UNIT 1 - APPLICATION LAYER

Evolution of Computer Networking - Layered Architecture

- ISO/OSI Model - Internet Architecture (TCP/IP) -
Application Layer Protocols - HTTP - FTP - Telnet - Email -
DNS - Socket programming.
Evolution of Computer Networking
Early Computer Networks (1950s - 1960s):
Initially, computers were standalone machines used for specific tasks.
Early networking concepts began with time-sharing systems, allowing multiple
users to access a single mainframe computer.
Circuit-switched networks (similar to telephone networks) were used for early
computer communications.
ARPANET (1969): The U.S. Department of Defense’s Advanced Research
Projects Agency (ARPA) created ARPANET, which became the foundation of
modern networking.
Development of Packet Switching (1970s):
Packet Switching was developed as an alternative to circuit switching, making
data transmission more efficient.
The Transmission Control Protocol/Internet Protocol (TCP/IP) was created in
the late 1970s to standardize communication between different networks.
ARPANET expanded and introduced email (1971) as an early form of online
communication.
Emergence of Local Area Networks (LANs) (1980s):
The rise of personal computers (PCs) led to the need for networks that could
connect multiple devices within offices or buildings.
Ethernet (1983) became the standard for LANs, enabling high-speed
communication.
The Domain Name System (DNS) (1984) was introduced to simplify addressing
by replacing numeric IP addresses with readable domain names.
Growth of the Internet (1990s):
The World Wide Web (WWW) was created in 1991, making the internet more
accessible to the public.
The introduction of Hypertext Transfer Protocol (HTTP) and web browsers
revolutionized how users accessed and shared information.
The internet rapidly expanded, with businesses, educational institutions, and
governments adopting networking technology.
Wireless and Broadband Revolution (2000s):
Wi-Fi (802.11 standards) enabled wireless networking, increasing mobility and
connectivity.
Broadband (DSL, fiber-optic, and cable internet) replaced slower dial-up
connections, allowing for faster data transfer.
Voice over IP (VoIP) and video conferencing applications became more popular.
Cloud Computing and Mobile Networks (2010s):
The rise of cloud computing enabled data storage and application hosting
on remote servers.
4G LTE networks improved mobile internet speeds, supporting streaming,
gaming, and business applications.
Internet of Things (IoT) devices emerged, allowing smart devices to
communicate over networks.
Modern and Future Trends (2020s - Present):
5G technology is revolutionizing mobile networks with ultra-fast speeds
and low latency.
Artificial Intelligence (AI) and Machine Learning are being integrated into
networking for automation and security.
Cybersecurity advancements are crucial due to increasing cyber threats.
Edge computing is reducing latency by processing data closer to the source
rather than in centralized cloud servers.
Layered Architecture:
In a TCP/IP network, communication between two hosts involves multiple layers of
the protocol stack.
Network Setup
Three LANs (links), each with a link-layer switch.
One router connecting these LANs.
Computer A (source) wants to communicate with Computer B (destination).
 Device Layers Involved
Application, Transport, Network,
Source Host (A)
Data-Link, Physical
Link-Layer Switch Data-Link, Physical
Network, Data-Link (for each link),
Router
Physical
Link-Layer Switch Data-Link, Physical
Physical, Data-Link, Network,
Destination Host (B)
Transport, Application

Hosts (A & B): Use all five layers to send and receive data.
Switches: Only work at data-link and physical layers.
Router: Uses network, data-link, and physical layers and handles IP
packet forwarding.
OSI Model
•The Open Systems Interconnection (OSI) model is a
conceptual framework that standardizes the functions
of a telecommunication or computing system into
seven distinct layers.
•It was developed by the International Organization for
Standardization (ISO) to enable interoperability
between different network devices and technologies.
•Unlike TCP/IP, which is a specific protocol suite used on
the Internet, the OSI model serves as a reference
model to guide the design and understanding of
network architectures.
The OSI model is a layered framework for the design of
network systems that allows communication between
all types of computer systems. It consists of seven
separate but related layers, each of which defines a
part of the process of moving information across a
network (shown in Fig).
The Seven Layers of the OSI Model
Each layer in the OSI model has a specific function, and together,
they ensure reliable communication between devices.
1. Physical Layer (Layer 1)
Deals with the physical connection between devices.
Concerned with hardware components, such as cables, switches,
and network interface cards.
Defines electrical signals, bit transmission, and data rates.
2. Data Link Layer (Layer 2)
Responsible for node-to-node data transfer.
Detects and corrects errors that may occur at the physical layer.
Uses MAC (Media Access Control) addresses to identify devices in a
local network.
Examples: Ethernet, Wi-Fi (IEEE 802.11).
3. Network Layer (Layer 3)
Handles routing and logical addressing (e.g., IP addresses).
Determines the best path for data transmission between different
networks.
Example protocols: IPv4, IPv6, ICMP.
4. Transport Layer (Layer 4)
Ensures end-to-end communication between devices.
Provides error recovery and flow control.
Can be connection-oriented (TCP) or connectionless (UDP).
Example protocols: TCP, UDP.
5. Session Layer (Layer 5)
Manages session establishment, maintenance, and termination
between applications.
Ensures a continuous exchange of data.
Example protocols: NetBIOS, RPC (Remote Procedure Call).
6. Presentation Layer (Layer 6)
Translates data into a format that can be understood
by applications.
