congestion control mechanism.
 UDP protocol does not provide the sequential transmission of data.

2. TCP
 TCP stands for Transmission Control Protocol.
 TCP protocol provides transport layer services to applications.
 TCP protocol is a connection-oriented protocol.
 A secured connection is being established between the sender and the receiver.
 For a generation of a secured connection, a virtual circuit is generated between the sender and the
receiver.
 The data transmitted by TCP protocol is in the form of continuous byte streams.
 A unique sequence number is assigned to each byte. With the help of this unique number, a
positive acknowledgment is received from receipt.
 If the acknowledgment is not received within a specific period the data is retransmitted to the
specified destination.
TCP Segment
A TCP segment’s header may have 20–60 bytes. The options take about 40 bytes. A header
consists of 20 bytes by default, although it can contain up to 60 bytes.

5
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
TCP Format

 Source Port Address: The port address of the programme sending the data segment is stored in the
16-bit field known as the source port address.
 Destination Port Address: The port address of the application running on the host receiving the data
segment is stored in the destination port address, a 16-bit field.
 Sequence Number: The sequence number, or the byte number of the first byte sent in that specific
segment, is stored in a 32-bit field. At the receiving end, it is used to put the message back together
once it has been received out of sequence.
 Acknowledgement Number: The acknowledgement number, or the byte number that the recipient
anticipates receiving next, is stored in a 32-bit field called the acknowledgement number. It serves as
a confirmation that the earlier bytes were successfully received.
 Header Length (HLEN): This 4-bit field stores the number of 4-byte words in the TCP header,
indicating how long the header is. For example, if the header is 20 bytes (the minimum length of the
TCP header), this field will store 5 because 5 x 4 = 20, and if the header is 60 bytes (the maximum
length), it will store 15 because 15 x 4 = 60. As a result, this field’s value is always between 5 and 15.
 Control flags: These are six 1-bit control bits that regulate flow control, method of transfer,
connection abortion, termination, and establishment. They serve the following purposes:
o Urgent: This pointer is legitimate
o ACK: The acknowledgement number (used in cumulative acknowledgement cases) is
valid.
o PSH: Push request
o RST: Restart the link.
o SYN: Sequence number synchronisation
o FIN: Cut off the communication
o Window size: This parameter provides the sender TCP’s window size in bytes.
 Checksum: The checksum for error control is stored in this field. Unlike UDP, it is required for
TCP.

 Urgent pointer: This field is used to point to data that must urgently reach the receiving process as
soon as possible. It is only valid if the URG control flag is set. To obtain the byte number of the final
urgent byte, the value of this field is appended to the sequence number.
6
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

TCP STATE TRANSITION DIAGRAM

 To keep track of all the different events happening during connection establishment,
connection termination, and data transfer, TCP is specified as the finite state machine (FSM).
 The transition from one state to another is shown using directed lines.
 States involved in opening and closing a connection is shown above and below
ESTABLISHED state respectively.

 States Involved in TCP :

7
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

Advantages of TCP
 TCP supports multiple routing protocols.
 TCP protocol operates independently of that of the operating system.
 TCP protocol provides the features of error control and flow control.
 TCP provides a connection-oriented protocol and provides the delivery of data.

Disadvantages of TCP
 TCP protocol cannot be used for broadcast or multicast transmission.
 TCP protocol has no block boundaries.
 No clear separation is being offered by TCP protocol between its interface, services, and
protocols.
 In TCP/IP replacement of protocol is difficult.

3. SCTP

 SCTP stands for Stream Control Transmission Protocol.

 SCTP is a connection-oriented protocol.
 SCTP transmits the data from sender to receiver in full duplex mode.
 SCTP is a unicast protocol that provides with point to point-to-point connection and
uses different hosts for reaching the destination.
 SCTP protocol provides a simpler way to build a connection over a wireless network.
 SCTP protocol provides a reliable transmission of data.
 SCTP provides a reliable and easier telephone conversation over the internet.
 SCTP protocol supports the feature of multihoming ie. it can establish more than one
connection path between the two points of communication and does not depend on the IP
layer.
 SCTP protocol also ensures security by not allowing the half-open
connections.

Advantages of SCTP
 SCTP provides a full duplex connection. It can send and receive the data simultaneously.
 SCTP protocol possesses the properties of both TCP and UDP protocol.
 SCTP protocol does not depend on the IP layer.
 SCTP is a secure protocol.
Disadvantages of SCTP
 To handle multiple streams simultaneously the applications need to be modified

8
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
accordingly.
 The transport stack on the node needs to be changed for the SCTP protocol.
Modification is required in applications if SCTP is used instead of TCP or UDP protocol.

4.4 PORT NUMBER [TRANSPORT LAYER]

 A transport-layer protocol usually has several responsibilities.

 One is to create a process-to-process communication.
 Processes are programs that run on hosts. It could be either server or client.
 A process on the local host, called a client, needs services from a
process usually on the remote host, called a server.
 Processes are assigned a unique 16-bit port number on that host.
 Port numbers provide end-to-end addresses at the transport layer
 They also provide multiplexing and de multiplexing at this layer.
 The port numbers are integers between 0 and 65,535

ICANN (Internet Corporation for Assigned Names and Numbers) has divided the
port numbers into three ranges:
 Well-known ports
 Registered
 Ephemeral ports (Dynamic Ports)


WELL-KNOWN PORTS
 These are permanent port numbers used by the servers. Range between 0 to 1023.
 This port number cannot be chosen randomly.
 These port numbers are universal port numbers for servers.
9
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
 Every client process knows the well-known port number of the
corresponding server process.
 For example, while the daytime client process, a well-known client
program, can use an ephemeral (temporary) port number, 52,000, to
identify itself, the daytime server process must use the well-known
(permanent) port number 13.

EPHEMERAL PORTS (DYNAMIC PORTS)

 The client program defines itself with a port number, called the ephemeral port
number.
 The word ephemeral means “short-lived” and is used because the life of a client is
normally short.
 An ephemeral port number is recommended to be greater than 1023.
 These port number ranges from 49,152 to 65,535 .
 They are neither controlled nor registered. They can be used as temporary or
private port numbers.
REGISTERED PORTS: The ports ranging from 1024 to 49,151 are not assigned or controlled

4.5 CONNECTION MANAGEMENT

Connection management refers to establishing, maintaining, and terminating network
connections between devices or systems to enable reliable data transfer. In protocols like
TCP, it manages logical associations using a three-way handshake for connection
establishment, ensuring synchronization of sequence numbers. It handles flow control via
sliding windows, error correction through checksums and acknowledgments, and congestion
control.

