Академический Документы
Профессиональный Документы
Культура Документы
Application Layer
A note on the use of these ppt slides:
Were making these slides freely available to all (faculty, students, readers).
Theyre in PowerPoint form so you see the animations; and can add, modify,
and delete slides (including this one) and slide content to suit your needs.
They obviously represent a lot of work on our part. In return for use, we only
ask the following:
! If you use these slides (e.g., in a class) that you mention their source
(after all, wed like people to use our book!)
! If you post any slides on a www site, that you note that they are adapted
from (or perhaps identical to) our slides, and note our copyright of this
material.
Computer
Networking: A Top
Down Approach
6th edition
Jim Kurose, Keith Ross
Addison-Wesley
March 2012
Chapter 2: outline
2.1 principles of network
applications
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
2.5 DNS
Network applications
This is why we have
computer networks
! 70s and 80s
!
Since 2000s
mid 90s
Facebook, Twitter
discussion question
!
Two observations:
" Several folks have plans to own their own businesses
" Chapter two statement: ..some of the readerswill
create the next generation of killer Internet
applications
application
transport
network
data link
physical
application
transport
network
data link
physical
application
transport
network
data link
physical
Application architectures
possible structure of applications:
??
Application architectures
possible structure of applications:
! client-server
! peer-to-peer (P2P)
Client-server architecture
server:
!
!
!
always-on host
permanent IP address
data centers for scaling
clients:
!
client/server
!
!
!
P2P architecture
!
!
!
no always-on server
arbitrary end systems
directly communicate
peers request service from
other peers, provide service
in return to other peers
" self scalability new
peers bring new service
capacity, as well as new
service demands
peers are intermittently
connected and change IP
addresses
" complex management
peer-peer
Processes communicating
Say what?
Processes communicating
clients, servers
client process: process that
initiates communication
server process: process that
waits to be contacted
Sockets
!
!
process
socket
application
process
transport
transport
network
network
link
link
physical
Internet
controlled by
app developer
controlled
by OS
physical
Addressing processes
!
Addressing processes
!
!
!
!
to receive messages,
process must have identifier
host device has unique 32bit IP address
Q: does IP address of host
on which process runs
suffice for identifying the
process?
" A: no, many processes
can be running on same
host
!
!
throughput
! some apps (e.g.,
multimedia) require
minimum amount of
throughput to be
effective
! other apps (elastic apps)
make use of whatever
throughput they get
security
! encryption, data integrity,
!
!
Securing TCP
How is TCP secured?
Securing TCP
TCP & UDP
! no encryption
! cleartext passwds sent
into socket traverse
Internet in cleartext
Secure Socket Layer
(SSL)
! provides encrypted
TCP connection
! data integrity
! end-point
authentication
10
Securing TCP
!
11
types of messages
exchanged,
" e.g., request, response
message syntax:
" what fields in messages
& how fields are
delineated
message semantics
" meaning of information
in fields
rules for when and how
processes send & respond
to messages
open protocols:
! defined in RFCs
! allows for interoperability
! e.g., HTTP, SMTP
proprietary protocols:
! e.g., Skype
BEFORE WE START
Introduction 1-27
12
Lets Encrypt
" Goal is to automate server certificate management
set up server: automatically obtain browser-trusted certificate
no validation emails, no complicated configuration, no expired
certificates
" How?
http://www.slate.com/articles/technology/future_tense/2016/01/
malware_not_malicious_hackers_is_the_biggest_danger_to_internet
_connected.html
Application Layer 2-29
13
HA 0
!
Getting married
Obtaining citizenship after being stateless
Winning big mountain skiing world championship
Winning international piano competition
Running marathon
Awarded Meritorious Service Medal in Afghanistan
Working as a wild-land firefighter for 6 seasons
HA 0
!
Getting married
Obtaining citizenship after being stateless
Winning big mountain skiing world championship
Winning international piano competition
Running marathon
Awarded Meritorious Service Medal in Afghanistan
Working as a wild-land firefighter for 6 seasons
14
HA 0
!
Getting married
Obtaining citizenship after being stateless
Winning big mountain skiing world championship
Winning international piano competition
Running marathon
Awarded Meritorious Service Medal in Afghanistan
Working as a wild-land firefighter for 6 seasons
HA 0
!