Handles encryption, compression, and encoding.
Example formats: JPEG, MP3, ASCII, SSL/TLS.
7. Application Layer (Layer 7)
The closest layer to the user.
Provides network services directly to applications.
Example protocols: HTTP, FTP, SMTP, DNS.
OSI versus TCP/IP
1. TCP/IP Was Already Established
By the time the OSI model was completed, TCP/IP was
already widely implemented and had proven to be
effective and reliable.
The Internet was already running on TCP/IP, and a
significant amount of time, money, and resources had
been invested in its infrastructure.
Transitioning to OSI would have required a complete
overhaul of existing systems, which was not practical
or cost-effective.
2. Some OSI Layers Were Not Fully Defined
While the OSI model outlined the functions of
each of its seven layers, some layers lacked
concrete protocols.
The Presentation Layer (Layer 6) and Session
Layer (Layer 5) were particularly
underdeveloped.
Their roles were described in theory, but no
widely accepted protocols were created to
implement them.
As a result, developers and organizations
continued using existing TCP/IP-based
solutions rather than adopting the OSI model.
3. OSI Did Not Show Better Performance
When organizations tried implementing OSI-
based protocols in real-world applications,
they did not perform better than TCP/IP.
TCP/IP was simpler, faster, and more
efficient, especially for Internet
communication.
The OSI model was seen as too complex and
slow, making it unattractive for widespread
adoption.
Application-Layer Paradigms
Two main communication paradigms used by application programs on the Internet..,
1. Client-Server Paradigm
In this model, there are two distinct roles:
Client: Requests a service (e.g., a web browser requesting a webpage).
Server: Provides the requested service (e.g., a web server hosting a website).
The server is usually a powerful machine that remains online, waiting for requests.
The client initiates the communication, and the server responds.
Examples:
A web browser (client) requests data from a web server.
An email client fetches emails from a mail server.
2. Peer-to-Peer (P2P) Paradigm
In this model, each computer (or "peer") can act as both a client and a server.
Peers communicate directly without relying on a centralized server.
More decentralized and scalable compared to client-server models.
Examples:
File-sharing applications like BitTorrent.
Blockchain networks (e.g., Bitcoin).
Both paradigms help structure how applications interact over the Internet.
Some systems even combine both models (e.g., hybrid P2P networks with
central directories).
Application Layer Protocols
Application layer protocols are a set of communication rules that operate at the
application layer of the OSI and TCP/IP models. These protocols define how
applications interact over a network to exchange data. They enable user-level
applications to communicate with remote services.
HTTP (Hypertext Transfer Protocol) – Used for web browsing.
HTTPS (HTTP Secure) – Secure version of HTTP using SSL/TLS encryption.
FTP (File Transfer Protocol) – Transfers files between computers.
SMTP (Simple Mail Transfer Protocol) – Sends emails.
POP3 (Post Office Protocol v3) – Retrieves emails from a mail server.
IMAP (Internet Message Access Protocol) – Retrieves and manages emails on a
remote server.
DNS (Domain Name System) – Resolves domain names to IP addresses.
DHCP (Dynamic Host Configuration Protocol) – Assigns IP addresses dynamically.
Telnet – Provides remote command-line access (insecure).
SSH (Secure Shell) – Secure alternative to Telnet for remote access.
SNMP (Simple Network Management Protocol) – Manages network devices.
NTP (Network Time Protocol) – Synchronizes system clocks.
MQTT (Message Queuing Telemetry Transport) – Used in IoT communication.
HyperText Transfer Protocol (HTTP)
•The HyperText Transfer Protocol (HTTP) is the foundation of data
communication on the web. It defines how web pages are requested by a client
(like a browser) and served by a web server.
•The client (browser) sends an HTTP request.
•The server (website’s host) processes the request and sends back a response.
•The server operates on port 80, while the client uses a temporary port.
•HTTP relies on TCP (Transmission Control Protocol), which ensures reliable
data transmission.
•Since TCP is connection-oriented, a connection must be established before
data transfer and terminated after the transaction.
Nonpersistent vs. Persistent Connections
Web pages often contain multiple elements (like images, stylesheets, and
scripts). When a browser requests a webpage, it may need to fetch multiple
objects, either from the same or different servers.
Nonpersistent Connections
Every request/response requires a new TCP connection.
Once the server sends the response, the connection is closed immediately.
If a webpage has N linked objects, then N+1 connections must be opened and
closed.
Steps in Nonpersistent Connection:
The client opens a new TCP connection to the server and sends a
request.
The server processes the request, sends the response, and then
closes the connection.
The client reads the data until the end-of-file marker and then
closes its end of the connection.
Disadvantages of Nonpersistent Connections:
High Overhead: Every request requires a new TCP connection,
increasing server workload.
Increased Latency: The time taken to establish and close multiple
connections slows down webpage loading.
Resource Consumption: The server needs multiple buffers to
manage each connection separately.
Fig : Nonpersistent Connection
Three-Way Handshake for Connection Establishment:
•Each request requires a new TCP connection, which involves the
three-way handshake:
•First handshake: Client sends a SYN (synchronize) request to
initiate a connection.
•Second handshake: Server responds with SYN-ACK (synchronize-
acknowledge).
•Third handshake: Client acknowledges with ACK and sends the
HTTP request.
Retrieving the First Object (File):
•The client establishes a TCP connection with the server.
