2: Application Layer 1
ECE5650
Basic Network Services (II)FTP, Email, and DNS
2: Application Layer 2
Recap: HTTP and Web HTTP request msg format and method
types: GET, POST, HEAD, PUT, DELATE
HTTP response msg format and status codes
Cookies and their usage: Persistent vs Non-Persistent cookies
2: Application Layer 3
Examples ofInternet Services 2.1 Principles of
network applications 2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP 2.5 DNS
2.7 Socket programming with TCP
2.8 Socket programming with UDP
2.9 Building a Web server
2: Application Layer 4
FTP: the file transfer protocol
transfer file to/from remote host client/server model
client: side that initiates transfer (either to/from remote)
server: remote host ftp: RFC 959 ftp server: port 21 for control, port 20 for data
file transfer FTPserver
FTPuser
interfaceFTP
client
local filesystem
remote filesystem
user at host
2: Application Layer 5
SFTP: secure file transfer protocol
All communication (login, control and data are secured)
transfer file to/from remote host same as FTP client/server model network protocol designed by the IETF to provide
secure file transfer and manipulation facilities over the secure shell (SSH) protocol.
file transfer over SSH SFTPserver
SFTPuser
interfaceSFTPclient
local filesystem
remote filesystem
user at host
2: Application Layer 6
FTP: separate control, data connections FTP client contacts FTP server
at port 21, specifying TCP as transport protocol
Client obtains authorization over control connection
Client browses remote directory by sending commands over the persistent control connection.
When server receives a command for a file transfer or directory listing, the server opens a TCP data connection to client
After transferring one file, server closes connection.
FTPclient
FTPserver
TCP control connection
port 21
TCP data connectionport 20
Server opens a second TCP data connection to transfer another file.
Control connection: “out of band” HTTP sends control info in-
band FTP server maintains “state”:
current directory, earlier authentication
2: Application Layer 7
FTP commands, responsesSample commands: sent as ASCII text over
control channel USER username PASS password LIST return list of file in
current directory RETR (Get) filename
retrieves (gets) file STOR (Put) filename
stores (puts) file onto remote host
Sample return codes status code and phrase
(as in HTTP) 331 Username OK,
password required 125 data connection
already open; transfer starting
425 Can’t open data connection
452 Error writing file
2: Application Layer 8
All FTP commands (RFC 959) Access control commands:
USER, PASS, ACT, CWD, CDUP, SMNT, REIN, QUIT.
Transfer parameter commands: PORT, PASV, TYPE STRU, MODE.
Service commands: RETR, STOR, STOU, APPE, ALLO, REST, RNFR, RNTO,
ABOR, DELE, RMD, MRD, PWD, LIST, NLST, SITE, SYST, STAT, HELP, NOOP.
www.faqs.org/rfcs/rfc959.html
2: Application Layer 9
FTP Summary FTP/SFTP is used to transfer files between hosts FTP is an out-of-band protocol: control is sent
over server port 21 while data is sent over server port 20.
Control connection is persistent and the FTP server must maintain the state of the user.
Data connection is non-persistent and initiated by FTP server.
2: Application Layer 10
Electronic MailThree major components: user agents mail servers simple mail transfer
protocol: SMTP
User Agent a.k.a. “mail reader” composing, editing, reading
mail messages e.g., Eudora, Outlook, elm,
Netscape Messenger outgoing, incoming
messages stored on server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragentmail
server
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
2: Application Layer 11
Electronic Mail: mail serversMail Servers mailbox contains incoming
messages for user message queue of
outgoing (to be sent) mail messages
SMTP protocol between mail servers to send email messages client: sending mail
server “server”: receiving mail
server
mailserver
useragent
useragent
useragentmail
server
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
2: Application Layer 12
Electronic Mail: SMTP [RFC 2821]
uses TCP to reliably transfer email message from client to server, port 25
direct transfer: sending server to receiving server three phases of transfer
handshaking (greeting) transfer of messages closure
command/response interaction commands: ASCII text response: status code and phrase
messages must be in 7-bit ASCII
2: Application Layer 13
Scenario: Alice sends message to Bob1) Alice uses UA to compose
message and “to” [email protected]
2) Alice’s UA sends message to her mail server; message placed in message queue