10
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

Connection management process include:

 Connection Establishment: The process begins with initiating a request from one party
(client) to another (server). This typically involve protocols such as TCP (Transmission
Control Protocol) or UDP (User Datagram Protocol) for establishing connections between
hosts in a network, or protocols like HTTP (Hypertext Transfer Protocol) for establishing
communication between clients and servers in web applications.
 Handshake: Once the connection request is received, the server validates the request and
responds with a handshake message to acknowledge and establish the connection. During
the handshake, both parties may exchange additional information required for secure
communication, such as cryptographic keys.
 Data Transfer: With the connection established, data can be transmitted between the client
and server. This may involve multiple rounds of data exchange, depending on the
communication protocol and application requirements.
 Data Transmission Monitoring: Throughout the lifespan of the connection, both parties
monitor its status to ensure continued reliability and performance. This may involve periodic
checks, heartbeats, or other mechanisms to detect and handle failures or timeouts.
 Connection Termination: when the data exchange is complete or either party wishes to end
the connection, a termination sequence is initiated. This involves sending a termination
request or notification, followed by the ACK: acknowledgment of closure.
 Resource Management: efficient allocation and utilization of resources, such as network
bandwidth, memory, and processing power, to support multiple concurrent connections
without compromising performance or stability.
 Error Handling and Recovery: communication protocols and networking software
implement error detection, correction, and recovery mechanisms to handle various issues
that may arise during connection establishment or data transfer, such as packet loss, network
congestion, or hardware failures.

Connection management in the transport layer:

Connection management in the transport layer is a critical function that ensures reliable data
transfer between devices over a network. This process includes establishing, maintaining, and
terminating data transfers, primarily handled by the Transmission Control Protocol (TCP).

11
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

1. Connection Establishment
Three-Way Handshake: The process of establishing a connection in TCP and other communication
protocols involves a three-way handshake:
1. SYN (Synchronize) The client sends a SYN packet to the server to initiate a connection. This packet
includes an initial sequence number (ISN) chosen by the client.
2. SYN-ACK (Synchronize-Acknowledge) The server responds with a SYN-ACK packet. The SYN part
contains the server's initial sequence number. The ACK part acknowledges the client's SYN packet by
incrementing the client's ISN by one.
3. ACK (Acknowledge) The client sends an ACK packet back to the server. This acknowledges the
server's SYN-ACK by incrementing the server's ISN by one.
After the three-way handshake, a connection is established, and data transfer can begin.

2. Data Transfer Procedures

Sequencing TCP assigns sequence numbers to each byte of data to ensure correct order delivery.
Acknowledgments (ACKs) The receiver acknowledges received data by sending ACKs back to the
sender.
Flow Control TCP uses a sliding window protocol to manage the amount of data that can be sent before
receiving an acknowledgment.
Error Detection and Retransmission If a segment is lost or corrupted, the sender retransmits the data
after a timeout or upon receiving duplicate ACKs.
Congestion Control TCP implements algorithms like Slow Start, Congestion Avoidance, Fast
Retransmit, and Fast Recovery to manage network congestion and optimize throughput.

3. Connection Termination
Four-Way Handshake: The process of terminating a TCP connection involves a four-way handshake:
1. FIN (Finish) The client or server sends a FIN packet to terminate its side of the connection.
2. ACK (Acknowledge) The receiving end acknowledges the FIN packet with an ACK packet.
3. FIN (Finish) The receiver sends a FIN packet to close its side of the connection.
4. ACK (Acknowledge) The initiator of the termination acknowledges the receiver's FIN packet with an
ACK.
After these steps, the connection is fully terminated.

4. Resetting Connections
RST (Reset Command): A TCP connection can be reset using the RST packet, which immediately
terminates the connection. This is typically used to handle errors or when one side wants to abort the
connection abruptly.

12
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

4.6 FLOW CONTROL

4.7 APPLICATION LAYER - WWW

 WWW is a distributed client/server service, in which a client (Browsers such as IE,
Firefox, etc.) can access services at a server (Web server such as IIS, Apache).
 The service provided is distributed over many locations called sites.
 Functional Diagram

 This system allows document search and retrieval from any part of the Internet.
 The documents were having Hypertext as the content
 The units of information on the web can be referred to as pages, documents or resources.
 A document can contain text, images, sound and video, together called Hypermedia.
 Web is a vast collection of data, information, software and protocols, spread
across the world in web servers, which are accessed by client machines by
browsers through the Internet.
COMPONENTS OF THE WEB

Structural Semantic Components

Components
1. Hyper Text Transfer Protocol (HTTP)
1. Web 2. Hyper Text Markup Language (HTML)
Clients/Browsers 3. eXtensible Markup Language (XML)
2. Web Servers 4. Uniform Resource Identifier (URI)
3. Web Caches
4. Internet

13
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 Clients use browser application to send URL’s via HTTP to servers requesting
a Web page.
 Web pages constructed using HTML /XML and consist of text, graphics,
sounds plus embedded files
 Servers (or caches) respond with requested Web page.
 Client’s browser renders Web page returned by server
 Web Page is written using Hyper Text Markup Language (HTML)
 Displays text, graphics and sound in browser
 The entire system runs over standard networking protocols (TCP/IP, DNS)
WEB CLIENTS (BROWSERS)
 A browser is a software on the client on the web which initiates the
communication with the server.
 Each browser usually consists of three parts: a controller, client protocols, and
interpreters.
 The controller receives input from the keyboard or the mouse and uses the
client programs to access the document. After the document has been accessed,
the controller uses one of the interpreters to display the document on the screen.
 Examples are Internet Explorer, Mozilla FireFox, Netscape Navigator, Safari
etc.

WEB SERVERS
 All the communication between the web client and a web server use the
standard protocol called as HTTP.
 Web server informs its operating system to accept incoming network
connections using a specific port on the machine.
 The server also runs as a background process.
 A client (browser) opens a connection to the server, sends a request, receives
information from server and closes the connection.
 Web server monitors a communications port on its host machine, accepts the
http commands through it and performs specified operations.
 HTTP commands include a URL specifying the host machine.
 The URL received is translated into either a filename or a program name,
accordingly the requested file or the output of the program execution is sent
back to the browser.
PROXY SERVER
 A Proxy server is a computer that keeps copies of responses to recent requests.
 The web client sends a request to the proxy server.
 The proxy server checks its cache.
 If the response is not stored in the cache, the proxy server sends the request to
the corresponding server.