•After the handshake, the client sends an HTTP request for a file.
•The server processes the request and sends back the response.
•Once the file transfer is complete, the connection is closed.
Retrieving the Second Object (Image):
•The client needs to fetch an image, but since HTTP uses
nonpersistent connections, a new TCP connection must be
established.
•The same three-way handshake process repeats.
•After the handshake, the client requests the image, and the
server responds.
•Once the image transfer is complete, the connection is closed
again.
Persistent Connections (Introduced in HTTP 1.1)
•A single TCP connection is used to fetch multiple objects from
the same server.
•This reduces overhead and speeds up data transfer.
•Persistent connections remain open until explicitly closed by the
client or server.
•In HTTP/1.1, persistent connections are enabled by default. This
means that once a client establishes a connection with a server, it
can send multiple requests over the same connection without
needing to reopen it for each request. This improves efficiency by
reducing the overhead associated with repeatedly establishing
and closing connections.
Advantages of Persistent Connections:
Faster webpage loading: Reduces the time taken for multiple TCP
handshakes.
Less server workload: The server does not need to keep opening
and closing multiple connections.
HTTP Message Formats
HTTP messages consist of two main types:
1.Request Messages (sent by the client)
2.Response Messages (sent by the server)
Both message types share a similar structure, composed of four
sections:
1. Request Message Format:
A request message is used by the client to ask for a resource from
the server. It consists of:
•Request Line: Specifies the HTTP method (e.g., GET, POST), the
resource path, and the HTTP version.
•Header Fields: Contains additional information such as Host, User-
Agent, Accept, etc.
•Blank Line: Separates the headers from the body.
•Body (Optional): Contains data for methods like POST or PUT
2. Response Message Format:
A response message is sent by the server to provide the requested resource
or an error message. It consists of:
•Status Line: Contains the HTTP version, status code (e.g., 200 OK, 404 Not
Found), and a reason phrase.
•Header Fields: Provides metadata such as Content-Type, Content-Length,
etc.
•Blank Line: Separates the headers from the body.
•Body: Contains the actual content being sent.
Comparison of Request and Response Messages:
Web Caching: Proxy Server
A proxy server is an intermediary between the client and the web server. It
helps improve performance, security, and control over web traffic by caching
responses and reducing the load on the original server.
How a Proxy Server Works
The HTTP client (browser) sends a request to the proxy server instead of the
target web server.
The proxy server checks its cache to see if it already has a stored response for
that request.
Cache Hit: If the response exists in the cache, the proxy server directly
returns it to the client, acting as a server.
Cache Miss: If the response is not found, the proxy server forwards the
request to the original server, acting as a client.
Once the proxy server receives the response from the original server, it stores it
in the cache for future requests.
Proxy Server as Both Server and Client
A proxy server functions in two roles:
As a server: When it provides a cached response to a client.
As a client: When it forwards a request to the original server because the
response is not in its cache.
Proxy Server Locations
Proxy servers can be deployed at different levels to maximize efficiency:
Client-Side Proxy: A single computer can store frequently accessed responses locally.
LAN Proxy (Corporate Proxy): A company installs a proxy server to reduce external
traffic and speed up access for employees.
ISP Proxy: Internet Service Providers (ISPs) use proxy servers to reduce bandwidth
usage by caching common requests from multiple customers.
Cache Update Strategies
A critical challenge in web caching is deciding how long a cached response should be
stored before being updated or deleted. Different strategies help manage cache
freshness:
Predefined Expiry Rules:
Some websites update their content at fixed intervals (e.g., a news website
updates daily).
The proxy server can automatically refresh the cache based on this schedule.
Last-Modified Header:
The web server can include a Last-Modified header in responses.
The proxy server can check this timestamp to determine if an update is needed.
Cache-Control Headers:
The web server can explicitly define caching policies using headers like Cache-
Control: max-age=3600, which tells the proxy how long to keep the response.
HTTP Security & HTTPS
•By default, HTTP is not secure because:
•It does not encrypt data.
•It does not verify the identity of the server or client.
•Data can be intercepted or modified during transmission.
•To address this, HTTP can run over Secure Socket Layer (SSL), forming HTTPS (HyperText
Transfer Protocol Secure).
Features of HTTPS:
Confidentiality: Encrypts data to prevent eavesdropping.
Authentication: Uses SSL/TLS certificates to verify the identity of websites.
Data Integrity: Ensures that the data is not altered in transit.
This makes HTTPS essential for secure transactions, such as online banking, shopping,
and secure logins.
File Transfer Protocol (FTP)
FTP (File Transfer Protocol) is a standard protocol in the TCP/IP suite
that allows users to transfer files between two computers over a
network. While transferring files might seem simple, FTP solves
several challenges, such as:
•Different file naming conventions across systems.
•Different ways of representing data (e.g., text vs. binary).
•Different directory structures on different operating systems.
Although files can be transferred using HTTP, FTP is better suited for:
•Large file transfers
•Transferring files in different formats.
 FTP Architecture
FTP follows a client-server model with the following components:
Client-Side Components:
1. User Interface – Allows users to interact with the FTP service.
2. Client Control Process – Manages communication with the server.
3. Client Data Transfer Process – Handles actual file transfers.
Server-Side Components:
4. Server Control Process – Listens for and processes client commands.
5. Server Data Transfer Process – Manages the transfer of files.
FTP uses two separate connections:
Control Connection: Manages commands and responses.
