3 Chapter2

Chapter 2
Application Layer
A note on the use of these ppt slides:
Were making these slides freely available to all (faculty, students, readers).
Theyre in PowerPoint form so you see the animations; and can add, modify,
and delete slides (including this one) and slide content to suit your needs.
They obviously represent a lot of work on our part. In return for use, we only
ask the following:
! If you use these slides (e.g., in a class) that you mention their source
(after all, wed like people to use our book!)
! If you post any slides on a www site, that you note that they are adapted
from (or perhaps identical to) our slides, and note our copyright of this
material.
Computer
Networking: A Top
Down Approach
6th edition
Jim Kurose, Keith Ross
Addison-Wesley
March 2012
Thanks and enjoy! JFK/KWR

All material copyright 1996-2012
J.F Kurose and K.W. Ross, All Rights Reserved
Application Layer 2-1
Chapter 2: outline
2.1 principles of network
applications
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
2.6 P2P applications

2.7 socket programming
with UDP and TCP
" SMTP, POP3, IMAP
2.5 DNS
Network applications
This is why we have
computer networks
! 70s and 80s
!
" Voice-over-IP (think skype)

" user generated video (think
YouTube)
" movies on demand (think
Netflix)
" multi-user online gaming
" text email, remote

access to computers,
file transfer,
newsgroups
!
Since 2000s
Second Life, World of Warcraft
mid 90s
" Online social networks
" world wide web
Facebook, Twitter
Web surf, search,

electronic commerce
" instant messaging +

p2p file sharing
Your application next

discussion question
!
Get in groups of two or three

" pick someone else to take notes
Two observations:
" Several folks have plans to own their own businesses
" Chapter two statement: ..some of the readerswill
create the next generation of killer Internet
applications
Imagine that your networking expertise have

drawn the attention of a venture capitalist
interested in networked applications. Take one
minute to brainstorm about a new networked
application you might pitch to the VC.
Creating a network app

write programs that:
! run on (different) end systems
! communicate over network
! e.g., web server software
communicates with browser
software
no need to write software for
network-core devices
! network-core devices do not
run user applications
! applications on end systems
allows for rapid app
development, propagation
application
transport
network
data link
physical
application
transport
network
data link
physical
application
transport
network
data link
physical
Application architectures
possible structure of applications:
??
Application architectures
possible structure of applications:
! client-server
! peer-to-peer (P2P)
Client-server architecture
server:
!
!
!
always-on host
permanent IP address
data centers for scaling
clients:
!
client/server
!
!
!
communicate with server

may be intermittently
connected
may have dynamic IP
addresses
do not communicate directly
with each other
P2P architecture
!
!
!
no always-on server
arbitrary end systems
directly communicate
peers request service from
other peers, provide service
in return to other peers
" self scalability new
peers bring new service
capacity, as well as new
service demands
peers are intermittently
connected and change IP
addresses
" complex management
peer-peer
Processes communicating
Say what?
Processes communicating
clients, servers
client process: process that
process: program running

within a host
!
within same host, two

processes communicate
using inter-process
communication (defined by
OS)
processes in different hosts
communicate by exchanging
messages
initiates communication
server process: process that
waits to be contacted
aside: applications with P2P

architectures have client
processes & server
processes
Sockets
!
!
process sends/receives messages to/from its socket

socket analogous to door
" sending process shoves message out door
" sending process relies on transport infrastructure on
other side of door to deliver message to socket at
receiving process
Application Programming Interface (API)
application
process
socket
application
process
transport
transport
network
network
link
link
physical
Internet
controlled by
app developer
controlled
by OS
physical
Addressing processes
!
How do I find a process

when my app want to talk
to it?
Addressing processes
!
!
!
!
to receive messages,
process must have identifier
host device has unique 32bit IP address
Q: does IP address of host
on which process runs
suffice for identifying the
process?
" A: no, many processes
can be running on same
host
identifier includes both IP

address, port numbers and
transport protocol
associated with process on
host.
" Five tuple (sr/dst IP, src/dst
port, protocol)
example port numbers:

" HTTP server: 80, mail server:
25
!
!
protocol: TCP, UDP

to send HTTP message to
gaia.cs.umass.edu web
server:
" IP address: 128.119.245.12
" port number: 80
" protocol: TCP
What transport service does an app need?

!
What does/could the

network provide to
apps?
What transport service does an app need?

data integrity (reliable data
transfer)
! some apps (e.g., file transfer,
web transactions) require
100% reliable data transfer
! other apps (e.g., audio) can
tolerate some loss
timing
! some apps (e.g., Internet
telephony, interactive
games) require low delay
to be effective
throughput
! some apps (e.g.,
multimedia) require
minimum amount of
throughput to be
effective
! other apps (elastic apps)
make use of whatever
throughput they get
security
! encryption, data integrity,
Internet transport protocols services

!
What *does* the

Internet provide to
apps?
Internet transport protocols services

Transport Control Protocol
TCP service:
User Datagram Protocol

UDP service:
!
!
reliable transport between

sending and receiving
process
flow control: sender wont
overwhelm receiver
congestion control: throttle
sender when network
overloaded
connection-oriented: setup
required between client and
server processes
does not provide: timing,
minimum throughput
guarantee, security
unreliable data transfer

between sending and
receiving process
does not provide:
reliability, flow control,
congestion control,
timing, throughput
guarantee, security,
orconnection setup,
Q: why bother? Why is

there a UDP?
Securing TCP
How is TCP secured?
Securing TCP
TCP & UDP
! no encryption
! cleartext passwds sent
into socket traverse
Internet in cleartext
Secure Socket Layer
(SSL)
! provides encrypted
TCP connection
! data integrity
! end-point
authentication
SSL is at app layer

! Apps use SSL libraries,
which talk to TCP
SSL socket API
! cleartext passwds sent
into socket traverse
Internet encrypted
! See Chapter 8
10
Securing TCP
!
Note on sidebar in book:

" Was a sidebar on securing TCP (p94)
" Make sure you pay attention to sidebars
Often present interesting material you might encounter again
App versus application layer protocol