14
23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 Incoming responses are sent to the proxy server and stored for future requests
from other clients.
 The proxy server reduces the load on the original server, decreases traffic, and
improves latency.

URL - UNIFORM RESOURCE LOCATOR

 Uniform Resource Locator (URL), uniquely identify resources on the Internet

 Format : http://www.domain_name/filename
 Example : http://www.cs.hello.org/index.html

 The URL defines four parts - Method, Host computer, Port, and Path.
o Method: The method is the protocol used to retrieve the document from a
server. For example, HTTP.
o Host: The host is the computer where the information is stored, and the
computer is given an alias name. Web pages are mainly stored in the computers
and the computers are given an alias name that begins with the characters
"www". This field is not mandatory.
o Port: The URL can also contain the port number of the server, but it's an
optional field. If the port number is included, then it must come between the
host and path and it should be separated from the host by a colon.
o Path: Path is the pathname of the file where the information is stored. The path
itself contain slashes that separate the directories from the subdirectories and
files.

WEB DOCUMENTS

The documents in the WWW can be grouped into three broad

categories: Static, Dynamic and Active.

Static Documents
 Static documents are fixed-content documents that are created and stored in a
server.

15
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 The client can get a copy of the document only.

 In other words, the contents of the file are determined when the file is created,
not when it is used.
 Of course, the contents in the server can be changed, but the user cannot
change them.
 When a client accesses the document, a copy of the document is sent.
 The user can then use a browser to see the document.
 Static documents are prepared using one of several languages:
1. HyperText Markup Language (HTML)
2. Extensible Markup Language (XML)
3. Extensible Style Language (XSL)
4. Extensible Hypertext Markup Language (XHTML)

4.8 HTTP (HYPERTEXT TRANSFER PROTOCOL)

 The HyperText Transfer Protocol (HTTP) is used to define how the client- server
programs can be written to retrieve web pages from the Web.
 It is a protocol used to access the data on the World Wide Web (WWW).
 The HTTP protocol can be used to transfer the data in the form of plain text,
hypertext, audio, video, and so on.
 HTTP is a stateless request/response protocol that governs client/server
communication.
 HTTP is a text-oriented protocol. It contains embedded URL known as links.
 Each HTTP message has the general form
START_LINE <CRLF> MESSAGE_HEADER
<CRLF>
<CRLF> MESSAGE_BODY <CRLF>
where <CRLF> stands for carriage-return-line-feed.

HTTP REQUEST AND RESPONSE MESSAGES

 The HTTP protocol defines the format of the request and response messages.

Request Message: The request message is sent by the client that consists of a request line, headers, and
sometimes a body.
Response Message: The response message is sent by the server to the client that consists of a status line,
headers, and sometimes a body.
HTTP REQUEST MESSAGE

16
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 The first line in a request message is called a request line.

 After the request line, we can have zero or more request header lines.
 The body is an optional one. It contains the comment to be sent or the file to be
published on the website when the method is PUT or POST.
 Some of the Method types are

HTTP RESPONSE MESSAGE

 The first line in a request message is called a status line.

 After the request line, we can have zero or more response header lines.
 The body is an optional one. The body is present unless the response is an error
message

HTTP CONNECTIONS

NON-PERSISTENT CONNECTIONS
 In a non-persistent connection, one
TCP connection is made for each
request/response.
 Only one object can be sent over a
single TCP connection
 The client opens a TCP connection
and sends a request.
 The server sends the response and
closes the connection.
 The client reads the data until it
encounters an end-of-file marker.
 It then closes the connection.

PERSISTENT CONNECTIONS
 HTTP version 1.1 specifies a persistent connection
by default.
 Multiple objects can be sent over a single TCP
connection.
 In a persistent connection, the server leaves the
connection open for more requests after sending a
response. 17
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 The server can close the connection at the request of a client or if a time-out has been
reached.
 Time and resources are saved using persistent connections. Only one set of buffers
and variables needs to be set for the connection at each site.
 The round trip time for connection establishment and connection termination is
saved.

Types of Cookies
1.Authentication cookies
These are the most common method used by web servers to know whether the user is
logged in or not, and which account they are logged in with. Without such a
mechanism, the site would not know whether to send a page containing sensitive
information, or require the user to authenticate themselves by logging in.

2.Tracking cookies
These are commonly used as ways to compile individuals browsing histories.
3.Session cookie
A session cookie exists only in temporary memory while the user navigates the website.
Web browsers normally delete session cookies when the user closes the browser.
4.Persistent cookie
Instead of expiring when the web browser is closed as session cookies do, a persistent
cookie expires at a specific date or after a specific length of time. This means that, for
the cookie's entire lifespan , its information will be transmitted to the server every time
the user visits the website that it belongs to, or every time the user views a resource
belonging to that website from another website.

HTTP SECURITY

 HTTP does not provide security.

 However HTTP can be run over the Secure Socket Layer (SSL).
 In this case, HTTP is referred to as HTTPS.
 HTTPS provides confidentiality, client and server authentication, and
data integrity.

4.9 Application Layer: File Transfer Protocol (FTP)

 File Transfer Protocol is said to be one of the earliest and also the most common forms of transferring
files on the internet.
 Located in the application layer of the OSI model, FTP is a basic system that helps in transferring
files between a client and a server.
 It is what makes the FTP unique that the system provides a reliable and efficient means of
transferring files from one system to another even if they have different file structures and operating
systems.

What is File Transfer Protocol?

FTP is a standard communication protocol.

 There are various other protocols like HTTP which are used to transfer files between computers, but
they lack clarity and focus as compared to FTP.
 Moreover, the systems involved in connection are heterogeneous, i.e. they differ in operating
18
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
systems, directories, structures, character sets, etc the FTP shields the user from these differences and
transfers data efficiently and reliably.

 FTP can transfer ASCII, EBCDIC, or image files.

 The ASCII is the default file share format, in this, each character is encoded by NVT ASCII.
 In ASCII or EBCDIC the destination must be ready to accept files in this mode.
 The image file format is the default format for transforming binary files.

Types of FTP

There are different ways through which a server and a client do a file transfer using FTP. Some
of them are mentioned below:

 Anonymous FTP: Anonymous FTP is enabled on some sites whose files are available for public
access. A user can access these files without having any username or password. Instead, the username
is set to anonymous, and the password is to the guest by default. Here, user access is very limited. For
example, the user can be allowed to copy the files but not to navigate through directories.

 Password Protected FTP: This type of FTP is similar to the previous one, but the change in it is
the use of username and password.