3) Client side of SMTP opens TCP connection with Bob’s mail server
4) SMTP client sends Alice’s message over the TCP connection
5) Bob’s mail server places the message in Bob’s mailbox
6) Bob invokes his user agent to read message
useragent
mailserver
mailserver user
agent
1
2 3 4 56
2: Application Layer 14
Sample SMTP interaction C: telnet smtp.wayne.edu 25 S: 220 mirapointmr3.wayne.edu C: HELO alice S: 250 Hello alice, pleased to meet you C: MAIL FROM: <[email protected]> S: 250 [email protected]... Sender ok C: RCPT TO: <[email protected]> S: 250 [email protected] ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line by itself C: Do you like ketchup? C: How about pickles? C: . S: 250 Message accepted for delivery C: QUIT S: 221 wayne.edu closing connection
2: Application Layer 15
Try SMTP interaction for yourself:
telnet ece.eng.wayne.edu 25 see 220 reply from server enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
commands above lets you send email without using email
client (reader)
2: Application Layer 16
SMTP Mail message formatSMTP: protocol for
exchanging email msgsRFC 822: standard for text
message format: header lines, e.g.,
To: From: Subject:different from SMTPcommands. SMTP msg goesinto the DATA command
body the “message”, 7-bit
ASCII characters only
header
body
blankline
2: Application Layer 17
Message format: multimedia extensions MIME: multimedia mail extension, RFC 2045, 2056 additional lines in msg header declare MIME content
type
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg
base64 encoded data ..... ......................... ......base64 encoded data
multimedia datatype, subtype,
parameter declaration
method usedto encode data, quoted-
printable is another method
MIME version
encoded data where each line is 78 7-bit ASCII characters including CRLF
2: Application Layer 18
Base64 encoding scheme (RFC 2045) Encoding (not encrypting) method input: 8 bit ASCII data output: one of the 64 values listed in
the Base64 encoding table and the “=“ character
Process: group the input data in chunks of 3-
bytes or 24-bits each break each 24-bit chunk into 4 values
that are 6-bits each use the Base64 encoding table to find
the character of each value if any chunk is less than 3 bytes then
pad it with 0s and use the “=“ for any of these 6 0s. A 6-bit value with all 0s and at least 1 non-padded 0 will be an “A”
Smallest base64 encoded output is 4 characters.
Value Char Value Char Value Char Value Char0 A 16 Q 32 g 48 w1 B 17 R 33 h 49 x2 C 18 S 34 i 50 y3 D 19 T 35 j 51 z4 E 20 U 36 k 52 05 F 21 V 37 l 53 16 G 22 W 38 m 54 27 H 23 X 39 n 55 38 I 24 Y 40 o 56 49 J 25 Z 41 p 57 5
10 K 26 a 42 q 58 611 L 27 b 43 r 59 712 M 28 c 44 s 60 813 N 29 d 45 t 61 914 O 30 e 46 u 62 +15 P 31 f 47 v 63 /
Base64 Encoding Table
Example: input is ABA ASCII hex=0x41B ASCII hex=0x4216-bits + 8 padded 0s:0100 0001 0100 0010 0000 00004 values that are 6-bits each:010000-010100-001000-00000016-20-8-6 padded 0sBase64 output is QUI=
2: Application Layer 19
Mail access protocols
SMTP: delivery/storage to receiver’s server Mail access protocol: retrieval from server
POP3: Post Office Protocol version 3 [RFC 1939] uses port 110
• authorization (agent <-->server) and download IMAP: Internet Mail Access Protocol [RFC 1730]
• more features (more complex)• manipulation of stored msgs on server
HTTP: Hotmail , Yahoo! Mail, etc.
useragent
sender’s mail server
useragent
SMTP SMTP accessprotocol
receiver’s mail server
2: Application Layer 20
POP3 protocolauthorization phase client commands:
user: declare username pass: password
server responses +OK (Server accepted prior command) -ERR (server rejected prior command)
transaction phase, client: list: list message numbers retr: retrieve message by number dele: delete quit UIDL: “unique-ID listing” list unique
message ID for all of the messages present in the users mailbox. Useful for download-and-keep by keeping a file that lists the messages retrieved in earlier sessions, the client can use the UIDL command to determine which messages on the server have already been seen.
“Received:” in the msg indicates the SMTP servers that forwarded the msg
C: list S: 1 498 S: 2 912 S: . C: retr 1 S: Return-Path: <fromuser@..> S: Received: from b1 by d1 ... S: more data.. S: . C: dele 1 C: retr 2 S: <message 1 contents> S: . C: dele 2 C: quit S: +OK POP3 server signing off
C: telnet ece.eng.wayne.edu 110S: +OK POP3 server ready C: user bob S: +OK C: pass hungry S: +OK user successfully logged on
2: Application Layer 21
POP3 (more) and IMAPMore about POP3 Previous example
uses “download-and-delete” mode.
User cannot re-read the deleted e-mail.