What is the difference between an application
and an application layer protocol?
(Or what exactly is an application layer
protocol?)
11
App-layer protocol defines

!
types of messages
exchanged,
" e.g., request, response
message syntax:
" what fields in messages
& how fields are
delineated
message semantics
" meaning of information
in fields
rules for when and how
processes send & respond
to messages
open protocols:
! defined in RFCs
! allows for interoperability
! e.g., HTTP, SMTP
proprietary protocols:
! e.g., Skype
BEFORE WE START
Introduction 1-27
12
tech news of interest (Kevin Glanville)

!
Lets Encrypt
" Goal is to automate server certificate management
set up server: automatically obtain browser-trusted certificate
no validation emails, no complicated configuration, no expired
certificates
" How?
domain validation: proves that server controls domain (name)

agent on server interacts with Lets Encrypt CA
CA: issues set of challenges
provision DNS record under domain name
provision HTTP resource under URI
proof that it controls the private key (of which public part
shared with CA)
CA verifies
automated certificate issue/revoke
https://letsencrypt.org/2015/11/12/public-beta-timing.html
Introduction 2-28
tech news of interest

!
Malware in the Hospital

" Story about fetal heart monitors that kept rebooting
Zotob worm: designed to steal credit card info,
caused machines to reboot
Not designed to attack healthcare devices, but
impacted anyway
" Medical devices run same OS as target, malware do

not distinguish
" Claim health care 15-25 years behind banking and
retail
disconcerting considering retail attacks (Home Depo,
Target..)
" Also, dont know what impact of malware is on

medical devices
!
http://www.slate.com/articles/technology/future_tense/2016/01/
malware_not_malicious_hackers_is_the_biggest_danger_to_internet
_connected.html
13
HA 0
!
Most significant achievement:

"
"
"
"
"
"
"
Getting married
Obtaining citizenship after being stateless
Winning big mountain skiing world championship
Winning international piano competition
Running marathon
Awarded Meritorious Service Medal in Afghanistan
Working as a wild-land firefighter for 6 seasons
HA 0
!

"
"
"
"
"
"
"
Getting married
Running marathon
" Staying alive up to this date
14
HA 0
!

"
"
"
"
"
"
"
Getting married
Running marathon
" Staying alive up to this date

" Signing up for CS 4480
HA 0
!
See yourself in 5 years:

" Done with law school
" Running on company/own startup
" Job where able to integrate art and programming
15
HA 0
!
See yourself in 10 years:

"
"
"
"
"
Own company
On verge of retirement, ready to see the world
The Boss
Sold startup
Working less and making more. Hopefully off my
sailboat
HA 0
!
Most meaningful courses:

"
"
"
"
"
3500/3505
2420
1400/1410
3810
Mobile development
16
HA 0
!
Most meaningful courses:

"
"
"
"
"
3500/3505
2420
1400/1410
3810
Mobile development
" Many other mentioned

getting great education..
HA 0
!
Hoping to get out of class

" Form new friendships with peers through class
discussions
Other networking is (also) important
17
plan for today

Finish discussion about HTTP
! Talk about PA 1
! Talk about socket programming
!
Chapter 2: outline
applications
" app architectures
" app requirements

with UDP and TCP
2.2 Web and HTTP

2.3 FTP
2.4 electronic mail
" SMTP, POP3, IMAP
2.5 DNS
18
Web and HTTP

What would you say is the key thing that the Web
enables?
Web and HTTP

The application layer *protocol* here is concerned
with what?
19
Web and HTTP

How is content defined on the Web?
Web and HTTP

First, a review
web page consists of objects
! object can be HTML file, JPEG image, Java applet,
audio file,
! web page consists of base HTML-file which
includes several referenced objects
! each object is addressable by a URL, e.g.,
!
www.someschool.edu/someDept/pic.gif
host name
path name
20
HTTP overview
HTTP: hypertext
transfer protocol
!
!
Webs application layer

protocol
client/server model
" client: browser that
requests, receives,
(using HTTP protocol)
and displays Web
objects
" server: Web server
sends (using HTTP
protocol) objects in
response to requests
PC running
Firefox browser
HT
TP
r
equ
est
HT
TP
res
pon
se
st
ue
eq
r
e server
TP
ns running
po
HT
s
re
Apache Web
TP
server
HT
iphone running
Safari browser
HTTP overview
!
What transport layer does HTTP use?
21
HTTP overview
!
What do we mean when we say HTTP is stateless?
" I thought TCP was stateful? Doesnt that make HTTP stateful?
HTTP connections
!
We talk about HTTP connection being persistent or nonpersistent

" What does that mean?
" Why do we care?
22
Non-persistent HTTP: response time

Round trip time (RTT)
(definition): time for a small
packet to travel from client
to server and back
HTTP response time:
! one RTT to initiate TCP
connection
! one RTT for HTTP request
and first few bytes of HTTP
response to return
! file transmission time
! non-persistent HTTP
response time =
2RTT+ file transmission
time
initiate TCP
connection
RTT
request
file
time to
transmit
file
RTT
file
received
time
time
Persistent HTTP
non-persistent HTTP issues:
!
!
!
requires 2 RTTs per object

OS overhead for each TCP
connection
browsers often open
parallel TCP connections
to fetch referenced objects
persistent HTTP:
!
server leaves connection

open after sending
response
subsequent HTTP
messages between same
client/server sent over
open connection
client sends requests as
soon as it encounters a
referenced object
(pipelining)
as little as one RTT for all
the referenced objects
23
HTTP example request message
GET /index.html HTTP/1.1\r\n

Host: www-net.cs.umass.edu\r\n
User-Agent: Firefox/3.6.10\r\n
Accept: text/html,application/xhtml+xml\r\n
Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n
\r\n
HTTP example request message

!
!
two types of HTTP messages: request, response

HTTP request message:
" ASCII (human-readable format)
request line
(GET, POST,
HEAD commands)
header
lines
carriage return,
line feed at start
of line indicates
end of header lines
carriage return character

line-feed character
GET /index.html HTTP/1.1\r\n

Host: www-net.cs.umass.edu\r\n
User-Agent: Firefox/3.6.10\r\n
Accept: text/html,application/xhtml+xml\r\n
Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n
\r\n
24
HTTP example response message