Data Connection: Handles actual file transfer.
This separation makes FTP efficient, as commands and data transfer are handled
independently.
Control Connection & FTP Commands:
1. FTP commands are sent from the client control process to the server control process in
uppercase ASCII text. Some commands require arguments, while others do not.
2. Stays open throughout the FTP session.
3. Uses port 21 for communication.
FTP Server Responses
•Every FTP command receives a server response, consisting of:
•A three-digit status code (indicating success, failure, or progress). The first digit defines
the status of the command. The second digit defines the area in which the status applies.
The third digit provides additional information.
•A textual message explaining the response.
Data Connection in FTP
The data connection in FTP is essential for transferring files between a client and a server. It
operates on port 20 on the server side and is established differently than the control
connection.
Steps to Create a Data Connection:
Client Initiates Passive Open:
The client opens an ephemeral (temporary) port for data transfer. This is necessary
because the client controls the commands for file transfers.
Sending Port Number to Server:
The client sends the port number it opened to the server using the PORT command.
This informs the server where to connect for data transfer.
Server Issues Active Open:
Upon receiving the port number, the server uses its well-known port 20 to establish a
data connection to the ephemeral port specified by the client.
Communication Over the Data Connection
The data connection is focused on transferring files and involves preparing for transmission
through commands sent over the control connection. Three main attributes must be
defined to handle the data transfer properly:
File Type
Data Structure
Transmission Mode
1. Data Structure
FTP can transfer files using different interpretations of data structure:
File Structure (default):
The data is treated as a continuous stream of bytes with no defined structure.
Record Structure:
The file is divided into records (usually applicable for text files). This allows for
structured access to the data.
Page Structure:
The file is divided into pages, each with a page number and header, allowing for both
random and sequential access to the data.
2. File Type
FTP supports several types of files for transfer, including:
ASCII File:
Standard text file; uses ASCII encoding for character representation.
EBCDIC File:
Text file using the EBCDIC encoding, primarily used on IBM mainframes.
Image File:
Binary file used for graphics or images.
The type of file being transferred determines how the data is interpreted during
transmission.
3. Transmission Mode
FTP allows for three different transmission modes:
Stream Mode (default):
Data is sent as a continuous stream of bytes, which is efficient for most transfers.
Block Mode:
Data is sent in blocks, where each block has a 3-byte header (describing the block
and its size). This mode is useful for applications requiring structured data.
Compressed Mode:
Data is sent in a compressed format to save bandwidth; this mode reduces the size
of the transmitted files.
File Transfer Operations
File transfer in FTP is controlled through commands sent over the control connection.
There are three primary operations defined for file transfer:
Retrieving a File:
Transferring a file from the server to the client. This operation typically involves
the RETR command.
Storing a File:
Transferring a file from the client to the server, usually performed using the STOR
command.
Directory Listing:
Requesting a list of files in a directory on the server, which is facilitated by the LIST
command.
Securing FTP with SSL (SSL-FTP)
To improve security, Secure Socket Layer (SSL) can be added between the FTP
application layer and the TCP layer. This enhanced version of FTP is called SSL-
FTP (or FTPS).
How SSL-FTP Works
Encryption of Credentials
SSL encrypts login credentials, preventing attackers from capturing plaintext
passwords.
Encrypted Data Transfer
All file transfers are encrypted, ensuring that sensitive data is not exposed to
unauthorized users.
Authentication with Digital Certificates
SSL-FTP supports server and client authentication using digital certificates,
ensuring that both parties in the communication are legitimate.
Data Integrity
SSL includes mechanisms to detect tampering during transmission, ensuring
that the files sent are received in their original form.
TELNET
TELNET (TErminaL NETwork) was one of the first protocols designed for remote logging
over the internet. However, it has security vulnerabilities that have led to its decline in favor
of SSH (Secure Shell).
Remote logging allows users to access and control a computer over a network. Instead of
running applications on a local machine, a user can log into a remote system and execute
commands as if they were physically present at that machine.
Instead of creating separate client-server programs for every application, remote logging
lets users connect to a remote system and use its applications.
Example: A student can use a Java compiler installed on a university server without needing
a separate Java compiler client.
TELNET Works
User Authentication
The user logs into a remote system using a username and password.
These credentials are sent in plaintext (unencrypted), making TELNET insecure.
Keystroke Transmission
The user's keystrokes are sent to the remote system without local interpretation.
TELNET converts them into Network Virtual Terminal (NVT) characters and sends them
over the network.
Remote Execution
The remote system interprets the commands and executes them as if they were typed
directly on its own terminal.
The output is sent back to the user's screen.
Security Issues in TELNET
Plaintext Communication: Everything, including passwords, is sent unencrypted, making
it vulnerable to hackers.
Eavesdropping: Attackers can use network sniffers to capture login credentials and
commands.
Man-in-the-Middle Attacks: Since there is no encryption, hackers can alter the
communication.
Network Virtual Terminal (NVT) in TELNET
Since different operating systems use different control characters, TELNET introduces a
universal format called Network Virtual Terminal (NVT):
NVT ASCII:
Uses a standard 8-bit character encoding (7-bit ASCII + an extra bit set to 0).
Ensures compatibility across different systems.
Control Characters:
Special commands (like "End of File" or "New Line") use an 8-bit encoding where
the highest-order bit is set to 1.
