TE-IT-2019 Pattern Computer Network and Security Application Layer

Unit I
APPLICATION LAYER

Syllabus: Client Server Paradigm: Communication using TCP and UDP, Peer to Peer Paradigm,
Application Layer Protocols: DNS, FTP, TFTP, HTTP, SMTP, POP, IMAP, MIME, DHCP,
TELNET.

Introduction:
The Application Layer is topmost layer in the Open System Interconnection (OSI) model. This
layer provides several ways for manipulating the data (information) which actually enables any
type of user to access network with ease. This layer also makes a request to its bottom layer,
which is presentation layer for receiving various types of information from it. The Application
Layer interface directly interacts with application and provides common web application
services. This layer is basically highest level of open system, which provides services directly for
application process.

Functions of Application Layer:

The Application Layer, being topmost layer in OSI model, performs several kinds of functions
which are requirement in any kind of application or communication process.
Following are list of functions which are performed by Application Layer of OSI Model –
Data from User <=> Application layer <=> Data from Presentation Layer
 Application Layer provides a facility by which users can forward several emails and it
also provides a storage facility.
 This layer allows users to access, retrieve and manage files in a remote computer.
 It allows users to log on as a remote host.
 This layer provides access to global information about various services.
 This layer provides services which include: e-mail, transferring files, distributing results
to the user, directory services, network resources and so on.

MVPS’s KBTCOE, Nashik Page 1

TE-IT-2019 Pattern Computer Network and Security Application Layer

 It provides protocols that allow software to send and receive information and present
meaningful data to users.
 It handles issues such as network transparency, resource allocation and so on.
 This layer serves as a window for users and application processes to access network
services.
 Application Layer is basically not a function, but it performs application layer functions.
 The application layer is actually an abstraction layer that specifies the shared protocols
and interface methods used by hosts in a communication network.
 Application Layer helps us to identify communication partners, and synchronizing
communication.
 This layer allows users to interact with other software applications.
 In this layer, data is in visual form, which makes users truly understand data rather than
remembering or visualize the data in the binary format (0’s or 1’s).
 This application layer basically interacts with Operating System (OS) and thus further
preserves the data in a suitable manner.
 This layer also receives and preserves data from it’s previous layer, which is Presentation
Layer (which carries in itself the syntax and semantics of the information transmitted).
 The protocols which are used in this application layer depend upon what information
users wish to send or receive.
 This application layer, in general, performs host initialization followed by remote login to
hosts.

Client-server paradigm:
The traditional paradigm is called the client-server paradigm. In this paradigm, the service
provider is an application program, called the server process; it runs continuously, waiting for
another application program, called the client process, to make a connection through the Internet
and ask for service. Normally few server processes are available that can provide a specific type
of service, but there are many clients that request service from any of these server processes. The
server process must be running all the time; the client process is started when the client needs to
receive service. For example, a telephone directory center in any area can be a server; a
subscriber that calls and asks for a specific telephone number can be thought of as a client. The

MVPS’s KBTCOE, Nashik Page 2

TE-IT-2019 Pattern Computer Network and Security Application Layer

directory center must be ready and available all the time; the subscriber can call the center for a
short period when the service is needed.

Figure shows an example of a client-server communication in which three clients communicate

with one server to receive the services provided by this server.

Peer-to-Peer paradigm:
In this paradigm, there is no need for a server process to be running all the time and waiting for
the client processes to connect. The responsibility is shared between peers. A computer
connected to the Internet can provide service at one time and receive service at another time. A
computer can even provide and receive services at the same time. Figure shows an example of
communication in this paradigm.

MVPS’s KBTCOE, Nashik Page 3

TE-IT-2019 Pattern Computer Network and Security Application Layer

Communication by phone is a peer-to-peer activity; no party needs to wait for the other party to
call. The peer-to-peer paradigm can be used in a situation, when some computers connected to
the Internet have something to share with each other. For example, if an Internet user has a file
available to share with other Internet users, there is no need for the file holder to become a server
and run a server process all the time waiting for other users to connect and to get the file.

Difference between Client-Server and Peer-to-Peer Network:

S.NO Client-Server Network Peer-to-Peer Network

In Client-Server Network, Clients and In Peer-to-Peer Network, Clients and
1. server are differentiated, Specific server server are not differentiated.
and clients are present.
Client-Server Network focuses on While Peer-to-Peer Network focuses on
2.
information sharing. connectivity.
In Client-Server Network, Centralized While in Peer-to-Peer Network, Each peer
3.
server is used to store the data. has its own data.
In Client-Server Network, Server respond While in Peer-to-Peer Network, Each and
4. the services which is request by Client. every node can do both request and
respond for the services.
Client-Server Network are costlier than While Peer-to-Peer Network are less
5.
Peer-to-Peer Network. costlier than Client-Server Network.
Client-Server Network are more stable While Peer-to-Peer Network are less stable
6.
than Peer-to-Peer Network. if number of peer is increase.
Client-Server Network is used for both While Peer-to-Peer Network is generally
7. small and large networks. suited for small networks with fewer than
10 computers.