 FTP Secure (FTPS): It is also called as FTP Secure Sockets Layer (FTP SSL). It is a more secure
version of FTP data transfer. Whenever FTP connection is established, Transport Layer Security
(TLS) is enabled.
 FTP over Explicit SSL/TLS (FTPES): FTPES helps by upgrading FTP Connection from port 21
to an encrypted connection.

 Secure FTP (SFTP): SFTP is not a FTP Protocol, but it is a subset of Secure Shell Protocol, as it
works on port 22.

Advantages of FTP

FTP is especially useful for:

 Transferring Large Files: FTP can transfer large files in one shot; thus applicable when hosting
websites, backing up servers, or sharing files in large quantities.
 Remote File Management: Files on a remote server can be uploaded, downloaded, deleted,
renamed, and copied according to the users’ choices.
 Automating File Transfers: FTP is a great protocol for the execution of file transfers on
predefined scripts and employments.
 Accessing Public Files: Anonymous FTP means that everybody irrespective of the identity is
allowed to download some files with no permissions needed.
 Connect to the FTP Server: One can connect to the server using the address, username and
password through an FTP client or a command line interface. Anonymous Information may not
19
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
need a username and password.

 Navigate Directories: Some commands include ls that is used to list directories and cd that is used
to change directories.
 Transfer Files: File transfer may be done by using the commands such as get for downloading
files, and put for uploading files.
 Manage Files: Make operations like deletion (Delete), renaming (Rename) as well as copying
(Copy) of files.
 Close the Connection: Once file transfer has been accomplished, terminate the connection by
giving the bye or quit command.

FTP Working principle

FTP is a client server protocol that has two communication channel, command channel
for conversation control and data channel for file content. Here are steps mentioned in which FTP works:
 A user has to log in to FTP Server first, there may be some servers where you can access to content
without login, known as anonymous FTP.
 Client can start a conversation with server, upon requesting to download a file.
 The user can start different functions like upload, delete, rename, copy files, etc. on server.
 FTP can work on different modes like Active and Passive modes

Types of Connection in FTP

 Control Connection
 Data Connection

Control Connection
For sending control information like user identification, password, commands to change the
remote directory, commands to retrieve and store files, etc., FTP makes use of a control connection. The
control connection is initiated on port number 21.
20
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

Data connection
For sending the actual file, FTP makes use of a data connection. A data connection is initiated on
port number 20.
FTP sends the control information out-of-band as it uses a separate control connection. Some
protocols send their request and response header lines and the data in the same TCP connection. For this
reason, they are said to send their control information in-band. HTTP and SMTP are such examples.

FTP Data Types

The data type of a file, which determines how the file is represented overall, is the first piece of
information that can be provided about it. The FTP standard specifies the following four categories of
data:
 ASCII: Describes an ASCII text file in which each line is indicated by the previously mentioned
type of end-of-line marker.
 EBCDIC: For files that use IBM’s EBCDIC character set, this type is conceptually identical to
ASCII.
 Image: This is the “black box” mode I described earlier; the file has no formal internal structure
and is transferred one byte at a time without any processing.
 Local: Files containing data in logical bytes with a bit count other than eight can be handled by this
data type.

FTP Replies
Some of the FTP replies are:
 200 – Command okay.
 530 – Not logged in.
 331 – User name okay, need a password.
 221 – Service closing control connection.
 551 – Requested action aborted: page type unknown.
 502 – Command not implemented.
 503 – Bad sequence of commands.
 504 – Command not implemented for that parameter.

Change the FTP Port Numbers

To change the default FTP port numbers, follow these steps:

 Access Server Configuration: Connect the control panel of your FTP server well as the FTP
server configuration file used.
 Modify the Port Number: Find out the possible port settings from the configuration file. Alter the
control port, default port is 21 and that of the data is 20.
 Restart the FTP Service: Finally, once you have saved your changes you need to stop and restart
the FTP service so that the new port settings can be implemented.
 Update Client Settings: Make certain that all the FTP clients that connect with the server are
notified of the new port numbers.

Advantages of FTP
 File sharing also comes in the category of advantages of FTP in this between two machines files
can be shared on the network.
 Speed is one of the main benefits of FTP.
 Since we don’t have to finish every operation to obtain the entire file, it is more efficient.
 Using the username and password, we must log in to the FTP server. As a result, FTP might be
considered more secure.

21
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
 We can move the files back and forth via FTP. Let’s say you are the firm manager and you provide
information to every employee, and they all reply on the same server.

Disadvantages of FTP
 File size limit is the drawback of FTP only 2 GB size files can be transferred.
 More then one receivers are not supported by FTP.

4.10 Application Layer: EMAIL (Email Protocols: 1 SMTP,

2 MIME, 3 IMAP, 4 POP)

 One of the most popular Internet services is electronic mail (E-mail).

 Email is one of the oldest network applications.
 The three main components of an Email are
1. User Agent (UA)
2. Messsage Transfer Agent (MTA) – SMTP
3. Messsage Access Agent (MAA) - IMAP , POP

 When the sender and the receiver of an e-mail are on the same system, we need
only two User Agents and no Message Transfer Agent
 When the sender and the receiver of an e-mail are on different system, we need
two UA, two pairs of MTA (client and server), and two MAA (client and
server).

WORKING OF EMAIL

22
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 When Alice needs to send a message to Bob, she runs a UA program to prepare the
message and send it to her mail server.
 The mail server at her site uses a queue (spool) to store messages waiting to be sent.
The message, however, needs to be sent through the Internet from Alice’s site to Bob’s
site using an MTA.
 Here two message transfer agents are needed: one client and one server.
 The server needs to run all the time because it does not know when a client will ask
for a connection.
 The client can be triggered by the system when there is a message in the queue to be
sent.
 The user agent at the Bob site allows Bob to read the received message.
 Bob later uses an MAA client to retrieve the message from an MAA server
running on the second server.
ADDRESS FORMAT OF EMAIL
 E-mail address is userid @ domain where domain is hostname of the
mail server.

MESSAGE FORMAT OF EMAIL

 Email message consists of two parts namely header and body.
 Each header line contains type and value separated by a colon (:).
 Some header contents are:
o From: identifier sender of the message.
o To: mail address of the recipient(s).
o Subject: says about purpose of the message.
o Date: timestamp of when the message was transmitted.
 Header is separated from the body by a blank line.
 Body contains the actual message.

 Email was extended in 1993 to carry many different types of data: audio,
video, images, Word documents, and so on.
23
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

This extended version is known as MIME(Multipurpose Mail Extension).

