Application Layer

Client Server Paradigm

• Communication at the application layer is between two running application
programs called processes: a client and a server.
• A client is a running program that initializes the communication by sending a
request.
• A server is another application program that waits for a request from a client.
• The server handles the request received from a client, prepares a result, and sends
the result back to the client.
• A server implies that a server must be running when a request from a client
arrives, but the client needs to be run only when it is needed.
• If we have two computers connected to each other somewhere, we can run a
client process on one of them and the server on the other.
• Lifetime of a server is infinite.
• Lifetime of a client is finite.
Application Programming Interface
• If we need a process to be able to communicate with another
process, we need a new set of instructions to tell the lowest four
layers of the TCP/IP suite to open the connection, send and receive
data from the other end, and close the connection.
• A set of instructions of this kind is normally referred to as Application
Programming Interface (API).
• An interface in programming is a set of instructions between two
entities.
• Several APIs have been designed for communication. Three among
them are common: socket interface, Transport Layer Interface (TLI),
and STREAM.
Sockets: It is not a physical entity like them; it is an abstraction. It is a data structure that is created and used by the
application program.
Use of sockets in process-to-process
communication
• The interaction between a client and a server is two-way communication.
• In a two-way communication, a pair of addresses: local (sender) and remote
(receiver) is needed.
• The local address in one direction is the remote address in the other direction
and vice versa.
• A pair of socket addresses for communication: a local socket address and a
remote socket address.
• A socket address should first define the computer on which a client or a server
is running.
• A socket address should be a combination of an IP address and a port number
Finding Socket Addresses
Server Site:
• The server needs a local (server) and a remote (client) socket address for
communication.
• Local Socket Address: The local (server) socket address is provided by the operating
system. The operating system knows the IP address of the computer on which the server
process is running.
• The port number of a server process, needs to be assigned.
• For example, the assigned port number for a Hypertext Transfer Protocol (HTTP) is the
integer 80, which cannot be used by any other process.
• The server can serve many clients, it does not know beforehand
the remote socket address for communication. The server can find this
socket address when a client tries to connect to the server.
• The client socket address, which is contained in the request packet
sent to the server, becomes the remote socket address that is used for
responding to the client.
Client Site:
The client also needs a local (client) and a remote (server) socket address for communication.
Local Socket Address:
• The local (client) socket address is also provided by the operating system. The OS knows the
IP address of the computer on which the client is running.
• The port number - a 16-bit temporary integer that is assigned to a client process each time
the process needs to start the communication.
• The port number, however, needs to be assigned from a set of integers defined by the
Internet authority and called the ephemeral (temporary) port numbers.
Remote Socket Address:
• Sometimes, the user who starts the client process knows both the server port number and IP
address of the computer on which the server is running.
• Port number will be known but IPD address not known.
• The server has a name, an identifier that uniquely defines the server process. Examples of
these identifiers are URLs, such as www.xxx.yyy, or e-mail addresses, such as [email protected].
• IP address can be obtained using DNS
STANDARD CLIENT-SERVER
APPLICATIONS
• HTTP and WWW
• Electronic Mail Transfer and FTP.
• Remote Logging in- TELNET and SSH.
• DNS
World Wide Web - Tim Berners Lee proposed

• The Web today is a repository of information in which the documents, called Web
pages, are distributed all over the world and related documents are linked together.
• Distribution allows the growth of the Web. Each web server in the world can add a
new web page to the repository and announce it to all Internet users without
overloading a few servers.
• Linking allows one web page to refer to another web page stored in another server
somewhere else in the world. The linking of web pages was achieved using a
concept called hypertext.
Architecture
• The WWW today is a distributed client-server service.
• The service provided is distributed over many locations
called sites.
• Each site holds one or more documents, referred to as
web pages.
• Each web page can contain some links to other web
pages in the same or other sites.
• A simple web page has no links to other web pages.
• A composite web page has one or more links to other web
pages. Each web page is a file with a name and address.
Web Client (Browser):
consists of three parts: a controller, client protocols, and interpreters.