“Download-and-keep”: copies of messages on different clients
POP3 is stateless across sessions
IMAP Keep all messages in
one place: the server Allows user to
organize messages in folders
IMAP keeps user state across sessions: names of folders and
mappings between message IDs and folder name
2: Application Layer 22
Email Summary SMTP and POP3 uses
persistent connections SMTP requires message
(header & body) to be in 7-bit ASCII
SMTP server uses CRLF.CRLF to determine end of message
download-and-delete vs download-and-keep in POP3
All data communications are insecure by default
Comparison with HTTP: HTTP: pull data from web
server SMTP: push data to mail
server both have
command/response interaction, status codes
HTTP: each object encapsulated in its own response msg
SMTP: multiple objects sent in one multipart msg
SMPT msg must be in 7-bit ASCII while HTTP has no restriction
2: Application Layer 23
DNS: Domain Name SystemPeople: many identifiers:
SSN, name, passport #Internet hosts, routers:
IP address (32 or 128 bit) - used for addressing datagrams
“canonical name”, e.g., ww.yahoo.com - used by humans
Q: map between IP addresses and name ?
Domain Name System (DNS) is:
1- distributed database implemented in hierarchy of many name servers
2- application-layer protocol: host, routers and name servers communicate to resolve names (address/name translation). DNS protocol uses UDP transport protocol and port 53.
3- employed by other application layer protocols (HTTP, SMTP, FTP) to resolve host names.
2: Application Layer 24
DNS Why not centralize
DNS? single point of
failure traffic volume distant centralized
database maintenance
doesn’t scale!
DNS services Hostname to IP address translation Host aliasing
Canonical (actual) and alias names (user-friendly): cwis-1.wayne.edu for alias www.wayne.edu
Mail server aliasing: mail server and web server can
share the same alias name. E.g. [email protected], wayne.edu
Load distribution Replicated Web servers: a set of IP
addresses for one canonical name. DNS returns the list of IPs for a name but rotated by 1 each time so the user can use the first listed IP.
2: Application Layer 25
Root DNS Servers (13 servers labeled A-M)
com DNS servers org DNS servers edu DNS servers
poly.eduDNS servers
umass.eduDNS serversyahoo.com
DNS serversamazon.comDNS servers
pbs.orgDNS servers
Distributed, Hierarchical Database
Each Client uses a local DNS server that does not belong to the hierarchy:
The local DNS is usually assigned by the DHCP server as part of the temporary IP assignment (run command: “ipconfig /all” to find your local DNS server).
Top-Level Domain Servers
(TLDs)Authoritative DNS servers
2: Application Layer 26
DNS: Root name servers
b USC-ISI Marina del Rey, CAl ICANN Los Angeles, CA
e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 17 other locations)
i Autonomica, Stockholm (plus 3 other locations)
k RIPE London (also Amsterdam, Frankfurt)
m WIDE Tokyo
a Verisign, Dulles, VAc Cogent, Herndon, VA (also Los Angeles)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 11 locations)
There are 13 root DNS server world wide that are labeled A-M: map of root DNS, as of Oct 2006.
2: Application Layer 27
TLD and Authoritative Servers Top-level domain (TLD) servers: responsible for
com, org, net, edu, etc, and all country code top-level domains (ccTLD) us, ca, in, cn, jp. Network solutions maintains servers for com TLD Educause for edu TLD
Authoritative DNS servers: organization’s with public names has DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web and mail). Can be maintained by organization or service provider
2: Application Layer 28
Local Name Server Does not strictly belong to hierarchy Each ISP (residential ISP, company,
university) has one. Also called “default name server”
When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy, forwards query into
hierarchy.
2: Application Layer 29
requesting hostX
Y
root DNS server
local DNS server
1
23
4
5
6
authoritative DNS server
78
TLD DNS server
Example of Typical DNS request Client X wants IP address for Y Steps performed:1- Client sends DNS request to the local
DNS server to search on its behalf (recursive query)
2- local DNS contacts one of the root DNSs to resolve hostname Y.
3- root DNS returns the TLD DNS IP to local DNS
4- local DNS contacts one of the TLDs to get an Authoritative DNS nam
5- TLD returns IP of authoritative DNS to local DNS
6- local DNS contacts authoritative DNS to resolve X
7- authoritative DNS returns IP of Y8- local DNS return IP of Y to X
Query 1 is recursiveQueries 2, 4 and 6 are iterative
Example of recursive+iterative DNS query - typically used
2: Application Layer 30
requesting host
requested host
root DNS server
local DNS server
1
2
45
6
authoritative DNS server
7
8
TLD DNS server
3
Recursive and Iterative DNS queries
recursive query: puts burden of
name resolution on contacted name server
heavy load?