Client-Server Programming:
In a client-server paradigm, communication at the application layer is between two running
application programs called processes: a client and a server. A client is a running program that
initializes the communication by sending a request; a server is another application program that

MVPS’s KBTCOE, Nashik Page 4

TE-IT-2019 Pattern Computer Network and Security Application Layer

waits for a request from a client. The server handles the request received from a client, prepares a
result, and sends the result back to the client. The lifetime of a server is infinite: it should be
started and run forever, waiting for the clients. The lifetime of a client is finite. It sends a finite
number of requests to the corresponding server, receives the responses, and stops.

Application Programming Interface:

If we need a process to be able to communicate with another process, we need a new set of
instructions to tell the lowest four layers of the TCP/IP suite to open the connection, send and
receive data from the other end, and close the connection. A set of instructions of this type is
called as an application programming interface (API).An interface in programming is a set of
instructions between two entities. In this case, one of the entities is the process at the application
layer and the other is the operating system that encapsulates the first four layers of the TCP/IP
protocol suite. Computer manufacturers build the first four layers of the suite in the operating
system and include an API. Here, the processes running at the application layer are able to
communicate with the operating system when sending and receiving messages through the
Internet. Several APIs have been designed for communication. Three are common: socket
interface, Transport Layer Interface (TLI), and STREAM.
Socket Interface:
Socket interface started in the early 1980s at UC Berkeley as part of a UNIX environment. The
socket interface is a set of instructions that provide communication between the application layer
and the operating system. It is a set of instructions that can be used by a process to communicate
with another process. For example, in most computer languages, like C, C++, or Java, we have
several instructions that can read and write data to other sources and sinks such as a keyboard (a
source), a monitor (a sink), or a file (source and sink). Figure shows the socket format.

MVPS’s KBTCOE, Nashik Page 5

TE-IT-2019 Pattern Computer Network and Security Application Layer

In application layer, communication between a client process and a server process is the
communication between two sockets. As far as the application layer is concerned,
communication between a client process and a server process is communication between two
sockets, created at two ends, as shown in Figure.

The client thinks that the socket is the entity that receives the request and gives the response; the
server thinks that the socket is the one that has a request and needs the response. If we create two
sockets, one at each end, and define the source and destination addresses correctly, we can use
the available instructions to send and receive data. The rest is the responsibility of the operating
system and the embedded TCP/IP protocol.

Socket Addresses:
The interaction between a client and a server is two-way communication. In a two-way
communication, we need a pair of addresses: local (sender) and remote (receiver). The local
address in one direction is the remote address in the other direction and vice versa.Since
communication in the client-server paradigm is between two sockets, we need a pair of socket
addresses for communication: a local socket address and a remote socket address.A socket
address should first define the computer on which a client or a server is running. A computer in
the Internet is defined by its IP address. a socket address should be a combination of an IP
address and a port number as shown in Figure.

MVPS’s KBTCOE, Nashik Page 6

TE-IT-2019 Pattern Computer Network and Security Application Layer

Finding Socket Addresses:

To find socket address, the situation is different for each site.

Local Socket Address:

The local (server) socket address is provided by the operating system. The operating system
knows the IP address of the computer on which the server process is running. The port number of
a server process, however, needs to be assigned. If the server process is a standard one defined
by the Internet authority, a port number is already assigned to it. For example, the assigned port
number for a Hypertext Transfer Protocol (HTTP) is the integer 80, which cannot be used by any
other process. If the server process is not standard, the designer of the server process can choose
a port number, in the range defined by the Internet authority, and assign it to the process. When a
server starts running, it knows the local socket address.

Remote Socket Address:

The remote socket address for a server is the socket address of the client that makes the
connection. Since the server can serve many clients, it does not know previously, the remote
socket address for communication. The server can find this socket address when a client tries to
connect to the server. The client socket address, which is contained in the request packet sent to
the server, becomes the remote socket address that is used for responding to the client.

What is Socket Programming?

The endpoint in an interprocess communication is called a socket, or a network socket for
disambiguation. Since most communication between computers is based on the Internet Protocol,
an almost equivalent term is Internet socket. The data transmission between two sockets is
organized by communications protocols, usually implemented in the operating system of the
participating computers. Application programs write to and read from these sockets. Therefore,
network programming is essentially socket programming. Socket programming is a way of
connecting two nodes on a network to communicate with each other. One socket (node) listens
on a particular port at an IP, while the other socket reaches out to the other to form a
connection. The server forms the listener socket while the client reaches out to the server.

MVPS’s KBTCOE, Nashik Page 7

TE-IT-2019 Pattern Computer Network and Security Application Layer

Types of Socket:
1) A stream socket uses TCP for connection-oriented communication. It is also called a TCP
socket.
2) A datagram socket uses UDP for connectionless communication. It is also called a UDP
socket.
3) A raw socket uses IP directly. It is used in such applications as ICMP and OSPF.