• The controller receives input from the keyboard or the mouse and
uses the client programs to access the document.
• After the document has been accessed, the controller uses one of the
interpreters to display the document on the screen.
• The client protocol can be one of the protocols (such as HTTP or FTP).
• The interpreter can be HTML, Java, or JavaScript, depending on the
type of document.
• Some commercial browsers include Internet Explorer, Netscape
Navigator, and Firefox.
Web Server :
• The web page is stored at the server. Each time a request arrives, the
corresponding document is sent to the client.
• To improve efficiency, servers normally store requested files in a cache in
memory; memory is faster to access than disk.
• Some popular web servers include Apache and Microsoft Internet
Information Server.
Uniform Resource Locator (URL)
Web Page – unique identifier - four identifiers: host, port, and path, protocol.
Protocol: HTTP or FTP
Host: IP address / Domain name
Port – HTTP  80
Path: The path identifies the location and the name of the file in the underlying operating
system
protocol://host/path Used most of the time
protocol://host:port/path Used when port number is needed
Web Documents: The documents in the WWW can be
grouped as
static, dynamic, and active.
Static documents are fixed-content documents that are created and stored in a server. The
client can get a copy of the document only.
• The contents in the server can be changed, but the user cannot change them.
• When a client accesses the document, a copy of the document is sent. The user can then
use a browser to see the document.
• Static documents are prepared using one of the several languages:
Hypertext Markup Language (HTML)
Extensible Markup Language (XML),
Extensible Style Language (XSL), and
Extensible Hypertext Markup Language (XHTML).
Dynamic Documents :A dynamic document is created by a web server whenever a browser
requests the document.
• When a request arrives, the web server runs an application program or a script that
creates the dynamic document.
• The server returns the result of the program or script as a response to the browser that
requested the document.
Simple example of a dynamic document
• The retrieval of the time and date from a server. Time and date are
kinds of information that are dynamic in that they change from
moment to moment.
• The client can ask the server to run a program such as the date
program in UNIX and send the result of the program to the client.
• Common Gateway Interface (CGI) used earlier, Now JSP, ASP.
Active Documents: For many applications, we need a program or a script to
be run at the client site. These are called active documents.
Java Applets (bytecode format), Javascripts
Cookies
• Websites are being used as electronic stores that allow users to browse through the store,
select wanted items, put them in an electronic cart, and pay at the end with a credit card.
• Some websites need to allow access to registered clients only.
• Some websites are used as portals: the user selects the web pages he wants to see.
• Some websites are just advertising agency.
Creating and Storing Cookies
1. When a server receives a request from a client, it stores information about the client in a
file or a string. The information may include the domain name of the client, the contents of
the cookie (information the server has gathered about the client such as name, registration
number, and so on), a timestamp, and other information depending on the implementation.
2. The server includes the cookie in the response that it sends to the client.
3. When the client receives the response, the browser stores the cookie in the cookie
directory, which is sorted by the server domain name.
Web Caching: Proxy Server

• A proxy server is a computer that keeps copies of responses to

recent requests.
• The HTTP client sends a request to the proxy server.
• The proxy server checks its cache. If the response is not stored in
the cache, the proxy
• server sends the request to the corresponding server.
• Incoming responses are sent to the proxy server and stored for
future requests from other clients.
• The proxy server reduces the load on the original server,
decreases traffic, and improves latency.
FTP
• FTP is the standard protocol provided by TCP/IP for copying a file from one host
to another.
• Two systems may use different file name conventions. Two systems may have
different ways to represent data. Two systems may have different directory
structures.
• FTP is a better choice to transfer large files or to transfer files using different
formats.
• The client has three components: user interface, client control process, and the
client data transfer process.
• The server has two components: the server control process and the server data
transfer process.
• The control connection is made between the control processes.
• The data connection is made between the data transfer processes.
• The control connection uses very simple rules of communication - transfer only a
line of command or a line of response at a time.
• The data connection, on the other hand, needs more complex rules due to the
variety of data types transferred.
Lifetimes of Two Connections
• The control connection remains connected during the entire
interactive FTP session.
• The data connection is opened and then closed for each file transfer
activity.
• It opens each time commands that involve transferring files are used, and it
closes when the file is transferred.
• While the control connection is open, the data connection can be
opened and closed multiple times if several files are transferred.
• FTP uses two well-known TCP ports: port 21 is used for the control
connection, and port 20 is used for the data connection.
 Control Connection
• It uses the NVT ASCII character set.
• Communication is achieved through commands and responses.
• This simple method is adequate for the control connection because we
send one command (or response) at a time.
• Each line is terminated with a two-character (carriage return and line
feed) end-of-line token.
• During this control connection, commands are sent from the client to
the server and responses are sent from the server to the client.
• Commands, which are sent from the FTP client control process, are in
the form of ASCII uppercase, which may or may not be followed by an
argument.
• Every FTP command generates at least one response. A response has two
parts: a three-digit number followed by text.
• The numeric part defines the code; the text part defines needed
parameters or further explanations.
• The first digit defines the status of the command.
• The second digit defines the area in which the status applies.
• The third digit provides additional information.
Data Connection
• Uses the well-known port 20 at the server site.

• The client, not the server, issues a passive open using an ephemeral port.
This must be done by the client because it is the client that issues the
commands for transferring files.

• The client sends this port number to the server using the PORT
command.

• The server receives the port number and issues an active open using the
well-known port 20 and the received ephemeral port number.
Communication over Data
Connection
• The purpose and implementation of the data connection are different from
those of the control connection.

• The client must define the type of file to be transferred, the structure of the
data, and the transmission mode.

• Before sending the file through the data connection, we prepare for
transmission through the control connection.

• The heterogeneity problem is resolved by defining three attributes of

communication: file type, data structure, and transmission mode.
Data Structure: file structure, record structure, or page structure.
The file structure format (used by default) has no structure. It is a
continuous stream of bytes.
In the record structure, the file is divided into records. Can be used only
with text files.
In the page structure, the file is divided into pages, with each page having
a page number and a page header. The pages can be stored and accessed
randomly or sequentially.
File Type: FTP can transfer one of the following file types across the data
connection: ASCII file, EBCDIC file, or image file.