Email Protocols

1) SIMPLE MAIL TRANSFER PROTOCOL (SMTP)

 SMTP is the standard protocol for transferring mail between hosts in the TCP/IP
protocol suite.
 SMTP is not concerned with the format or content of messages themselves.
 SMTP uses information written on the envelope of the mail (message header), but
does not look at the contents (message body) of the envelope.

 SMTP clients and servers have two main components

o User Agents(UA) – Prepares the message, encloses it in an envelope.
o Mail Transfer Agent (MTA) – Transfers the mail across the internet

SMTP OPERATIONS

Basic SMTP operation occurs in three phases:

1. Connection Setup
2. Mail Transfer
3. Connection Termination

24
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

1 Connection Setup
 An SMTP sender will attempt to set up a TCP connection with a target host
when it has one or more mail messages to deliver to that host.
 The sequence is quite simple:
1. The sender opens a TCP connection with the receiver.
2. Once the connection is established, the receiver identifies itself
with "Service Ready”.
3. The sender identifies itself with the HELO command.
4. The receiver accepts the sender's identification with "OK".
5. If the mail service on the destination is unavailable, the destination
host returns a "Service Not Available" reply in step 2, and the process
is terminated.

2 Mail Transfer
 Once a connection has been established, the SMTP sender may send one or
more messages to the SMTP receiver.
 There are three logical phases to the transfer of a message:
1. A MAIL command identifies the originator of the message.
2. One or more RCPT commands identify the recipients for
this message.
3. A DATA command transfers the message text.
3 Connection Termination
 The SMTP sender closes the connection in two steps.
 First, the sender sends a QUIT command and waits for a reply.
 The second step is to initiate a TCP close operation for the TCP connection.
 The receiver initiates its TCP close after sending its reply to the QUIT
command.

25
23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

2) MIME [Multipurpose Internet Mail Extension] – Email Protocol

 SMTP provides a basic email service, while MIME adds multimedia

capability to SMTP.
 MIME is an extension to SMTP and is used to overcome the problems and
limitations of SMTP.
 Email system was designed to send messages only in ASCII format.
 Languages such as French, Chinese, etc., are not supported.
 Image, audio and video files cannot be sent.
 MIME adds the following features to email service:
Be able to send multiple attachments with a single message;
Unlimited message length;
Use of character sets other than ASCII code;
Use of rich text (layouts, fonts, colors, etc)
Binary attachments (executables, images, audio or video files, etc.),
which may be divided if needed.
 MIME is a protocol that converts non-ASCII data to 7-bit NVT(Network
Virtual Terminal) ASCII and vice-versa.

26
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
There are seven different major types of content and a total of 14 subtypes.

27
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

MESSAGE TRANSFER IN MIME

 MTA is a mail daemon (sendmail) active on hosts having mailbox, used to send an email.
 Mail passes through a sequence of gateways before it reaches the recipient mail server.
 Each gateway stores and forwards the mail using Simple mail transfer protocol (SMTP).
 SMTP defines communication between MTAs over TCP on port 25.
 In an SMTP session, sending MTA is client and receiver is server. In each exchange:
 Client posts a command (HELO, MAIL, RCPT, DATA, QUIT, VRFY, etc.)
 Server responds with a code (250, 550, 354, 221, 251 etc) and an explanation.
 Client is identified using HELO command and verified by the server
 Client forwards message to server, if server is willing to accept.
 Message is terminated by a line with only single period (.) in it.
 Eventually client terminates the connection.

3. IMAP (Internet Mail Access Protocol): Email Protocol

 IMAP is an Application Layer Internet protocol that allows an e-mail client to access
e-mail on a remote mail server.
 It is a method of accessing electronic mail messages that are kept on a possibly shared
mail server.

28
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 IMAP allows multiple clients simultaneously connected to the same mailbox, and
through flags stored on the server, different clients accessing the same mailbox at the
same or different times can detect state changes made by other clients.
 In other words, it permits a "client" email program to access remote message stores as if
they were local.
 For example, email stored on an IMAP server can be manipulated from a desktop
computer at home, a workstation at the office, and a notebook computer while travelling,
without the need to transfer messages or files back and forth between these computers.
 IMAP can support email serving in three modes:
Offline
Online
Users may connect to the server, look at what email is available, and access it
online. This looks to the user very much like having local spool files, but they’re
on the mail server.
 Disconnected operation
A mail client connects to the server, can make a “cache” copy of selected
messages, and disconnects from the server. The user can then work on the
messages offline, and connect to the server later and resynchronize the server
status with the cache.
OPERATION OF IMAP

29
23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

30
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
ADVANTAGES OF IMAP
 With IMAP, the primary storage is on the server, not on the local machine.
 Email being put away for storage can be foldered on local disk, or can be
foldered on the IMAP server.
 The protocol allows full user of remote folders, including a remote
folder hierarchy and multiple inboxes.
 It keeps track of explicit status of messages, and allows for user-defined status.
 Supports new mail notification explicitly.
 Extensible for non-email data, like netnews, document storage, etc.
 Selective fetching of individual MIME body parts.
 Server-based search to minimize data transfer.
 Servers may have extensions that can be negotiated.

4) Post Office Protocol (POP3): Email Protocol

 Post Office Protocol (POP3) is an application-layer Internet standard protocol

used by local e-mail clients to retrieve e-mail from a remote server over a
TCP/IP connection.
 There are two versions of POP.
• The first, called POP2, became a standard in the mid-80's and requires
SMTP to send messages.
• The current version, POP3, can be used with or without SMTP. POP3
uses TCP/IP port 110.

 POP is a much simpler protocol, making implementation easier.

 POP supports offline access to the messages, thus requires less internet usage
time
 POP does not allow search facility.
 In order to access the messages, it is necessary to download them.
 It allows only one mailbox to be created on server.
 It is not suitable for accessing non mail data.
 POP mail moves the message from the email server onto the local computer,
although there is usually an option to leave the messages on the email server as well.
31
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 POP treats the mailbox as one store, and has no concept of folders.
 POP works in two modes namely, delete and keep mode.
 In delete mode, mail is deleted from the mailbox after retrieval. The delete
mode is normally used when the user is working at their permanent
computer and can save and organize the received mail after reading or
replying.
 In keep mode, mail after reading is kept in mailbox for later retrieval. The
keep mode is normally used when the user accesses her mail away from
their primary computer.
 POP3 client is installed on the recipient computer and POP server on the mail
server.
 Client opens a connection to the server using TCP on port 110.
 Client sends username and password to access mailbox and to retrieve
messages.