Different operating systems use different key combinations for commands:
Windows/DOS: Ctrl+Z for End-of-File.
UNIX/Linux: Ctrl+D for End-of-File.
Without NVT, remote access would be difficult because clients and servers would need to
pre-configure command translations.
TELNET Options
TELNET supports optional features through negotiation between the client and server.
Some users have advanced terminals with additional capabilities, while others use
simpler terminals. TELNET allows the client and server to agree on features dynamically.
Examples of TELNET Options
Echo Option:
Determines whether characters typed by the user should be displayed locally or
sent to the server first.
Window Size Negotiation:
Allows the client and server to adjust the screen size for compatibility.
Encryption Option (Rarely Used in Classic TELNET):
Some implementations allow encryption, but it was never widely adopted, leading
to SSH replacing TELNET.
TELNET vs. SSH
Feature TELNET SSH
✅ Uses strong encryption
Encryption ❌ No encryption (plaintext).
(AES, RSA, etc.).
❌ Vulnerable to ✅ Secure communication with
Security
eavesdropping and attacks. authentication.
Port Used 23 (TCP) 22 (TCP)
Used only for debugging and Widely used for secure
Usage Today
legacy systems. remote access.
Electronic mail
•One-Way Transaction: When Alice sends an e-mail to Bob, it is a one-way transaction.
Bob may or may not respond, but if he does, it's another separate one-way
transaction. There's no immediate request and response as seen in applications like
HTTP or FTP.
•Client/Server Programming: In applications like HTTP or FTP, the server program is
always running, waiting for a request from a client. When the request arrives, the
server provides the service. However, this approach doesn't work well for e-mail
because:
•E-mail is not an immediate request-response transaction.
•The recipient (Bob) might not have their computer on all the time to run a server
program.
•Intermediate Servers: To address this, e-mail uses intermediate computers (servers)
to implement the client/server model. Users run client programs only when they want
to send or receive e-mails. The intermediate servers handle the client/server
interactions, allowing users to send and receive e-mails without needing their
computers to be always on.
ARCHITECTURE OF E-MAIL
1) Basic Scenario: In a typical e-mail setup, both the sender (Alice) and the
receiver (Bob) are connected to their respective mail servers through a Local
Area Network (LAN) or a Wide Area Network (WAN). Each user has a mailbox
on their mail server where received messages are stored. This mailbox is a
special file with restricted access, meaning only the owner can access it.
2) Queue (Spool): The mail server also has a queue (spool) to store messages
waiting to be sent. This ensures that messages are managed efficiently before
being transferred.
3) Three Agents: The e-mail process involves three different agents:
•User Agent (UA): Alice uses a UA program to compose and send her message to
her mail server.
•Mail Transfer Agent (MTA): The MTA handles sending the message through the
Internet from Alice’s mail server to Bob’s mail server. Two MTAs are involved
here: one acts as the client and the other as the server. The server runs all the
time to be ready for incoming connections, while the client is triggered when
there is a message to be sent.
•Message Access Agent (MAA): Once Bob’s mail server receives the message,
Bob uses an MAA client to retrieve it from the MAA server running on his mail
server. The UA at Bob's site allows him to read the received message.
4) Constraints and Requirements:
•Running the MTA Server: Bob cannot bypass the mail server and directly use
the MTA server because he would need to run the MTA server all the time. This
is not feasible as it would require his computer to be always on or his WAN
connection to be continuously active.
•Push and Pull Programs: The MTA client-server program operates as a push
program, meaning it pushes the message to the server. However, Bob needs a
pull program to retrieve the message from the server. This is where the MAA
comes into play.
User Agent (UA)
•Purpose: The User Agent (UA) is a software program that helps users send and
receive messages. It handles composing, reading, replying to, and forwarding
messages, as well as managing local mailboxes.
•Types: There are two types of UAs:
•Command-Driven: These are older types of UAs that use one-character
commands from the keyboard to perform tasks. Examples include mail, pine,
and elm.
•GUI-Based: Modern UAs with graphical user interfaces (GUIs) that allow
interaction through icons, menu bars, and windows. Examples include
Eudora and Outlook.
Sending Mail
Process: When sending mail, the user creates a message that includes an
envelope and the actual message:
Envelope: Contains the sender and receiver addresses and other
information.
Message: Includes a header (with sender, receiver, subject, etc.) and a body
(the actual content of the message).
Receiving Mail
Notification: The UA notifies the user when there is new mail.
Displaying Mail: The UA shows a list of messages in the mailbox, each with a
summary (sender address, subject, time sent/received). The user can select and
view any message.
Addresses
Structure: E-mail addresses consist of two parts, separated by an @ sign:
Local Part: The name of the user’s mailbox where received mail is stored.
Domain Name: The name of the mail server (e.g., the organization’s
domain). Mail servers can be designated as mail exchangers.
Mailing List
Definition: A mailing list is an alias representing multiple e-mail addresses.
When a message is sent to the alias, it is forwarded to all addresses on the list.
Message Transfer Agent: SMTP
Three Client-Server Paradigms in E-Mail
Message Transfer Agents (MTAs):
First Use: Between the sender (Alice) and her mail server.
Second Use: Between Alice's mail server and Bob's mail server.
Both of these transfers are handled by the Simple Mail Transfer Protocol
(SMTP), which defines how commands and responses are exchanged
between the MTA client and server.