HTTP/1.1 200 OK\r\n
Date: Sun, 26 Sep 2010 20:09:20 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
Last-Modified: Tue, 30 Oct 2007 17:00:02 GMT
\r\n
ETag: "17dc6-a5c-bf716880"\r\n
Accept-Ranges: bytes\r\n
Content-Length: 2652\r\n
Keep-Alive: timeout=10, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html;
charset=ISO-8859-1\r\n
\r\n
data data data data data ...
HTTP response message

status line
(protocol
status code
status phrase)
header
lines
data, e.g.,
requested
HTML file
HTTP/1.1 200 OK\r\n

Date: Sun, 26 Sep 2010 20:09:20 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
Last-Modified: Tue, 30 Oct 2007 17:00:02 GMT
\r\n
ETag: "17dc6-a5c-bf716880"\r\n
Accept-Ranges: bytes\r\n
Content-Length: 2652\r\n
Keep-Alive: timeout=10, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html;
charset=ISO-8859-1\r\n
\r\n
data data data data data ...
25
HTTP response status codes

! status
code appears in 1st line in server-toclient response message.

! some sample codes:
200 OK
" request succeeded, requested object later in this msg
301 Moved Permanently

" requested object moved, new location specified later in this msg
(Location:)
400 Bad Request

" request msg not understood by server
404 Not Found

" requested document not found on this server
505 HTTP Version Not Supported

Many more (see RFC 2616)
HTTP request message

!
Can an HTTP request message have an entity

body??
26
Trying out HTTP (client side) for yourself

1. Telnet to your favorite Web server:
telnet cis.poly.edu 80
opens TCP connection to port 80

(default HTTP server port) at cis.poly.edu.
anything typed in sent
to port 80 at cis.poly.edu
2. type in a GET HTTP request:

GET /~ross/ HTTP/1.1
Host: cis.poly.edu
by typing this in (hit carriage

return twice), you send
this minimal (but complete)
GET request to HTTP server
3. look at response message sent by HTTP server!

Should get a 301 Moved Permanently response!

1. Telnet to a different server:
telnet www.cs.utah.edu 80
2. type in a GET HTTP request:

GET /~kobus/simple.html HTTP/1.1
Host: www.cs.utah.edu
3. look at response message sent by HTTP server!

(or use Wireshark to look at captured HTTP request/response)
27

!
Why does that work?

GET /~kobus/simple.html HTTP/1.1
Host: www.cs.utah.edu
Why have a Host header line?
28
group discussion question

Form groups of three or four
! Take 1 minute to discuss:
!
Cookies are very commonly used on the Web.

Explain what they are are why they are needed.
Cookies: keeping state (cont.)

client
ebay 8734
cookie file
ebay 8734
amazon 1678
server
usual http request msg
usual http response
set-cookie: 1678
cookie: 1678
usual http response msg
Amazon server
creates ID
1678 for user create backend
entry database
cookiespecific
action
one week later:

ebay 8734
amazon 1678
access
access
cookie: 1678
usual http response msg
cookiespecific
action
29
Proxy Server (e.g., web caches)

intermediary between client and server
!
!
!
Example: caching proxy

user sets browser: Web
accesses via cache
browser sends all HTTP
requests to cache
" object in cache: cache
returns object
" else cache requests
object from origin
server, then returns
object to client
HT
TP
r
H
client TTP
equ
res
pon
e
qu
proxy
server
est
se
st
t
ues
req
P
e
T
ons origin
HT
esp
r
TP
server
HT
re
e
ns
TP
po
HT
es
r
TP
HT
client
origin
server
Why proxy servers?

!
Performance
" E.g., caching proxy
Serve content from local (or close by) proxy cache
Reduce delay in getting content
Serve locally at higher bitrate
" One of building blocks of content distribution

networks (CDNs)
E.g., Akamai
30
Why proxy servers? (cont)

!
Content filtering and transformation

" Block content based on blacklist/whitelist
" Transform content for display on handheld devices
Privacy
" Web servers log information about incoming requests
(e.g., IP address, browser, OS etc.)
" If user want to access Web anonymously
Using an anonymizing proxy (or network of proxies), e.g., Tor
(https://www.torproject.org)
But we didnt talk about proxies as being

part of the core network
source
message
application
transport
Hn Ht
network
Hl Hn Ht
segment
datagram
frame
Ht
Remember this Figure?
link
physical
link
physical
switch
destination
M
application
Ht
transport
Hn Ht
network
Hl Hn Ht
link
Hn Ht
Hl Hn Ht
network
link
physical
Hn Ht
router
physical
31
But we didnt talk about proxies as being

part of the core network
source
message
segment
application
Ht
transport
Hn Ht
network
Hl Hn Ht
datagram
frame
proxy
application
M
Ht
Hn Ht
Hl Hn Ht
link
physical
transport
network
link
physical
With a proxy
Is the proxy in
the network?
destination
M
application
Ht
transport
Hn Ht
network
Hl Hn Ht
link
physical
Is the proxy in the network?

source
Where is the network?
message
Ht
segment
datagram
Hl
frame
application
transport
Hn Ht
Hn Ht
proxy
M
network
link
Hl
physical
source
message
M
M
applicatio
n
datagram Hn Ht
transport
Hl Hn Ht
network
segment
frame
Ht
link
physical
Ht
Hn Ht
Hl Hn Ht
transport
network
physical
M
M
transport
network
link
physical
destination
applicatio
n
link
Hn Ht
proxy
M
Ht
Hn Ht
application
Hl
application
transport
Ht
Hn Ht
Hn Ht
network
link
physical
B
destination
M
Ht
applicatio
n
Hn Ht
transport
Hl Hn Ht
network
link
physical
A: a distributed application
B: violation of end-to-end
principle (see RFC 3724)
32
How to go through a proxy server?