POP3 Commands
POP commands are generally abbreviated into codes of three or four letters
The following describes some of the POP commands:
1. UID - This command opens the connection
2. STAT - It is used to display number of messages currently in the mailbox
3. LIST - It is used to get the summary of messages
4. RETR -This command helps to select a mailbox to access the messages
5. DELE - It is used to delete a message
6. RSET - It is used to reset the session to its initial state
7. QUIT - It is used to log off the session

32
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

DIFFERENCE BETWEEN POP AND IMAP

SNo. POP IMAP

1 Generally used to support single Designed to handle multiple clients.

client.
2 Messages are accessed offline. Messages are accessed online although it
also supports offline mode.
3 POP does not allow search facility. IMAP offers ability to search emails.
4 All the messages have to be It allows selective transfer of messages to the
downloaded. client.
5 Only one mailbox can be created on the Multiple mailboxes can be created on the
server. server.
6 Not suitable for accessing non-mail Suitable for accessing non-mail data i.e.
data. attachment.
POP commands are generally IMAP commands are not abbreviated,
7 abbreviated into codes of three or four they are full. Eg. STATUS.
letters. Eg. STAT.

8 It requires minimum use of server Clients are totally dependent on server.

resources.
9 Mails once downloaded cannot be Allows mails to be accessed from
accessed from some other location. multiple locations.
10 The e-mails are not downloaded Users can view the headings and sender of e-
automatically. mails and then decide to download.
11 POP requires less internet usage time. IMAP requires more internet usage time.

4.11Application Layer: TELNET

 TELNET is the original remote logging protocol, based on client-server

program.
 Telnet provides a connection to the remote computer in such a way that a local
terminal appears to be at the remote side.
 TELNET allows us to explain the issues and challenges related to the concept
of remote logging.
 Network administrators often use TELNET for diagnostic and debugging
purposes.
 TELNET requires a logging name and password.
 It is vulnerable to hacking because it sends all data including the password in
plaintext (not encrypted).
 A hacker can eavesdrop and obtain the logging name and password.Because of
this security issue, the use of TELNET has diminished.

33
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

TYPES OF TELNET LOGGING

There are two types of TELNET logging:
Local Logging and Remote Logging

Local Login

 When a user logs into a local system, it is called local logging.

 As a user types at a terminal or at a workstation running a terminal emulator,
the keystrokes are accepted by the terminal driver.
 The terminal driver passes the characters to the operating system.
 The operating system, in turn, interprets the combination of characters and
invokes the desired application program or utility.

Remote Logging

 When a user wants to access an application program or utility located on a

remote machine, they perform remote logging.
 Remote Logging uses TELNET client and TELENT server programs.
 The user sends the keystrokes to the terminal driver where the local operating
system accepts the characters but does not interpret them.
 The characters are sent to the TELNET client, which transforms the characters
into a universal character set called Network Virtual Terminal (NVT) characters
and delivers them to the local TCP/IP stack.
 The commands or text, in NVT form, travel through the Internet and arrive at
the TCP/IP stack at the remote machine.
 The characters are delivered to the operating system and passed to the TELNET
server, which changes the characters to the corresponding characters
understandable by the remote computer.

34
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 The characters cannot be passed directly to the operating system because the
remote operating system is not designed to receive characters from a TELNET
server; it is designed to receive characters from a terminal driver.
 A piece of software called pseudoterminal driver, is added to this,which
pretends that the characters are coming from a terminal.
 The operating system then passes the characters to the appropriate application
program.

TELENT OPTIONS
 TELNET lets the client and server negotiate options before or during the use of
the service.
 Options are extra features available to a user with a more sophisticated
terminal.
 Users with simpler terminals can use default features.

TELENT COMMANDS

TELNET uses NVT

NETWORK VIRTUAL TERMINAL (NVT)

 The mechanism to access a remote computer is complex.
 We are dealing with heterogeneous systems.
 This is because every computer and its operating system accepts a special
combination of characters as tokens.
 For example, the end-of-file token in a computer running the DOS operating
system is Ctrl+z, while the UNIX operating system recognizes Ctrl+d.
 If we want to access any remote computer in the world, we must first know
what type of computer we will be connected to, and we must also install the
specific terminal emulator used by that computer.
 TELNET solves this problem by defining a universal interface called the
Network Virtual Terminal (NVT) character set.
 Via this interface, the client TELNET translates characters (data or commands)
that come from the local terminal into NVT form and delivers them to the
network.
 The server TELNET, on the other hand, translates data and commands from
NVT form into the form acceptable by the remote computer.

35
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
NVT Character Format
 NVT uses two sets of characters, one for data and one for control.
 For data, NVT normally uses what is called NVT ASCII. This is an 8-bit
character set in which the seven lowest order bits are the same as ASCII and the
highest order bit is 0.
 To send control characters between computers , NVT uses an 8-bit character set
in which the highest order bit is set to 1.

4.12 Application Layer SSH (Secure Shell)

 Secure Shell (SSH) is a secure application program that can be used today for
several purposes such as remote logging and file transfer, it was originally
designed to replace TELNET.
 There are two versions of SSH: SSH-1 and SSH-2, which are totally
incompatible. The first version, SSH-1, is now deprecated because of security
flaws in it.

SSH COMPONENTS

SSH is an application-layer protocol with three components:

1. SSH Transport-Layer Protocol (SSH-TRANS)
2. SSH Authentication Protocol (SSH-AUTH)
3. SSH Connection Protocol (SSH-CONN)

SSH Transport-Layer Protocol (SSH-TRANS)

 SSH first uses a protocol that creates a secured channel on top of the TCP.
 This new layer is an independent protocol referred to as SSH-TRANS.
 When the procedure implementing this protocol is called, the client and server
first use the TCP protocol to establish an insecure connection.
 Then they exchange several security parameters to establish a secure channel
on top of the TCP.

36
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

Services provided by this protocol:

1. Privacy or confidentiality of the message exchanged
2. Data integrity, which means that it is guaranteed that the messages
exchanged between the client and server are not changed by an
intruder
3. Server authentication, which means that the client is now sure that the
server is the one that it claims to be
4. Compression of the messages, which improves the efficiency of the
system and makes attack more difficult

SSH Authentication Protocol (SSH-AUTH)

 After a secure channel is established between the client and the server and the
server is authenticated for the client.
 SSH can call another procedure that can authenticate the client for the server.
 This layer defines a number of authentication tools similar to the ones used in
SSL.
 Authentication starts with the client, which sends a request message to the server.
 The request includes the user name, server name, the method of authentication,
and the required data.
 The server responds with either a success message, which confirms that the
client is authenticated, or a failed message, which means that the process needs
to be repeated with a new request message.