Message Access Agent (MAA):
Third Use: Between Bob's mail server and Bob's mail client. This requires a
different protocol to retrieve the message from the server to the client.
SMTP: Commands and Responses
SMTP (Simple Mail Transfer Protocol) is the protocol used to transfer messages.
It handles the interaction between the MTA client and the MTA server.
Commands: Sent from the MTA client to the MTA server.
Responses: Sent from the MTA server to the MTA client, typically in a three-digit
code format, sometimes followed by additional information.
Each command and response are terminated by a two-character end-of-line
token (carriage return and line feed).
Mail Transfer Phases
The process of transferring an e-mail message occurs in three main phases:
Connection Establishment:
The client makes a TCP connection to port 25, and the SMTP server responds.
Steps:
• Server sends code 220 (service ready) or code 421 (service not available).
• Client sends the HELO message with its domain name.
• Server responds with code 250 (request command completed) or another
appropriate code.
Message Transfer:
Once the connection is established, a message can be exchanged between the
sender and the recipient(s).
Steps:
• Client sends the MAIL FROM message with the sender's address.
• Server responds with code 250 or another appropriate code.
• Client sends the RCPT TO message with the recipient's address.
• Server responds with code 250 or another appropriate code.
• Client sends the DATA message to initiate message transfer.
• Server responds with code 354 (start mail input) or another appropriate
message.
• Client sends the message content line by line, each terminated by the end-of-
line token. The message ends with a line containing just a period.
• Server responds with code 250 (OK) or another appropriate code.
Connection Termination:
After the message is successfully transferred, the client ends the connection.
Steps:
• Client sends the QUIT command.
• Server responds with code 221 or another appropriate code

Message Access Agent: POP and IMAP

E-mail is accessed from a mail server by a recipient using two key Message Access
Protocols: POP3 (Post Office Protocol, version 3) and IMAP4 (Internet Mail Access
Protocol, version 4).
1. Email Delivery Stages
Email delivery happens in multiple stages:
First and Second Stages (Sending Email):
Email is sent using SMTP (Simple Mail Transfer Protocol).
SMTP is a push protocol, meaning it pushes emails from the sender’s client to the
mail server and then to the recipient’s mail server.
Third Stage (Retrieving Email):
SMTP is not used because it is a push protocol, while retrieving emails requires a
pull protocol.
This stage is handled by a Message Access Agent (MAA), which allows the
recipient to pull emails from the mail server.
Two common protocols for this are POP3 and IMAP4.
2. POP3 (Post Office Protocol, version 3)
How It Works:
The email client (installed on the user’s device) connects to the mail server
using TCP port 110.
The user logs in with a username and password.
The client downloads all emails from the server.
Modes of Operation:
Delete Mode:
After emails are downloaded, they are deleted from the server.
Used when the user is on their personal computer and can store emails
locally.
 Keep Mode:
Emails are kept on the server after downloading.
Used when the user is accessing emails from a temporary device (e.g.,
laptop while traveling).
Limitations of POP3:
Cannot organize emails into folders on the server.
Cannot preview email contents before downloading.
Cannot search for specific content in emails before downloading.
3. IMAP4 (Internet Mail Access Protocol, version 4)
IMAP4 is an advanced version of POP3 with more features.
Additional Features of IMAP4:
Email Header Preview: The user can check the subject and sender before
downloading.
Content Search: The user can search for specific words in emails before
downloading.
Partial Downloading: If an email has large multimedia files, the user can
download only the text part first.
 Email Organization:
The user can create, delete, or rename folders on the server.
Emails can be stored in a hierarchical folder structure.
Advantage of IMAP4 Over POP3:
Emails remain on the server, allowing access from multiple devices
(computer, phone, tablet).
More control over how emails are managed on the server.
DOMAIN NAME SYSTEM (DNS)
The Domain Name System (DNS) works in the TCP/IP model to map human-
readable domain names (like afilesource.com) to machine-readable IP
addresses (like 192.168.1.1).
DNS Needed
IP Addresses vs. Domain Names:
Computers on the internet communicate using IP addresses, which are numerical
(e.g., 192.168.1.1 for IPv4 or 2001:db8::ff00:42:8329 for IPv6).
However, humans prefer using names (e.g., google.com) instead of remembering
numbers.
Just like a telephone directory, where a person's name maps to their phone
number, the internet needs a system that maps domain names to IP addresses.
Centralized Directory
•The Internet is too large for a single database to store all domain-to-IP
mappings.
•If a central directory fails, the entire network would collapse.
•Instead, the DNS system is distributed, meaning multiple DNS servers around
the world share the responsibility of storing and resolving domain names.
DNS WORKS
When a user wants to connect to a remote server (e.g., for file transfer), the
following steps occur:
1.User Requests a Connection:
• The user enters a website or file transfer server name (e.g.,
afilesource.com) into an application.
2.File Transfer Client Contacts DNS Client:
• The application (e.g., FTP client) forwards the domain name to the DNS
client (a program on the user’s computer).
3.DNS Client Contacts DNS Server:
• Every computer knows the IP address of at least one DNS server.
• The DNS client sends a query (a request for the IP address of
afilesource.com) to the DNS server.
4.DNS Server Responds with the IP Address:
•The DNS server looks up the requested domain name in its database.
•If the DNS server does not have the answer, it may forward the request to
another DNS server.