15
HA 0
!
Own company
On verge of retirement, ready to see the world
The Boss
Sold startup
Working less and making more. Hopefully off my
sailboat
HA 0
!
3500/3505
2420
1400/1410
3810
Mobile development
16
HA 0
!
3500/3505
2420
1400/1410
3810
Mobile development
HA 0
!
17
Chapter 2: outline
2.1 principles of network
applications
" app architectures
" app requirements
2.5 DNS
18
19
www.someschool.edu/someDept/pic.gif
host name
path name
20
HTTP overview
HTTP: hypertext
transfer protocol
!
!
PC running
Firefox browser
HT
TP
r
equ
est
HT
TP
res
pon
se
st
ue
eq
r
e server
TP
ns running
po
HT
s
re
Apache Web
TP
server
HT
iphone running
Safari browser
HTTP overview
!
21
HTTP overview
!
" I thought TCP was stateful? Doesnt that make HTTP stateful?
HTTP connections
!
22
initiate TCP
connection
RTT
request
file
time to
transmit
file
RTT
file
received
time
time
Persistent HTTP
non-persistent HTTP issues:
!
!
!
persistent HTTP:
!
23
request line
(GET, POST,
HEAD commands)
header
lines
carriage return,
line feed at start
of line indicates
end of header lines
24
header
lines
data, e.g.,
requested
HTML file
25
26
27
28
cookie file
ebay 8734
amazon 1678
server
usual http request msg
usual http response
set-cookie: 1678
cookie: 1678
Amazon server
creates ID
1678 for user create backend
entry database
cookiespecific
action
access
access
usual http request msg
cookie: 1678
cookiespecific
action
Application Layer 2-70
29
HT
TP
r
H
client TTP
equ
res
pon
e
qu
proxy
server
est
se
st
t
ues
req
P
e
T
ons origin
HT
esp
r
TP
server
HT
re
e
ns
TP
po
HT
es
r
TP
HT
client
origin
server
Performance
" E.g., caching proxy
Serve content from local (or close by) proxy cache
Reduce delay in getting content
Serve locally at higher bitrate
30
Privacy
" Web servers log information about incoming requests
(e.g., IP address, browser, OS etc.)
" If user want to access Web anonymously
Using an anonymizing proxy (or network of proxies), e.g., Tor
(https://www.torproject.org)
application
transport
Hn Ht
network
Hl Hn Ht
segment
datagram
frame
Ht
link
physical
link
physical
switch
destination
M
application
Ht
transport
Hn Ht
network
Hl Hn Ht
link
Hn Ht
Hl Hn Ht
network
link
physical
Hn Ht
router
physical
31
application
Ht
transport
Hn Ht
network
Hl Hn Ht
datagram
frame
proxy
application
M
Ht
Hn Ht
Hl Hn Ht
link
physical
transport
network
link
physical
With a proxy
Is the proxy in
the network?
destination
M
application
Ht
transport
Hn Ht
network
Hl Hn Ht
link
physical
message
Ht
segment
datagram
Hl
frame
application
transport
Hn Ht
Hn Ht
proxy
M
network
link
Hl
physical
source
message
M
M
applicatio
n
datagram Hn Ht
transport
Hl Hn Ht
network
segment
frame
Ht
link
physical
Ht
Hn Ht
Hl Hn Ht
transport
network
physical
M
M
transport
network
link
physical
destination
applicatio
n
link
Hn Ht
proxy
M
Ht
Hn Ht
application
Hl
application
transport
Ht
Hn Ht
Hn Ht
network
link
physical
B
destination
M
Ht
applicatio
n
Hn Ht
transport
Hl Hn Ht
network
link
physical
A: a distributed application
B: violation of end-to-end
principle (see RFC 3724)
Application Layer 2-77
32
!
!
Set manually
This is what you
will be doing for
PA1
Can also be
done via a proxy
configuration file
Or,
automatically
Or,
transparently
(using WCCP)
Or, using 3xx
redirection
Application Layer 2-78
status
BEFORE WE START
Introduction 1-87
33
34
Chapter 2: outline
2.1 principles of network
applications
" app architectures
" app requirements
2.5 DNS
35
file transfer
FTP
client
FTP
server
remote file
system
local file
system
FTP
client
!