SSH Connection Protocol (SSH-CONN)

 After the secured channel is established and both server and client are
authenticated for each other, SSH can call a piece of software that implements
the third protocol, SSHCONN.
 One of the services provided by the SSH-CONN protocol is multiplexing.
 SSH-CONN takes the secure channel established by the two previous protocols
and lets the client create multiple logical channels over it.
 Each channel can be used for a different purpose, such as remote logging, file
transfer, and so on.

SSH APPLICATIONS

SSH is a general-purpose protocol that provides a secure connection between a client and
server.

SSH for Remote Logging

 Several free and commercial applications use SSH for remote logging.
 Among them, we can mention PuTTy, by Simon Tatham, which is a client SSH
program that can be used for remote logging.
 Another application program is Tectia, which can be used on several platforms.

SSH for File Transfer

 One of the application programs that is built on top of SSH for file transfer is the Secure
File Transfer Program (sftp).
 The sftp application program uses one of the channels provided by the SSH to transfer
files.
37
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 Another common application is called Secure Copy (scp).

 This application uses the same format as the UNIX copy command, cp, to copy
files.
Port Forwarding
 One of the interesting services provided by the SSH protocol is port
forwarding.
 We can use the secured channels available in SSH to access an application
program that does not provide security services.
 Applications such as TELNET and Simple Mail Transfer Protocol (SMTP),can
use the services of the SSH port forwarding mechanism.
 The SSH port forwarding mechanism creates a tunnel through which the
messages belonging to other protocols can travel.
 For this reason, this mechanism is sometimes referred to as SSH tunneling.

SSH PACKET FORMAT

 The length field defines the length of the packet but does not include the
padding.
 The Padding field is added to the packet to make the attack on the security
provision more difficult.
 The type field designates the type of the packet used in different SSH
protocols.
 The data field is the data transferred by the packet in different protocols.
 The CRC field is used for error detection.

SECURING FTP APPLICATIONS USING SSH

 The FTP client can use the SSH client on the local site to make a secure
connection
 with the SSH server on the remote site.
 Any request from the FTP client to the FTP server is carried through the tunnel
provided by the SSH client and server.
 Any response from the FTP server to the FTP client is also carried through the
tunnel provided by the SSH client and server.

38
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

4.13 Application Layer: DNS (Domain Name System)

 Domain Name System was designed in 1984.

 DNS is used for name-to-address mapping.
 The DNS provides the protocol which allows clients and servers to
communicate with each other.
 Eg: Host name like www.yahoo.com is translated into numerical IP addresses
like 207.174.77.131
 Domain Name System (DNS) is a distributed database used by TCP/IP
applications to map between hostnames and IP addresses and to provide
electronic mail routing information.
 Each site maintains its own database of information and runs a server program
that other systems across the Internet can query.

WORKING OF DNS

The following six steps shows the working of a DNS. It maps the host name to an IP
address:
1. The user passes the host name to the file transfer client.
2. The file transfer client passes the host name to the DNS client.
3. Each computer, after being booted, knows the address of one DNS server. The
DNS client sends a message to a DNS server with a query that gives the file
transfer server name using the known IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer server.
5. The DNS server passes the IP address to the file transfer client.
6. The file transfer client now uses the received IP address to access the file
transfer server.

NAME SPACE
 The names must be unique because the addresses are unique.
 A name space that maps each address to a unique name can be organized in two
ways: flat (or) hierarchical.

39
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

Flat Name Space

 In a flat name space, a name is assigned to an address.
 A name in this space is a sequence of characters without structure.
 The main disadvantage of a flat name space is that it cannot be used in
a large system such as Internet because it must be centrally controlled to
avoid ambiguity and duplication.

Hierarchical Name Space

 In a hierarchical name space, each name is made of several parts.

 The first part can define the organization, the second part can define the name,
the third part can define departments, and so on.
 In this case, the authority to assign and control the name spaces can
be decentralized.
 A central authority can assign the part of the name that defines the nature of the
organization and the name.
 The responsibility for the rest of the name can be given to the
organization itself. Suffixes can be added to the name to define host or
resources.
 The management of the organization need not worry that the prefix chosen for a
host is taken by another organization because even if part of an address is the
same, the whole address is different.
 The names are unique without the need to be assigned by a central authority.
 The central authority controls only part of the name, not the whole name.

 Each node in the tree has a label, which is a string with a maximum of 63
characters.
 The root label is a null string (empty string). DNS requires that children of a
node (nodes that branch from the same node) have different labels, which
guarantees the uniqueness of the domain names.

Domai
n

 A domain is a subtree of the domain name space.

 The name of the domain is the domain name of the node at the top of the sub-
tree.
 A domain may itself be divided into domains.
40
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

Domain
Name
 Each node in the tree has a label called as domain name.
 A full domain name is a sequence of labels separated by dots (.)
 The domain names are always read from the node up to the root.
 The last label is the label of the root (null).
 This means that a full domain name always ends in a null label, which
means the last character is a dot because the null string is nothing.
 If a label is terminated by a null string, it is called a fully qualified domain
name (FQDN).
 If a label is not terminated by a null string, it is called a partially qualified
domain name (PQDN).

DNS IN THE INTERNET

 DNS is a protocol that can be used in different platforms.
 In the Internet, the domain name space (tree) is divided into three different
sections - Generic domains, Country domains, and Inverse domain.

Generic Domains
 The generic domains define registered hosts according to their generic
behavior.
 Each node in the tree defines a domain, which is an index to the domain name
space database.
 The first level in the generic domains section allows seven possible three
character levels.

41
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

 These levels describe the organization types as listed in following table.

Country Domains
 The country domains section follows the same format as the generic domains
but uses two characters for country abbreviations
 E.g.; in for India, us for United States etc) in place of the three character
organizational abbreviation at the first level.
 Second level labels can be organizational, or they can be more specific,
national designation.
 India for example, uses state abbreviations as a subdivision of the country
domain us. (e.g., ca.in.)

Inverse Domains
 Mapping an address to a name is called Inverse domain.
 The client can send an IP address to a server to be mapped to a domain name
and it is called PTR(Pointer) query.
 To answer queries of this kind, DNS uses the inverse domain

DNS RESOURCE RECORDS (RR)

 The zone information associated with a server is implemented as a set of
resource records.
 In other words, a name server stores a database of resource records.
 A resource record is a 5-tuple structure :
(Domain Name, Type, Class, TTL, Value)
 The domain name identifies the resource record.
 The type defines how the value should be interpreted.
 The value defines the information kept about the domain name.
 The TTL defines the number of seconds for which the information is valid.
 The class defines the type of network

42
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

Types of Resource Records

DNS MESSAGES
 DNS has two types of messages: query and response.
 Both types have the same format.
 The query message consists of a header and question section.
 The response message consists of a header, question section, answer section,
authoritative section, and additional section .