•Once found, the IP address is sent back to the DNS client.
5.DNS Client Sends IP Address to the File Transfer Client:
•Now, the file transfer client knows the IP address of afilesource.com.
6.File Transfer Client Connects to the Server:
•The file transfer client uses the received IP address to establish a direct
connection to the file transfer server.
 Two Separate Connections in DNS
Before transferring files, the first connection is between the DNS client and
DNS server to resolve the domain name.
After obtaining the IP address, the second connection is between the file
transfer client and file transfer server for actual data exchange.
Sometimes, more than one connection may be required if the first DNS
server does not have the requested information.
Name Space
Unique Names
Every device on a network has a unique IP address.
To make it easier for users, these addresses are mapped to human-readable
names.
The system must ensure that each name is unique to avoid confusion.
This can be done using two types of name spaces:
Flat Name Space
Hierarchical Name Space
1. Flat Name Space
In a flat name space, each device is assigned a name without structure.
The names are just plain sequences of characters (e.g., "computer1", "serverA").
There is no hierarchy or categorization of names.
Names may or may not be similar, but if they are similar, it is by coincidence, not
design.
Problems with a Flat Name Space:
Cannot scale to large networks like the Internet because names would need to be
centrally controlled to avoid duplication.
No organization or grouping, making it hard to manage.
Risk of name conflicts (e.g., two different organizations naming a computer
"server1").
2. Hierarchical Name Space (Used in DNS)
A hierarchical system organizes names into multiple levels.
Each level represents a different part of the structure, making the names unique.
The control is decentralized, meaning different authorities can manage different
levels.
How It Works:
A central authority assigns the top levels (e.g., .com, .org, .edu).
Organizations get unique domain names (e.g., first.com, second.com).
Organizations can then manage subdomains and assign names to hosts (e.g.,
caesar.first.com, caesar.second.com).
Domain Name Space
•The hierarchical structure of DNS is represented as an inverted tree.
•The root node is at the top (Level 0).
•Below the root are top-level domains (TLDs) like .com, .edu, .org, etc.
•Further below, domains are structured into subdomains and hostnames.
•The tree can have up to 128 levels, ensuring a clear and organized system.

Labels and Domain Names

1.Labels:
• Definition: Each node (or part) in the DNS tree has a label, which is a string with
a maximum of 63 characters.
• Root Label: The root of the DNS tree has a label that is a null string (an empty
string).
• Uniqueness: Each child node (nodes branching from the same node) must have
a different label to ensure the uniqueness of domain names.
2.Domain Names:
•Composition: A domain name is a sequence of labels separated by dots (.). For
example, www.example.com.
•Reading: Domain names are read from the node up to the root. The last label is the
label of the root (null), meaning a full domain name ends with a dot (since the null
string represents nothing).
•Fully Qualified Domain Name (FQDN): A domain name that ends with a null label
(dot). It uniquely identifies a domain in the DNS hierarchy.
FQDN: www.example.com. (ends with a dot, fully qualified)
•Partially Qualified Domain Name (PQDN): A domain name that does not end with a
null label. It starts from a node but does not reach the root. PQDNs are often used
within the same site as the client, where the resolver can add the missing part (suffix)
to form an FQDN.
PQDN: www.example (does not end with a dot, partially qualified)
Domains
•Domain Definition: A domain is a subtree within the domain name space. The
name of a domain is the name of the node at the top of this subtree. For example,
if example.com is a domain, com is the top node of this subtree.
•Subdomains: Domains can be further divided into smaller domains, called
subdomains. For example, mail.example.com is a subdomain of example.com.
Distribution of Name Space
•Storage Issue: Storing all the information in the domain name space on a single
computer is inefficient and unreliable. Handling global requests would overload
the system, and a single point of failure would make the data inaccessible.
•Hierarchy of Name Servers: To address these issues, DNS information is
distributed across multiple computers called DNS servers. The entire domain name
space is divided into domains, with each first-level node (like com, org) becoming a
domain.
Further Division: Large domains can be further divided into smaller subdomains.
This creates a hierarchy of servers, with each server being responsible
(authoritative) for a specific domain or subdomain.
Zones
•Definition: A zone is a contiguous part of the entire DNS tree for which a server
is responsible.
•Zone and Domain Relationship:
• If a server is responsible for a domain and does not further divide it, the
domain and zone are the same.
• If a server divides its domain into subdomains and delegates authority to
other servers, the domain and zone differ. The server retains some
responsibility but delegates detailed information to lower-level servers.
•Zone File: The server maintains a database called a zone file, containing
information for all nodes within its zone. If subdomains exist, the original server
keeps references to the lower-level servers managing those subdomains.
Root Server
Definition: A root server is responsible for the entire DNS tree. It doesn't store information
about individual domains but delegates its authority to other servers.
Delegation: Root servers keep references to other servers that manage specific domains.
Global Distribution: There are several root servers distributed around the world, covering
the entire domain name space.
Primary and Secondary Servers
Primary Server:
Role: The primary server stores a file about the zone for which it is authoritative. It is
responsible for creating, maintaining, and updating the zone file.
Storage: The zone file is stored on a local disk.
Authority: The primary server is the main source of information for the zone.
Secondary Server:
Role: The secondary server obtains the complete information about a zone from another
server (primary or secondary) and stores it on its local disk.
No Creation or Updates: The secondary server does not create or update the zone files.