!
!
FTP
server
36
FTP
client
!
FTP
server
FTP
client
!
FTP
server
37
Chapter 2: outline
2.1 principles of network
applications
" app architectures
" app requirements
2.5 DNS
Electronic mail
Three major components:
???
38
Electronic mail
outgoing
message queue
user agents
mail servers
simple mail transfer
protocol: SMTP
User Agent
!
!
!
!
user
agent
user mailbox
mail
server
user
agent
SMTP
mail
server
user
agent
SMTP
user
agent
SMTP
mail
server
user
agent
user
agent
Application Layer 2-100
user
agent
mail
server
user
agent
SMTP
mail
server
user
agent
SMTP
SMTP
mail
server
user
agent
user
agent
user
agent
Application Layer 2-101
39
1
2
4
5
1 user
agent
2
mail
server
3
Alices mail server
user
agent
mail
server
4
6
5
Bobs mail server
Application Layer 2-104
40
220 hamburger.edu
HELO crepes.fr
250 Hello crepes.fr, pleased to meet you
MAIL FROM: <alice@crepes.fr>
250 alice@crepes.fr... Sender ok
RCPT TO: <bob@hamburger.edu>
250 bob@hamburger.edu ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Do you like ketchup?
How about pickles?
.
250 Message accepted for delivery
QUIT
221 hamburger.edu closing connection
Application Layer 2-105
telnet servername 25
see 220 reply from server
enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
commands
above lets you send email without using email client (reader)
Not that easy nowadays
41
42
43
Chapter 2: outline
2.1 principles of network
applications
" app architectures
" app requirements
2.5 DNS
44
???
hostname to IP address
translation
host aliasing
" canonical, alias names
!
!
45
hostname to IP address
translation
host aliasing
" canonical, alias names
!
!
A: doesnt scale!
Say what?
46
yahoo.com
amazon.com
DNS servers DNS servers
pbs.org
DNS servers
e. NASA Mt View, CA
f. Internet Software C.
Palo Alto, CA (and 48 other
sites)
a. Verisign, Los Angeles CA
(5 other sites)
b. USC-ISI Marina del Rey, CA
l. ICANN Los Angeles, CA
(41 other sites)
g. US DoD Columbus,
OH (5 other sites)
13 root name
servers
worldwide
47
http://www.root-servers.org
http://www.root-servers.org
48
49
What is this?
50
BEFORE WE START
Introduction 1-134
" Didnt reveal much about TAO, talked about security best
practices
" World of advanced persistent treats (APT): look for administrator
credentials: opens up kingdom
" No vulnerability too insignificant to exploit, including temporary
cracks
" Personal devices: attack vectors (kids playing games, getting
malware)
" Keep out: monitor network/system, pay attention to what you
see
!
http://www.wired.com/2016/01/nsa-hacker-chief-explains-how-to-keep-himout-of-your-system/
51
http://www.bidnessetc.com/62374-googles-googproject-skybender-aims-for-5g-internetconnection-with-solarpo/
Wednesday:
" Away at an NSF workshop
" Prof. Eric Eide will start you off on Chapter 3
52
Chapter 2: outline
2.6 P2P applications
2.7 socket programming
with UDP and TCP
2.5 DNS
DNS name
resolution example
!
???
host at cis.poly.edu
wants IP address for
gaia.cs.umass.edu
???
4
5
???
dns.poly.edu
6
???
requesting host
cis.poly.edu
gaia.cs.umass.edu
Application Layer 2-139
53
Your own
DNS name
" www.myowndomain.com
local DNS server
dns.poly.edu
requesting host
cis.poly.edu
www.myowndomain.com
Application Layer 2-140
Your own
DNS name
" www.myowndomain.com
local DNS server
dns.poly.edu
requesting host
cis.poly.edu
www.myowndomain.com
Application Layer 2-141
54
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
" name ?
" value ?