!
!
!
!
Set manually
This is what you
will be doing for
PA1
Can also be
done via a proxy
configuration file
Or,
automatically
Or,
transparently
(using WCCP)
Or, using 3xx
redirection
status
BEFORE WE START
Introduction 1-87
33

!
DDoS: Website-crippling cyber-attacks to rise in 2016

" DDoS attack victims in past month:
Irish National Lottery, BBC
" Arms race between good and bad

Arbor networks: data from their Atlas system, in 300
provider networks
" Attacks getting bigger and more sophisticated

> 200 in 2015: > 100 Gbps; largest: 500 Gbps
" Analyze website before launch attack:

adding something to shopping basket: heavy processing;
attack that
" Various motivations:

criminals showing power, businesses attacking competitors,
ideological attacks
!
" Needs more sophisticated tools

http://www.bbc.com/news/technology-35376327

!
Verizon FiOS default speed now 50 Mbps

double FCCs broadband definition
" Phasing out 25 Mbps service, making 50 Mbps default
" Still offers 512 kbps
where doing DSL instead of fiber
can go up to 15 Mbps (if close to facilities)
" FiOS: 50 Mbps to 500 Mbps

" At same time complains about FCC definition of
broadband
went from 4 Mbps down/ 1 Mbps up to:

25 Mbps down/ 3 Mbps up
http://arstechnica.com/business/2016/01/verizon-fios-default-speednow-50mbps-double-fccs-broadband-definition/
34
plan for today (and Monday)

Finish up talking about sockets
! Try to cover FTP, mail and DNS
! Monday: finish up Chapter 2
!
Chapter 2: outline
applications
" app architectures
" app requirements

with UDP and TCP
2.2 Web and HTTP

2.3 FTP
2.4 electronic mail
" SMTP, POP3, IMAP
2.5 DNS
35
FTP: the file transfer protocol

FTP
user
interface
user
at host
file transfer
FTP
client
FTP
server
remote file
system
local file
system
FTP: separate control, data connections

!
!
!
FTP client contacts FTP server

at port 21, using TCP
client authorized over control
connection
client browses remote
directory, sends commands
over control connection
when server receives file
transfer command, server
opens 2nd TCP data
connection (for file) to client
after transferring one file,
server closes data connection
TCP control connection,

server port 21
FTP
client
!
!
!
TCP data connection,

server port 20
FTP
server
server opens another TCP

data connection to transfer
another file
control connection: out of
band
FTP server maintains
state: current directory,
earlier authentication
36

!
!
!

connection
opens 2nd TCP data

server port 21
FTP
client
!

server port 20
FTP
server
Why is this a problem with

a firewall?

!
!
!

connection
opens 2nd TCP data

server port 21
FTP
client
!

server port 20
FTP
server
Why is this a problem with

a firewall?
Solution: passive FTP

! client opens both
connections
37
Chapter 2: outline
applications
" app architectures
" app requirements

with UDP and TCP
2.2 Web and HTTP

2.3 FTP
2.4 electronic mail
" SMTP, POP3, IMAP
2.5 DNS
Electronic mail
Three major components:
???
38
Electronic mail
outgoing
message queue
Three major components:

!
!
!
user agents
mail servers
simple mail transfer
protocol: SMTP
User Agent
!
!
!
!
a.k.a. mail reader

composing, editing, reading
mail messages
e.g., Outlook, Thunderbird,
iPhone mail client
outgoing, incoming
messages stored on server
user
agent
user mailbox
mail
server
user
agent
SMTP
mail
server
user
agent
SMTP
user
agent
SMTP
mail
server
user
agent
user
agent
Electronic mail: mail servers

mail servers:
!
!
!
mailbox contains incoming

messages for user
message queue of outgoing
(to be sent) mail messages
SMTP protocol between mail
servers to send email
messages
" client: sending mail
server
" server: receiving mail
server
user
agent
mail
server
user
agent
SMTP
mail
server
user
agent
SMTP
SMTP
mail
server
user
agent
user
agent
user
agent
39
Scenario: Alice sends message to Bob
1
2
4
5
Scenario: Alice sends message to Bob

1) Alice uses UA to compose
message to
bob@someschool.edu
2) Alices UA sends message to
her mail server; message
placed in message queue
3) client side of SMTP opens
TCP connection with Bobs
mail server
1 user
agent
2
mail
server
3
Alices mail server
4) SMTP client sends Alices

message over the TCP
connection
5) Bobs mail server places the
message in Bobs mailbox
6) Bob invokes his user agent
to read message
user
agent
mail
server
4
6
5
Bobs mail server
40
Sample SMTP interaction

S:
C:
S:
C:
S:
C:
S:
C:
S:
C:
C:
C:
S:
C:
S:
220 hamburger.edu
HELO crepes.fr
250 Hello crepes.fr, pleased to meet you
MAIL FROM: <alice@crepes.fr>
250 alice@crepes.fr... Sender ok
RCPT TO: <bob@hamburger.edu>
250 bob@hamburger.edu ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Do you like ketchup?
How about pickles?
.
250 Message accepted for delivery
QUIT
221 hamburger.edu closing connection
Try SMTP interaction for yourself:

!
!
!
telnet servername 25
see 220 reply from server
enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
commands
above lets you send email without using email client (reader)
Not that easy nowadays
41
Try SMTP with cs.utah.edu:

telnet smtps.cs.utah.edu 25
Trying 155.98.64.241...
Connected to mail-svr1.cs.utah.edu.
Escape character is '^]'.
220 mail-svr1.cs.utah.edu ESMTP
HELO fubar.com
250 mail-svr1.cs.utah.edu
MAIL FROM: <kobus@fubar.com>
250 2.1.0 Ok
RCPT TO: <kobus@cs.utah.edu>
554 5.7.1
<c-67-182-233-36.hsd1.ut.comcast.net[67.182.233.36]>:
Client host rejected: Access denied
Try SMTP with flux.utah.edu (1):

telnet smtp.flux.utah.edu 25
Trying 155.98.63.200...
Connected to slow.flux.utah.edu.
Escape character is '^]'.
220 slow.flux.utah.edu ESMTP Sendmail 8.14.5/8.14.5; Tue,
22 Jan 2013 22:25:42 -0700 (MST)
HELO fubar.com
250 slow.flux.utah.edu Hello vpn8.flux.utah.edu
[155.98.60.232], pleased to meet you
MAIL FROM: <kobus@fubar.com>
250 2.1.0 <kobus@fubar.com>... Sender ok
42
Try SMTP with flux.utah.edu (2):