iterative query: reply is directly
returned to requesting server
“I don’t know this name, but ask this server” Example of pure recursive DNS
query - not typically used
2: Application Layer 31
DNS: caching and updating records once (any) name server learns mapping, it
caches mapping cache entries timeout (disappear) after
some time TLD servers typically cached in local name
servers• Thus root name servers not often visited
Client may also cache DNS names update/notify mechanisms under design by
IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html
2: Application Layer 32
hosts file local file that is checked by the client DNS of the OS before
sending a DNS request. It can speed the web access. If the requested name is found in the hosts file then its
corresponding IP is used. Can be used to create custom (name-IP) entries. File Location:
windows XP: C:\WINDOWS\system32\drivers\etc most UNIX and Linux: /etc
File Structure: <IP address><space><name><space><# comment> Example of an entry: 127.0.0.1 localhost #default entry
2: Application Layer 33
DNS recordsDNS: distributed db storing resource records (RR)
Type=NS name is domain (e.g. foo.com) value is hostname of authoritative
name server for this domain always in non-authoritative DNSs to
point to authoritative DNSs
RR format: (name, value, type, ttl)
Type=A name is hostname value is IP address always in authoritative DNS may be cached in non-
authoritative DNSs
Type=CNAME name is alias name for some
“canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name used by all hosts
Type=MX value is name of mailserver
associated with name that is usually an alias name
company can have a web server and a mail server with the same alias name. e.g. [wayne.edu mail.wayne.edu, MX]TTL is time to live of the RR and determines
when an RR should be removed from cache.
2: Application Layer 34
DNS records with DNS servers
Authoritative DNSs for an institution: must contain Type A RRs for the institution’s public
names and IPs. may contain Type MX RRs for the institution’s public
mail server names and IPs. may contain Type CNAME RRs if the institution has
Canonical names for its alias names. TLD DNSs
contain Type NS RRs with each organization’s public name is mapped to its authoritative DNS server names. There is usually a primary and secondary authoritative DNS servers.
contain Type A RRs with the Authoritative DNS server name and IP address.
2: Application Layer 35
DNS protocol, messagesDNS protocol : query and reply messages, both with same message format
msg header identification: 16 bit #,
query and reply msgs use the same #
flags: query or reply 1 bit
flag recursion desired or
available 1 bit reply is authoritative
2: Application Layer 36
DNS protocol, messages
Name, type fields for a query
RRs in responseto query
records forauthoritative servers
additional “helpful”info that may be used
2: Application Layer 37
Inserting records into DNS Example: just created startup “Network Utopia” Register name networkuptopia.com at a registrar
(e.g., Network Solutions) Need to provide registrar with names and IP addresses of
your authoritative name server (primary and secondary) Registrar inserts two RRs into the com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)
Put in authoritative server Type A record for www.networkuptopia.com and Type MX record for networkutopia.com
How do people get the IP address of your Web site?
2: Application Layer 38
nslookup command and whois DB used to displays information that you can use to diagnose Domain
Name System (DNS) infrastructure. Contacts the specified DNS server to retrieve requested records.
nslookup <domain or IP to find> <DNS server name> Example: nslookup wayne.com whois database can be used to locate the corresponding registrar, DNS
server and IPs for a particular domain. Only registrars accredited by the Internet Corporation for Assigned
Names and Numbers (ICANN - non-profit org) are authorized to register .aero, .biz, .com, .coop, .info, .museum, .name, .net, .org, or .pro names.
.com whois database: http://www.internic.net/whois.html .edu whois database http://whois.educause.net/index.asp wayne.edu DNS name servers:
NS.WAYNE.EDU 141.217.1.15 NS2.WAYNE.EDU 141.217.1.13 DNS.MERIT.NET NS2.CS.WAYNE.EDU 141.217.16.10
2: Application Layer 39
DNS Vulnerabilities DDoS bw-flooding attack against DNS server.
A large scale attack on 13 DNS root servers on Oct 21, 2002 by using ICMP ping messages
Block ICMP ping packets in packet filtering DNS queries attack
Hard to be filtered Mitigated by caching in local DNS servers
Man-in-the-middle attack Trick a server into bogus records into its cache Hard to implement, because it needs to intercept
packets Reflection attack on other hosts
Send queries with spoofed source addr of a target server
2: Application Layer 40
DNS Summary DNS services:
Hostname to IP address translation Host aliasing, Mail server aliasing, Load distribution
DNS is hierarchical and distributed root DNS vs TLD vs Authoritative DNS vs local DNS recursive vs iterative DNS query DNS cache: local server caches TLDs so that root
servers are rarely visited DNS record types: A, NS, CNAME, MX DNS Query and Reply msg format is the same nslookup command and the whois database DNS vulnerabilities
2: Application Layer 41
Examples ofInternet Services 2.1 Principles of
network applications 2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP 2.5 DNS
2.6 P2P and File Sharing
2.7 Socket programming with TCP
2.8 Socket programming with UDP
2.9 Building a Web server