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
" name is hostname
" value is IP address
" (www-vip.cs.utah.edu,
155.98.65.24, A)
55
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
" name is hostname
" value is IP address
" (www-vip.cs.utah.edu,
155.98.65.24, A)
type=NS
" name ?
" value ?
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
" name is hostname
" value is IP address
" (www-vip.cs.utah.edu,
155.98.65.24, A)
type=NS
" name is domain (e.g.,
foo.com)
authoritative name
server for this domain
" (cs.utah.edu,
ns1.cs.utah.edu, NS)
56
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
" name is hostname
" value is IP address
" (www-vip.cs.utah.edu,
155.98.65.24, A)
type=CNAME
" name ?
" value ?
type=NS
" name is domain (e.g.,
foo.com)
" value is hostname of
authoritative name
server for this domain
" (cs.utah.edu,
ns1.cs.utah.edu, NS)
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
" name is hostname
" value is IP address
" (www-vip.cs.utah.edu,
155.98.65.24, A)
type=NS
" name is domain (e.g.,
foo.com)
" value is hostname of
authoritative name
server for this domain
" (cs.utah.edu,
ns1.cs.utah.edu, NS)
type=CNAME
" name is alias name for some
canonical (the real) name
" value is canonical name
" (www.cs.utah.edu, wwwvip.cs.utah.edu, CNAME)
57
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
" name is hostname
" value is IP address
" (www-vip.cs.utah.edu,
155.98.65.24, A)
type=CNAME
" name is alias name for some
canonical (the real) name
" value is canonical name
" (www.cs.utah.edu, wwwvip.cs.utah.edu, CNAME)
type=NS
" name is domain (e.g.,
foo.com)
" value is hostname of
authoritative name
server for this domain
" (cs.utah.edu,
ns1.cs.utah.edu, NS)
type=MX
" name ?
" value ?
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
type=A
" name is hostname
" value is IP address
" (www-vip.cs.utah.edu,
155.98.65.24, A)
type=NS
" name is domain (e.g.,
foo.com)
" value is hostname of
authoritative name
server for this domain
" (cs.utah.edu,
ns1.cs.utah.edu, NS)
type=CNAME
" name is alias name for some
canonical (the real) name
" value is canonical name
" (www.cs.utah.edu, wwwvip.cs.utah.edu, CNAME)
type=MX
" value is name of mailserver
associated with name
" (cs.utah.edu,mailsvr1.cs.utah.edu, MX)
Application Layer 2-151
58
2 bytes
identification
flags
# questions
# answer RRs
# authority RRs
# additional RRs
IN
;; ANSWER SECTION:
www.cs.utah.edu.
3600 IN
vip.cs.utah.edu.
www-vip.cs.utah.edu. 28800 IN
;; AUTHORITY SECTION:
cs.utah.edu.
28800 IN
cs.utah.edu.
28800 IN
CNAME
www-
155.98.65.24
NS
NS
ns1.cs.utah.edu.
ns2.cs.utah.edu.
Application Layer 2-153
59
A
A
155.98.64.70
155.98.64.71
IN
MX
IN
MX
10 mail-
IN
MX
20 mail-
60
NS
NS
ns1.cs.utah.edu.
ns2.cs.utah.edu.
;; ADDITIONAL SECTION:
mail-svr1.cs.utah.edu. 600
mail-svr3.cs.utah.edu. 600
ns1.cs.utah.edu.
3600
ns2.cs.utah.edu.
3600
A
A
A
A
155.98.64.241
155.98.64.214
155.98.64.70
155.98.64.71
IN
IN
IN
IN
Attacking DNS
How?
61
Attacking DNS
DDoS attacks
! Bombard root servers
with traffic
" Not successful to date
" Traffic Filtering
" Local DNS servers
cache IPs of TLD
servers, allowing root
server bypass
!
Redirect attacks
! Man-in-middle
" Intercept queries
!
DNS poisoning
" Send bogus replies to DNS server,
which caches
" E.g., Kaminsky DNS vulnerability
" Tricky to pull off
2 bytes
msg header
identification
flags
# questions
# answer RRs
# authority RRs
# additional RRs
62
discussion question
!