RCPT TO: <kobus@flux.utah.edu>
250 2.1.5 <kobus@flux.utah.edu>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
This is a test.
.
250 2.0.0 r0N5PgWp095771 Message accepted for
delivery
QUIT
221 2.0.0 slow.flux.utah.edu closing connection
Connection closed by foreign host.
Group discussion question

Form groups of three or four
! Take 1 minute to discuss:
!
Given your understanding of the electronic mail

system, why is it possible/easy to send SPAM?
43
What is the difference

MAIL FROM: <alice@crepes.fr>
From: alice@crepes.fr
Chapter 2: outline
applications
" app architectures
" app requirements

with UDP and TCP
2.2 Web and HTTP

2.3 FTP
2.4 electronic mail
" SMTP, POP3, IMAP
2.5 DNS
44
DNS: services, structure

DNS services
!
???

DNS services
!
!
hostname to IP address
translation
host aliasing
" canonical, alias names
!
!
mail server aliasing

load distribution
" replicated Web
servers: many IP
addresses correspond
to one name
45

DNS services
!
!
hostname to IP address
translation
host aliasing
" canonical, alias names
!
!
mail server aliasing

load distribution
" replicated Web
servers: many IP
addresses correspond
to one name
why not centralize DNS?

!
!
!
!
single point of failure

traffic volume
distant centralized database
maintenance
A: doesnt scale!
DNS: a distributed, hierarchical database
Say what?
46
DNS: a distributed, hierarchical database

Root DNS Servers
com DNS servers
org DNS servers
yahoo.com
amazon.com
DNS servers DNS servers
pbs.org
DNS servers
edu DNS servers

poly.edu
umass.edu
DNS serversDNS servers
Root servers -> TLD servers -> authoritative servers

client wants IP for www.amazon.com; 1st approx:
!
!
!
client queries root server to find com DNS server

client queries .com DNS server to get amazon.com DNS server
client queries amazon.com DNS server to get IP address for
www.amazon.com
DNS: root name servers: 2006

!
!
contacted by local name server that can not resolve name

root name server:
" contacts authoritative name server if name mapping not known
" gets mapping
" returns mapping to local name server
c. Cogent, Herndon, VA (5 other sites)
d. U Maryland College Park, MD
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites )
e. NASA Mt View, CA
f. Internet Software C.
Palo Alto, CA (and 48 other
sites)
a. Verisign, Los Angeles CA
(5 other sites)
b. USC-ISI Marina del Rey, CA
l. ICANN Los Angeles, CA
(41 other sites)
g. US DoD Columbus,
OH (5 other sites)
k. RIPE London (17 other sites)

i. Netnod, Stockholm (37 other sites)
m. WIDE Tokyo
(5 other sites)
13 root name
servers
worldwide
47
http://www.root-servers.org
http://www.root-servers.org
48
DNS: root name servers

root servers: network of hundreds of servers
across the world
! thirteen named authorities:
!
" a.root-servers.net through m.root-servers.net

" managed by different organizations
!
many use IP anycast
TLD, authoritative servers

top-level domain (TLD) servers:
" responsible for com, org, net, edu, aero, jobs, museums,
and all top-level country domains, e.g.: uk, fr, ca, jp
generic TLD (gTLD): .com, .org

country-code TLD (ccTLD): .us, .uk
open (unsponsored): .com
sponsored: .coop, .travel, .aero
" Verisign maintains servers for .com TLD

" Educause for .edu TLD
authoritative DNS servers:

" organizations own DNS server(s), providing authoritative
hostname to IP mappings for organizations named hosts
" can be maintained by organization or service provider
49
Local DNS name server

!
What is this?
Local DNS name server

aka local resolver
! does not strictly belong to hierarchy
! each ISP (residential ISP, company, university) has
one
!
" also called default name server

!
when host makes DNS query, query is sent to its

local DNS server
" has local cache of recent name-to-address translation
pairs (but may be out of date!)
" acts as proxy, forwards query into hierarchy
50
BEFORE WE START
Introduction 1-134

!
NSA Hacker Chief Explains How to Keep Him Out of

Your System
" Talk at Usenix Enigma conference
" Rob Joyce: head of NSA Tailored Access Operations
responsible for breaking into systems of foreign
adversaries
" Didnt reveal much about TAO, talked about security best
practices
" World of advanced persistent treats (APT): look for administrator
credentials: opens up kingdom
" No vulnerability too insignificant to exploit, including temporary
cracks
" Personal devices: attack vectors (kids playing games, getting
malware)
" Keep out: monitor network/system, pay attention to what you
see
!
http://www.wired.com/2016/01/nsa-hacker-chief-explains-how-to-keep-himout-of-your-system/
51

!
Googles Project SkyBender Aims For 5G

Internet Connection With Solar-Powered Drones
"
"
"
"
solar drones with 5G wireless

conducting experiments
fast and uninterrupted Internet access from the sky
uses millimeter wavelengths
not currently being used for cellular
has issues
but plenty spectrum available
http://www.bidnessetc.com/62374-googles-googproject-skybender-aims-for-5g-internetconnection-with-solarpo/
plan for today