Updates must be done by the primary server, which then sends the updated version to the
secondary server.
Redundancy: Both primary and secondary servers are authoritative for their zones. The
secondary server provides redundancy, ensuring that if the primary server fails, the
secondary can still serve clients.
DNS in the Internet
DNS was originally divided into three sections:
1.Generic Domains – Based on organization types (e.g., .com, .edu, .org).
2.Country Domains – Two-letter country codes (e.g., .us, .uk, .in).
3.Inverse Domains – Used for finding domain names from IP addresses
(deprecated due to complexity).
Generic Domains
Defines domains based on the type of organization (e.g., .com for
commercial, .edu for educational institutions).
These domains act as an index to a massive database.
Country Domains
Uses two-letter country codes (e.g., .us for the USA, .in for India).
Some countries use subdomains within .us, such as:
ca.us → California (state in the USA)
uci.ca.us → University of California, Irvine

Recursive Resolution (Figure 2.43)

•The local DNS server takes full responsibility for resolving the domain.
•If it does not know the answer, it asks a root DNS server.
•The root DNS server does not store all IP mappings but knows where to find top-level
domain (TLD) servers (like .com).
•The TLD server knows the address of the authoritative DNS server (e.g., McGraw-Hill’s
DNS server).
•Once the authoritative DNS server finds the IP address, it sends the response back
through the chain (TLD → Root → Local DNS → Client).
Example (Recursive Resolution)
1.A user wants to access engineering.mcgraw-hill.com.
2.The user's resolver sends a query to its local DNS server (dns.anet.com).
3.The local DNS server asks the root DNS server.
4.The root DNS server refers it to the .com TLD server.
5.The .com TLD server refers it to dns.mcgraw-hill.com.
6.dns.mcgraw-hill.com returns the IP address.
7.The response goes back through the same chain to the user.
Iterative Resolution (Figure 2.44)
•Instead of handling everything, the DNS server gives the resolver a referral to the
next DNS server.
•The resolver itself continues the process.
Example (Iterative Resolution)
1.The local Anet DNS server receives the request.
2.It does not ask the root DNS server directly but returns the IP address of the next
server (e.g., the .com TLD server).
3.The resolver then contacts the .com TLD server.
4.The .com server provides the McGraw-Hill DNS server address.
5.The resolver asks the McGraw-Hill server, which finally gives the IP address of the
destination.
6.The resolver then sends the IP address back to the client.
DNS Caching
Caching is used to improve the efficiency of DNS by temporarily storing
responses. This helps reduce latency and network traffic.
How DNS Caching Works
When a DNS server gets a response from another server, it stores (caches) the
information before sending it to the client.
If the same or another client makes a request for the same domain, the server
can serve the cached response, reducing lookup time.
The cached response is marked as unauthoritative, meaning it is not directly
from the official source but a stored copy.
Problems with Caching
If a record is cached for too long, the server may return an outdated IP address.
To avoid this, DNS uses a Time to Live (TTL) value.
TTL (Time to Live) Mechanism
The authoritative server assigns a TTL to every DNS record.
The receiving DNS server stores this TTL value and counts down.
When TTL expires, the cache entry is deleted, and a fresh query is made.
DNS Resource Records (RR)
DNS stores information in Resource Records (RRs), which define various details about a
domain. A resource record is a 5-tuple structure, as shown below:
(Domain Name, Type, Class, TTL, Value)

DNS Messages
DNS messages are used for querying and responding to requests.
DNS Encapsulation (UDP & TCP)
DNS can use UDP or TCP for communication, both on port 53.
When UDP is Used
•Most standard DNS queries use UDP.
•If the response is ≤ 512 bytes, UDP is preferred for speed.
When TCP is Used
•If a response is larger than 512 bytes, TCP is used.
•If a zone transfer (full DNS database update) is needed, TCP is required.
•If a response is truncated (TCP bit set), the resolver retries using TCP.

Domain Registration & Registrars

How New Domains are Added to DNS
•ICANN-accredited registrars handle domain registrations.
•Registrars verify uniqueness and enter the domain into the DNS database.
•A domain owner provides:
•Domain Name (e.g., wonderful.com).
•Name Server (NS) (e.g., ns1.wonderful.com).
•IP Address (e.g., 200.200.200.5).
Dynamic DNS (DDNS)
Why DDNS is Needed
Traditional DNS required manual updates when adding/removing
hosts or changing IP addresses.
The Internet has grown too large for manual updates.
How DDNS Works
DHCP (Dynamic Host Configuration Protocol) informs the primary
DNS server when an IP changes.
The primary DNS server updates the zone file.
Secondary DNS servers are notified actively (via messages) or
passively (via periodic checks).
Zone Transfer: Secondary servers request the updated zone file.
DDNS Security
Authentication mechanisms prevent unauthorized DNS changes
DNS Security (DNSSEC)
DNS can be attacked in three ways:
1. Privacy Attacks
Attackers can read DNS responses to track user activity.
Solution: Encrypt DNS queries.
2. Spoofing & Cache Poisoning
Attackers can modify DNS responses and redirect users to fake
sites.
Solution: DNSSEC provides message origin authentication and
integrity checks.
3. Denial-of-Service (DoS) Attacks
Attackers can flood DNS servers, causing them to crash.
Solution: Some protection comes from caching, but DNSSEC
does not directly prevent DoS attacks