Transmission Mode: stream mode, block mode, or compressed mode.

The stream mode is the default mode; data are delivered from FTP to TCP as
a continuous stream of bytes.
In the block mode, data can be delivered from FTP to TCP in blocks. In this
case, each block is preceded by a 3-byte header.
The first byte is called the block descriptor; the next two bytes define the size of the
block in bytes.
File Transfer

• File transfer occurs over the data connection under the control of the commands sent over
the control connection.

• File transfer in FTP means one of three things: retrieving a file (server to client), storing a
file (client to server), and directory listing (server to client).

Security for FTP

• Although FTP requires a password, the password is sent in plaintext (unencrypted), which
means it can be intercepted and used by an attacker.

• The data transfer connection also transfers data in plaintext, which is insecure.

• To be secure, one can add a Secure Socket Layer between the FTP application layer and the
 Electronic Mail
• Electronic mail (or e-mail) allows users to exchange messages.
How is E-mail different from HTTP and FTP??
• In an application such as HTTP or FTP, the server program is running all the time, waiting for a
request from a client.
• When the request arrives, the server provides the service. There is a request and there is a
response.
• In the case of electronic mail, the situation is different;
• E-mail is considered a one-way transaction.
• Neither feasible nor practical to keep running a server to receive a mail.
• Hence, the idea of client/server programming should be implemented in another way: using some
intermediate computers (servers).
• The users run only client programs when they want and the intermediate servers apply the
client/server paradigm.
• In a common scenario, both sender and receiver are connected over LAN or
WAN to two mail servers.
• The administrator has created one mailbox for each user where the received
messages are stored.
• A mailbox is part of a server hard drive, a special file with permission
restrictions. Only the owner of the mailbox has access to it.
• The administrator has also created a queue (spool) to store messages waiting
to be sent.
• The sender and receiver three different agents: a User Agent (UA), a Mail
Transfer Agent (MTA), and a Message Access Agent (MAA).
The electronic mail system needs two UAs, two pairs of MTAs (client and server), and a
pair of MAAs (client and server).
When sender wants to send a mail:
• The sender runs a UA program to prepare the message and send it to
sender’s mail server.
• The mail server at sender’s site uses a queue (spool) to store messages
waiting to be sent.
• The message, however, needs to be sent through the Internet from sender’s
site to receiver’s site using an MTA.
• Here two message transfer agents are needed: one client and one server.
• The server needs to run all the time but the client may be triggered by the
system when there is a message in the queue to be sent.
• The UA at the receiver’s site allows to read the received message. Receiver
later uses an MAA client to retrieve the message from an MAA server
running on the second server.
User Agent
• UA is a software package (program) that composes, reads, replies to, and
forwards messages.
• It also handles local mailboxes on the user computers.
• There are two types of user agents: command-driven and GUI-based.
Command Driven:
Normally accepts a one character command from the keyboard to perform its
task. Example, a user can type the character r, at the command prompt, to
reply to the sender of the message, or type the character R to reply to the
sender and all recipients. Examples: mail, pine, and elm.
GUI Based:
Allows the user to interact with the software by using both the keyboard and
the mouse. They have graphical components such as icons, menu bars, and
windows that make the services easy to access. Example: Eudora and Outlook
Sending Mail
• To send mail, the user, through the UA, creates a mail which has an envelope and
a message.
• The envelope usually contains the sender address, the receiver address, and other
information.
• The message contains the header and the body.
• The header of the message defines the sender, the receiver, the subject of the
message, and some other information.
• The body of the message contains the actual information to be read by the
recipient.
Receiving Mail
• The user agent is triggered by the user (or a timer). If a user has mail,
the UA informs the user with a notice.
• If the user is ready to read the mail, a list is displayed in which each line
contains a summary of the information about a particular message in
the mailbox.
• The summary usually includes the sender mail address, the subject, and
the time the mail was sent or received.
• The user can select any of the messages and display its contents on the
screen.
Addresses
The address consists of two parts: a local part and a domain name,
separated by an @ sign.
The local part defines the name of a special file, called the user mailbox,
where all the mail received for a user is stored for retrieval by the
message access agent.
The second part of the address is the domain name.
An organization usually selects one or more hosts to receive and send e-
mail; they are sometimes called mail servers or exchangers.
The domain name assigned to each mail exchanger either comes from the
DNS database or is a logical name
Message Transfer Agent: SMTP
• The formal protocol that defines the MTA client and server in the
Internet is called Simple Mail Transfer Protocol (SMTP).
• SMTP is used two times, between the sender and the sender’s mail
server and between the two mail servers.
Commands and Responses
• SMTP uses commands and responses to transfer messages between an
MTA client and an MTA server.
• The command is from an MTA client to an MTA server; the response is
from an MTA server to the MTA client.
• Each command or reply is terminated by a two character (carriage
return and line feed) end-of-line token.
Responses