Finish up DNS
! Talk about P2P
!
Wednesday:
" Away at an NSF workshop
" Prof. Eric Eide will start you off on Chapter 3
52
Chapter 2: outline
with UDP and TCP

applications
" app architectures
" app requirements
2.2 Web and HTTP

2.3 FTP
2.4 electronic mail
" SMTP, POP3, IMAP
2.5 DNS
DNS name
resolution example
!
???
host at cis.poly.edu
wants IP address for
gaia.cs.umass.edu
???
4
5
???
dns.poly.edu
6
???
requesting host
cis.poly.edu
gaia.cs.umass.edu
53
Your own
DNS name
root DNS server
want your own domain

name:
myowndomain.com
!
TLD DNS server
" www.myowndomain.com
local DNS server
dns.poly.edu
authoritative DNS server
requesting host
cis.poly.edu
www.myowndomain.com
Your own
DNS name
root DNS server
want your own domain

name:
myowndomain.com
!
TLD DNS server
" www.myowndomain.com
local DNS server
What do you need

to do?
dns.poly.edu
authoritative DNS server
requesting host
cis.poly.edu
www.myowndomain.com
54
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
value, type, ttl)
type=A
" name ?
" value ?
DNS records
RR format: (name,
value, type, ttl)
type=A
" name is hostname
" value is IP address
" (www-vip.cs.utah.edu,
155.98.65.24, A)
55
DNS records
RR format: (name,
value, type, ttl)
type=A
" name is hostname
155.98.65.24, A)
type=NS
" name ?
" value ?
DNS records
RR format: (name,
value, type, ttl)
type=A
" name is hostname
155.98.65.24, A)
type=NS
" name is domain (e.g.,
foo.com)
" value is hostname of
authoritative name
server for this domain
" (cs.utah.edu,
ns1.cs.utah.edu, NS)
56
DNS records
RR format: (name,
type=A
" name is hostname
155.98.65.24, A)
value, type, ttl)
type=CNAME
" name ?
" value ?
type=NS
foo.com)
authoritative name
" (cs.utah.edu,
DNS records
RR format: (name,
type=A
" name is hostname
155.98.65.24, A)
type=NS
foo.com)
authoritative name
" (cs.utah.edu,
value, type, ttl)
type=CNAME
" name is alias name for some
canonical (the real) name
" value is canonical name
" (www.cs.utah.edu, wwwvip.cs.utah.edu, CNAME)
57
DNS records
RR format: (name,
type=A
" name is hostname
155.98.65.24, A)
type=CNAME
type=NS
foo.com)
authoritative name
" (cs.utah.edu,
value, type, ttl)
type=MX
" name ?
" value ?
DNS records
RR format: (name,
type=A
" name is hostname
155.98.65.24, A)
type=NS
foo.com)
authoritative name
" (cs.utah.edu,
value, type, ttl)
type=CNAME
type=MX
" value is name of mailserver
associated with name
" (cs.utah.edu,mailsvr1.cs.utah.edu, MX)
58
DNS protocol, messages

2 bytes
2 bytes
identification
flags
# questions
# answer RRs
# authority RRs
# additional RRs
questions (variable # of questions)

answers (variable # of RRs)
authority (variable # of RRs)
additional info (variable # of RRs)
DNS records: dig www.cs.utah.edu

..snip..
;; QUESTION SECTION:
;www.cs.utah.edu.
IN
;; ANSWER SECTION:
www.cs.utah.edu.
3600 IN
vip.cs.utah.edu.
www-vip.cs.utah.edu. 28800 IN
;; AUTHORITY SECTION:
cs.utah.edu.
28800 IN
cs.utah.edu.
28800 IN
CNAME
www-
155.98.65.24
NS
NS
ns1.cs.utah.edu.
ns2.cs.utah.edu.
59
DNS records: dig www.cs.utah.edu (cont)

..snip..
;; ADDITIONAL SECTION:
ns1.cs.utah.edu.
3600 IN
ns2.cs.utah.edu.
3600 IN
A
A
155.98.64.70
155.98.64.71
DNS records: dig MX cs.utah.edu

..snip..
;; QUESTION SECTION:
;cs.utah.edu.
;; ANSWER SECTION:
cs.utah.edu.
3600
svr1.cs.utah.edu.
cs.utah.edu.
3600
svr3.cs.utah.edu.
IN
MX
IN
MX
10 mail-
IN
MX
20 mail-
60
DNS records: dig MX cs.utah.edu (cont)

..snip..
;; AUTHORITY SECTION:
cs.utah.edu.
28800 IN
cs.utah.edu.
28800 IN
NS
NS
ns1.cs.utah.edu.
ns2.cs.utah.edu.
;; ADDITIONAL SECTION:
mail-svr1.cs.utah.edu. 600
mail-svr3.cs.utah.edu. 600
ns1.cs.utah.edu.
3600
ns2.cs.utah.edu.
3600
A
A
A
A
155.98.64.241
155.98.64.214
155.98.64.70
155.98.64.71
IN
IN
IN
IN
Attacking DNS
How?
61
Attacking DNS
DDoS attacks
! Bombard root servers
with traffic
" Not successful to date
" Traffic Filtering
" Local DNS servers
cache IPs of TLD
servers, allowing root
server bypass
!
Bombard TLD servers

" Potentially more
dangerous
" Local caching limit
impact
Redirect attacks
! Man-in-middle
" Intercept queries
!
DNS poisoning
" Send bogus replies to DNS server,
which caches
" E.g., Kaminsky DNS vulnerability
" Tricky to pull off
Exploit DNS for DDoS

! Send queries with spoofed
source address: target IP
! Requires amplification
(response much larger than
attack)
! Potentially worse with DNSSEC
DNS protocol, messages

2 bytes
2 bytes
msg header
identification
flags
identification: 16 bit # for query,

reply to query uses same #
! 65536 possible values
! not that large
! easy to predict
! DNS poisoning attack
! Kaminsky:
http://www.linuxjournal.com/
content/understanding-kaminskysdns-bug
# questions
# answer RRs
# authority RRs
# additional RRs
questions (variable # of questions)

answers (variable # of RRs)
authority (variable # of RRs)
additional info (variable # of RRs)
62
discussion question
!
Get into groups of two or three

" select note taker
Take one minute to discuss:

" Could the Internet have worked without the DNS
system? E.g., consider the fact that the phone system is
still working without an automated directory service
Chapter 2: outline
applications
" app architectures
" app requirements

with UDP and TCP
2.2 Web and HTTP

2.3 FTP
2.4 electronic mail
" SMTP, POP3, IMAP
2.5 DNS
63
File distribution: client-server vs P2P

Question: how much time to distribute file (size F) from
one server to N peers?
" peer upload/download capacity is limited resource
us: server upload
capacity
file, size F
server
uN
dN
u1
us
d1
u2
di: peer i download

capacity
d2
di
network (with abundant

bandwidth)
ui
ui: peer i upload
capacity
File distribution time: client-server

!
server transmission: must

sequentially send (upload) N
file copies:
" time to send one copy: F/us
us
di
network
" time to send N copies: NF/us

!
ui
client: each client must

download file copy
" dmin = min client download rate
" min client download time: F/dmin
time to distribute F
to N clients using
client-server approach
Dc-s > max{NF/us,,F/dmin}

increases linearly in N
64
File distribution time: P2P

!
server transmission: must

upload at least one copy
us
" time to send one copy: F/us

!
di
client: each client must

download file copy
network
ui
" min client download time: F/dmin

!
clients: as aggregate must download NF bits

" max upload rate (limting max download rate) is us + ui
time to distribute F
to N clients using
P2P approach
DP2P > max{F/us,,F/dmin,,NF/(us + ui)}
increases linearly in N
but so does this, as each peer brings service capacity
Client-server vs. P2P: example

client upload rate = u, F/u = 1 hour, us = 10u, dmin us
Minimum Distribution Time
3.5
P2P
Client-Server
3
2.5
2
1.5
1
0.5
0
0
10
15
20
25
30
35
N
65
discussion: BitTorrent
Get into groups of two or three
! Take turns to explain to each other (in 1.5
minutes):
!
" The basic mechanism of how BitTorrent works

" The mechanism BitTorrent uses to try to ensure that
there is an equal number of all chunks in the torrent
" The mechanism BitTorrent uses to allow compatible
peers to find each other
" The mechanism BitTorrent uses to bootstrap new
peers joining the torrent
Distributed Hash Table (DHT)

! What
is the basic goal?
Application 2-176
66

! How
is it done?
Application 2-177

! DHT:
a distributed P2P database

! database has (key, value) pairs; examples:
" key: ss number; value: human name
" key: movie title; value: IP address
! Distribute
the (key, value) pairs over the

(millions of peers)
! a peer queries DHT with key
" DHT returns values that match the key
! peers
can also insert (key, value) pairs

Application 2-178
67
Q: how to assign keys to peers?

! central
issue:
" assigning (key, value) pairs to peers.

How to assign keys?
Application 2-179
Q: how to assign keys to peers?

! central
issue:
" assigning (key, value) pairs to peers.

! basic
idea:
" convert each key to an integer by hashing

" Assign integer to each peer
" put (key,value) pair in the peer that is closest
to the key
Application 2-180
68
Q: how to find content?

! central
issue:
" have key, looking for value

" which peer to send it to?
Application 2-181
Q: how to find content?

! central
issue:
" have key, looking for value

" which peer to send it to?
" same thing: hash key, send to peer associated
with that integer
Application 2-182
69
Circular DHT (1)
! What
is the deal?
Application 2-185
Circular DHT (1)

1
3
15
4
12
5
10
! each
peer only aware of immediate successor and

predecessor.
! overlay network
Application 2-186
70
Circular DHT (1)
! But
why?
Application 2-187
Circular DHT (1)

O(N) messages
on avgerage to resolve
query, when there
I am
are N peers
0001
Whos responsible
for key 1110 ?
0011
1111
1110
0100
1110
1110
1100
1110
Define closest
as closest
successor
1110
0101
1110
1010
1000
Application 2-188
71
Circular DHT with shortcuts

1
3
Whos responsible
for key 1110?
15
4
12
5
10
!
!
!
each peer keeps track of IP addresses of predecessor,

successor, short cuts.
reduced from 6 to 2 messages.
possible to design shortcuts so O(log N) neighbors, O(log N)
messages in query
Application 2-189
How to deal with churn?
! What
happens when a peer leaves/joins?
Application 2-191
72
What about stored content?

! Explained
how the DHT deals with nodes joining/

leaving in the context of efficient queries
! Node contain some content
" key, value pairs
! This
is lost when a node leaves
Application 2-192
What about stored content?

! Explained
how the DHT deals with nodes joining/

leaving in the context of efficient queries
! Node contain some content
" key, value pairs
! This
is lost when a node leaves

! Solution is some form of replication.
" E.g., content might be kept at closest node and
replicated to its successor node(s)
http://www.academypublisher.com/jnw/vol01/no06/
jnw01063644.pdf
Application 2-193
73
Chapter 2: outline
applications
" app architectures
" app requirements

with UDP and TCP
2.2 Web and HTTP

2.3 FTP
2.4 electronic mail
" SMTP, POP3, IMAP
2.5 DNS
Socket programming
goal: learn how to build client/server applications that
communicate using sockets
socket: door between application process and endend-transport protocol
application
process
socket
network
network
physical
process
controlled by
app developer
transport
transport
link
application
Internet
link
controlled
by OS
physical
74
Socket programming
Two socket types for two transport services:
" UDP: unreliable datagram
" TCP: reliable, byte stream-oriented
Application Example:
1. Client reads a line of characters (data) from its
keyboard and sends the data to the server.
2. The server receives the data and converts
characters to uppercase.
3. The server sends the modified data to the client.
4. The client receives the modified data and displays
the line on its screen.
Socket programming with UDP

UDP: no connection between client & server
!
!
!
no handshaking before sending data

sender explicitly attaches IP destination address and
port # to each packet
rcvr extracts sender IP address and port# from
received packet
UDP: transmitted data may be lost or received

out-of-order
Application viewpoint:
!UDP provides unreliable transfer of groups of bytes