Chapter 2: outline
2.1 principles of network
applications
" app architectures
" app requirements
2.5 DNS
63
file, size F
server
uN
dN
u1
us
d1
u2
d2
di
ui
ui: peer i upload
capacity
Application Layer 2-167
us
di
network
ui
64
us
di
network
ui
time to distribute F
to N clients using
P2P approach
increases linearly in N
but so does this, as each peer brings service capacity
Application Layer 2-169
3.5
P2P
Client-Server
3
2.5
2
1.5
1
0.5
0
0
10
15
20
25
30
35
N
Application Layer 2-170
65
discussion: BitTorrent
Get into groups of two or three
! Take turns to explain to each other (in 1.5
minutes):
!
Application 2-176
66
is it done?
Application 2-177
67
issue:
Application 2-179
issue:
idea:
Application 2-180
68
issue:
Application 2-181
issue:
Application 2-182
69
! What
is the deal?
Application 2-185
15
4
12
5
10
! each
70
! But
why?
Application 2-187
0001
Whos responsible
for key 1110 ?
0011
1111
1110
0100
1110
1110
1100
1110
Define closest
as closest
successor
1110
0101
1110
1010
1000
Application 2-188
71
Whos responsible
for key 1110?
15
4
12
5
10
!
!
!
! What
Application 2-191
72
Application 2-192
http://www.academypublisher.com/jnw/vol01/no06/
jnw01063644.pdf
Application 2-193
73
Chapter 2: outline
2.1 principles of network
applications
" app architectures
" app requirements
2.5 DNS
Socket programming
goal: learn how to build client/server applications that
communicate using sockets
socket: door between application process and endend-transport protocol
application
process
socket
network
network
physical
process
controlled by
app developer
transport
transport
link
application
Internet
link
controlled
by OS
physical
74
Socket programming
Two socket types for two transport services:
" UDP: unreliable datagram
" TCP: reliable, byte stream-oriented
Application Example:
1. Client reads a line of characters (data) from its
keyboard and sends the data to the server.
2. The server receives the data and converts
characters to uppercase.
3. The server sends the modified data to the client.
4. The client receives the modified data and displays
the line on its screen.
Application Layer 2-196
75
create socket:
clientSocket =
socket(AF_INET,SOCK_DGRAM)
clientSocket = socket(socket.AF_INET,
socket.SOCK_DGRAM)
message = raw_input(Input lowercase sentence:)
clientSocket.sendto(message,(serverName, serverPort))
modifiedMessage, serverAddress =
print modifiedMessage
clientSocket.recvfrom(2048)
clientSocket.close()
Application Layer 2-199
76
serverSocket.bind(('', serverPort))
print The server is ready to receive
loop forever
Read from UDP socket into
message, getting clients
address (client IP and port)
send upper case string
back to this client
while 1:
message, clientAddress = serverSocket.recvfrom(2048)
modifiedMessage = message.upper()
serverSocket.sendto(modifiedMessage, clientAddress)
application viewpoint:
TCP provides reliable, in-order
byte-stream transfer (pipe)
between client and server
Application Layer 2-201
77
setup
create socket,
connect to hostid, port=x
clientSocket = socket()
serverName = servername
create TCP socket for
server, remote port 12000
serverPort = 12000
clientSocket = socket(AF_INET, SOCK_STREAM)
clientSocket.connect((serverName,serverPort))
sentence = raw_input(Input lowercase sentence:)
clientSocket.send(sentence)
modifiedSentence = clientSocket.recv(1024)
print From Server:, modifiedSentence
clientSocket.close()
78
Chapter 2: summary
our study of network apps now complete!
!
application architectures
" client-server
" P2P
application service
requirements:
" reliability, bandwidth, delay
Internet transport service
model
" connection-oriented,
reliable: TCP
" unreliable, datagrams: UDP
specific protocols:
" HTTP
" FTP
" SMTP, POP, IMAP
" DNS
" P2P: BitTorrent, DHT
socket programming: TCP,
UDP sockets
79
Chapter 2: summary
most importantly: learned about protocols!
!
typical request/reply
message exchange:
" client requests info or
service
" server responds with
data, status code
message formats:
" headers: fields giving
info about data
" data: info being
communicated
important themes:
!
!
!
!
!
80