 Header
 Both query and response messages have the same header format with
some fields set to zero for the query messages.
 The header fields are as follows:

 The identification field is used by the client to match the response

with the query.
 The flag field defines whether the message is a query or response. It
also includes status of error.
 The next four fields in the header define the number of each record
type in the message.
 Question Section
 The question section consists of one or more question records. It is
present in both query and response messages.
 Answer Section
43
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY
 The answer section consists of one or more resource records. It
is present only in response messages.
 Authoritative Section
 The authoritative section gives information (domain name) about one
or more authoritative servers for the query.
 Additional Information Section
 The additional information section provides additional information
that may help the resolver.

DDNS (DYNAMIC DOMAIN NAME SYSTEM)

 In DNS, when there is a change, such as adding a new host, removing a host, or
changing an IP address, the change must be made to the DNS master file.
 The DNS master file must be updated dynamically.
 The Dynamic Domain Name System (DDNS) is used for this purpose.
 In DDNS, when a binding between a name and an address is determined, the
information is sent to a primary DNS server.
 The primary server updates the zone.
 The secondary servers are notified either actively or passively.
 In active notification, the primary server sends a message to the secondary
servers about the change in the zone, whereas in passive notification, the
secondary servers periodically check for any changes.
 In either case, after being notified about the change, the secondary server
requests information about the entire zone (called the zone transfer).
 To provide security and prevent unauthorized changes in the DNS records,
DDNS can use an authentication mechanism.

DNS SECURITY
 DNS is one of the most important systems in the Internet infrastructure; it
provides crucial services to Internet users.
 Applications such as Web access or e-mail are heavily dependent on the proper
operation of DNS.
 DNS can be attacked in several ways including:
 Attack on Confidentiality - The attacker may read the response of a DNS
server to find the nature or names of sites the user mostly accesses. This
type of information can be used to find the user’s profile. To prevent this
attack, DNS messages need to be confidential.
 Attack on authentication and integrity - The attacker may intercept the
response of a DNS server and change it or create a totally new bogus
response to direct the user to the site or domain the attacker wishes the user
to access. This type of attack can be prevented using message origin
authentication and message integrity.
 Attack on denial-of-service - The attacker may flood the DNS server to
overwhelm it or eventually crash it. This type of attack can be prevented
using the provision against denial-of-service attack.
 To protect DNS, IETF has devised a technology named DNS Security
(DNSSEC) that provides message origin authentication and message integrity
using a security service called digital signature.
 DNSSEC, however, does not provide confidentiality for the DNS messages.
 There is no specific protection against the denial-of-service attack in the
specification of DNSSEC. However, the caching system protects the upper-
level servers against this attack to some extent.

44
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

4.14 Application Layer: SNMP (Simple Network Management Protocol)

 The Simple Network Management Protocol (SNMP) is a framework for

managing devices in an internet using the TCP/IP protocol suite.
 SNMP is an application layer protocol that monitors and manages routers,
distributed over a network.
 It provides a set of operations for monitoring and managing the internet.
 SNMP uses services of UDP on two well-known ports: 161 (Agent) and 162
(manager).
 SNMP uses the concept of manager and agent.

SNMP MANAGER
 A manager is a host that runs the SNMP client program
 The manager has access to the values in the database kept by the agent.
 A manager checks the agent by requesting the information that reflects the
behavior of the agent.
 A manager also forces the agent to perform a certain function by resetting
values in the agent database.
 For example, a router can store in appropriate variables the number of packets
received and forwarded.
 The manager can fetch and compare the values of these two variables to see if
the router is congested or not.

SNMP AGENT
 The agent is a router that runs the SNMP server program.
 The agent is used to keep the information in a database while the manager is
used to access the values in the database.
 For example, a router can store the appropriate variables such as a number of
packets received and forwarded while the manager can compare these variables
to determine whether the router is congested or not.
 Agents can also contribute to the management process.
 A server program on the agent checks the environment, if something goes
wrong, the agent sends a warning message to the manager.

SNMP MANAGEMENT COMPONENTS

 Management of the internet is achieved through simple interaction between a
manager and agent.
 Management is achieved through the use of two protocols:
o Structure of Management Information (SMI)
o Management Information Base (MIB).

45
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

Structure of Management Information (SMI)

 To use SNMP, we need rules for naming objects.
 SMI is a protocol that defines these rules.
 SMI is a guideline for SNMP
 It emphasizes three attributes to handle an object: name, data type, and
encoding method.
 Its functions are:
 To name objects.
 To define the type of data that can be stored in an object.
 To show how to encode data for transmission over the network.

Management Information Base (MIB)

The Management Information Base (MIB) is the second component used in network management.
 Each agent has its own MIB, which is a collection of objects to be managed.
 MIB classifies objects under groups.

MIB Variables
MIB variables are of two types namely simple and table.
 Simple variables are accessed using group-id followed by variable-id and 0
 Tables are ordered as column-row rules, i.e., column by column from top to
bottom. Only leaf elements are accessible in a table type.

46
 23AD1502 DATA COMMUNICATION AND NETWORK SECURITY

SNMP MESSAGES / PDU

SNMP is request/reply protocol that supports various operations using PDUs. SNMP defines eight types of
protocol data units (or PDUs):

1) GetRequest: The GetRequest PDU is sent from the manager (client) to the agent (server) to
retrieve the value of a variable or a set of variables.
2) GetNextRequest: The GetNextRequest PDU is sent from the manager to the agent to retrieve
the value of a variable.
3) GetBulkRequest: The GetBulkRequest PDU is sent from the manager to the agent to retrieve a
large amount of data. It can be used instead of multiple GetRequest and GetNextRequest PDUs.
4) SetRequest: The SetRequest PDU is sent from the manager to the agent to set (store) a
value in a variable.
5) Response:The Response PDU is sent from an agent to a manager in response to GetRequest or
6) GetNextRequest. It contains the value(s) of the variable(s) requested by the manager.
7) InformRequest: The InformRequest PDU is sent from one manager to another remote manager
to get the value of some variables from agents under the control of the remote manager. The
remote manager responds with a Response PDU.
8) Report: The Report PDU is designed to report some types of errors between managers.

Trap: The Trap PDU is sent from the agent to the manager to report an event. For example, if the agent is
rebooted, it informs the manager and reports the time of rebooting.

47