(datagrams) between client and server
75
Client/server socket interaction: UDP

client
server (running on serverIP)
create socket:
clientSocket =
socket(AF_INET,SOCK_DGRAM)
create socket, port= x:

serverSocket =
socket(AF_INET,SOCK_DGRAM)
Create datagram with server IP and

port=x; send datagram via
clientSocket
read datagram from

serverSocket
write reply to
serverSocket
specifying
client address,
port number
read datagram from

clientSocket
close
clientSocket
Application 2-198
Example app: UDP client

Python UDPClient
include Pythons socket
library
Other domains: AF_INET6,

AF_UNIX (local using file)
from socket import *

serverName = hostname
serverPort = 12000
create UDP socket for

IPV4 domain
get user keyboard
input
Attach server name, port to
message; send into socket
clientSocket = socket(socket.AF_INET,
socket.SOCK_DGRAM)
message = raw_input(Input lowercase sentence:)
clientSocket.sendto(message,(serverName, serverPort))
read reply characters from

socket into string
modifiedMessage, serverAddress =
print out received string

and close socket
print modifiedMessage
clientSocket.recvfrom(2048)
clientSocket.close()
76
Example app: UDP server

Python UDPServer
serverPort = 12000
create UDP socket
serverSocket = socket(AF_INET, SOCK_DGRAM)
bind socket to local port

number 12000
serverSocket.bind(('', serverPort))
print The server is ready to receive
loop forever
Read from UDP socket into
message, getting clients
address (client IP and port)
send upper case string
back to this client
while 1:
message, clientAddress = serverSocket.recvfrom(2048)
modifiedMessage = message.upper()
serverSocket.sendto(modifiedMessage, clientAddress)
Socket programming with TCP

client must contact server
!
!
server process must first be

running
server must have created
socket (door) that
welcomes clients contact
client contacts server by:

!
Creating TCP socket,

specifying IP address, port
number of server process
when client creates socket:
client TCP establishes
connection to server TCP
when contacted by client,

server TCP creates new socket
for server process to
communicate with that
particular client
" allows server to talk with
multiple clients
" source port numbers used
to distinguish clients
(more in Chap 3)
application viewpoint:
TCP provides reliable, in-order
byte-stream transfer (pipe)
between client and server
77
Client/server socket interaction: TCP

client
server (running on hostid)

create socket,
port=x, for incoming
request:
serverSocket = socket()
wait for incoming
TCP
connection request
connectionSocket = connection
serverSocket.accept()
setup
create socket,
connect to hostid, port=x
clientSocket = socket()
read request from

connectionSocket
write reply to
connectionSocket
close
connectionSocket
send request using

clientSocket
read reply from

clientSocket
close
clientSocket
Example app: TCP client

Python TCPClient
Other socket types:

SOCK_RAW
serverName = servername
create TCP socket for
server, remote port 12000
serverPort = 12000
clientSocket = socket(AF_INET, SOCK_STREAM)
clientSocket.connect((serverName,serverPort))
sentence = raw_input(Input lowercase sentence:)
No need to attach server

name, port
clientSocket.send(sentence)
modifiedSentence = clientSocket.recv(1024)
print From Server:, modifiedSentence
clientSocket.close()
78
Example app: TCP server

Python TCPServer
create TCP welcoming
socket
server begins listening for
incoming TCP requests
loop forever
server waits on accept()
for incoming requests, new
socket created on return
read bytes from socket (but
not address as in UDP)
close connection to this
client (but not welcoming
socket)

serverPort = 12000
serverSocket = socket(AF_INET,SOCK_STREAM)
serverSocket.bind((,serverPort))
serverSocket.listen(1)
print The server is ready to receive
while 1:
connectionSocket, addr = serverSocket.accept()
sentence = connectionSocket.recv(1024)
capitalizedSentence = sentence.upper()
connectionSocket.send(capitalizedSentence)
connectionSocket.close()
Chapter 2: summary
our study of network apps now complete!
!
application architectures
" client-server
" P2P
application service
requirements:
" reliability, bandwidth, delay
Internet transport service
model
" connection-oriented,
reliable: TCP
" unreliable, datagrams: UDP
specific protocols:
" HTTP
" FTP
" SMTP, POP, IMAP
" DNS
" P2P: BitTorrent, DHT
socket programming: TCP,
UDP sockets
79
Chapter 2: summary
most importantly: learned about protocols!
!
typical request/reply
message exchange:
" client requests info or
service
" server responds with
data, status code
message formats:
" headers: fields giving
info about data
" data: info being
communicated
important themes:
!
!
!
!
!
control vs. data msgs

" in-band, out-of-band
centralized vs. decentralized
stateless vs. stateful
reliable vs. unreliable msg
transfer
complexity at network
edge
80

3 Chapter2

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

3 Chapter2

Загружено:

Авторское право:

Доступные форматы

Chapter 2

Thanks and enjoy! JFK/KWR

2.6 P2P applications

" SMTP, POP3, IMAP

Application Layer 2-2

" Voice-over-IP (think skype)

" text email, remote

Second Life, World of Warcraft

" Online social networks

" world wide web

Web surf, search,

" instant messaging +

Your application next

Get in groups of two or three

Imagine that your networking expertise have

Creating a network app

Application Layer 2-6

Application Layer 2-7

Application Layer 2-8

communicate with server

Application Layer 2-10

Application Layer 2-11

process: program running

within same host, two

aside: applications with P2P

process sends/receives messages to/from its socket

Application Layer 2-13

How do I find a process

Application Layer 2-14

identifier includes both IP

example port numbers:

protocol: TCP, UDP

Application Layer 2-15

What transport service does an app need?

What does/could the

Application Layer 2-16

What transport service does an app need?

Application Layer 2-17

Internet transport protocols services

What *does* the

Application Layer 2-19

Internet transport protocols services

User Datagram Protocol

reliable transport between

unreliable data transfer

Q: why bother? Why is

Application Layer 2-22

SSL is at app layer

Application Layer 2-23

Note on sidebar in book:

Application Layer 2-24

App versus application layer protocol

Application Layer 2-25

App-layer protocol defines

Application Layer 2-26

tech news of interest (Kevin Glanville)

domain validation: proves that server controls domain (name)

tech news of interest

Malware in the Hospital

" Medical devices run same OS as target, malware do

" Also, dont know what impact of malware is on

Most significant achievement:

Application Layer 2-30

What does the