State diagram for server and client model

MVPS’s KBTCOE, Nashik Page 8

TE-IT-2019 Pattern Computer Network and Security Application Layer

Socket Primitives

Stages for server

1. Socket creation:
int sockfd = socket(domain, type, protocol)
 sockfd: socket descriptor, an integer (like a file-handle)
 domain: integer, specifies communication domain. We use AF_ LOCAL as defined in the
POSIX standard for communication between processes on the same host. For
communicating between processes on different hosts connected by IPV4, we use AF_INET
and AF_I NET 6 for processes connected by IPV6.
 type: communication type
SOCK_STREAM: TCP(reliable, connection oriented)
SOCK_DGRAM: UDP(unreliable, connectionless)
 protocol: Protocol value for Internet Protocol(IP), which is 0. This is the same number
which appears on protocol field in the IP header of a packet.(man protocols for more
details)

MVPS’s KBTCOE, Nashik Page 9

TE-IT-2019 Pattern Computer Network and Security Application Layer

2. Setsockopt:
This helps in manipulating options for the socket referred by the file descriptor sockfd. This is
completely optional, but it helps in reuse of address and port. Prevents error such as: “address
already in use”.
int setsockopt(int sockfd, int level, int optname, const void *optval, socklen_t optlen);

3. Bind:
int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
After the creation of the socket, the bind function binds the socket to the address and port
number specified in addr(custom data structure). In the example code, we bind the server to the
localhost, hence we use INADDR_ANY to specify the IP address.

4. Listen:
int listen(int sockfd, int backlog);
It puts the server socket in a passive mode, where it waits for the client to approach the server
to make a connection. The backlog, defines the maximum length to which the queue of
pending connections for sockfd may grow. If a connection request arrives when the queue is
full, the client may receive an error with an indication of ECONNREFUSED.

5. Accept:
int new_socket= accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen);
It extracts the first connection request on the queue of pending connections for the listening
socket, sockfd, creates a new connected socket, and returns a new file descriptor referring to
that socket. At this point, the connection is established between client and server, and they are
ready to transfer data.

Stages for Client

 Socket connection: Exactly same as that of server’s socket creation
 Connect: The connect() system call connects the socket referred to by the file descriptor
sockfd to the address specified by addr. Server’s address and port is specified in addr.
int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);

MVPS’s KBTCOE, Nashik Page 10

TE-IT-2019 Pattern Computer Network and Security Application Layer

(Domain Name System) DNS

An application layer protocol defines how the application processes running on different
systems; pass the messages to each other.
o DNS stands for Domain Name System.
o DNS is a directory service that provides a mapping between the name of a host on the
network and its numerical address.
o DNS is required for the functioning of the internet.
o Each node in a tree has a domain name, and a full domain name is a sequence of symbols
specified by dots.
o DNS is a service that translates the domain name into IP addresses. This allows the users
of networks to utilize user-friendly names when looking for other hosts instead of
remembering the IP addresses.
o For example, suppose the FTP site at EduSoft had an IP address of 132.147.165.50, most
people would reach this site by specifying ftp.EduSoft.com. Therefore, the domain name
is more reliable than IP address.
DNS is a TCP/IP protocol used on different platforms. The domain name space is divided into
three different sections: generic domains, country domains, and inverse domain.

Generic Domains
o It defines the registered hosts according to their generic behavior.
o Each node in a tree defines the domain name, which is an index to the DNS database.
o It uses three-character labels, and these labels describe the organization type.

MVPS’s KBTCOE, Nashik Page 11

TE-IT-2019 Pattern Computer Network and Security Application Layer

Label Description
aero Airlines and aerospace companies
biz Businesses or firms
com Commercial Organizations
coop Cooperative business Organizations
edu Educational institutions
gov Government institutions
info Information service providers
int International Organizations
mil Military groups
museum Museum & other nonprofit organizations
name Personal names
net Network Support centers
org Nonprofit Organizations
pro Professional individual Organizations

MVPS’s KBTCOE, Nashik Page 12

TE-IT-2019 Pattern Computer Network and Security Application Layer

Country Domain:
The format of country domain is same as a generic domain, but it uses two-character country
abbreviations (e.g., us for the United States) in place of three character organizational
abbreviations.
Inverse Domain:
The inverse domain is used for mapping an address to a name. When the server has received a
request from the client, and the server contains the files of only authorized clients. To determine
whether the client is on the authorized list or not, it sends a query to the DNS server and ask for
mapping an address to the name.
Working of DNS:
o DNS is a client/server network communication protocol. DNS clients send requests to
the. server while DNS servers send responses to the client.
o Client requests contain a name which is converted into an IP address known as a forward
DNS lookups while requests containing an IP address which is converted into a name
known as reverse DNS lookups.
o DNS implements a distributed database to store the name of all the hosts available on the
internet.
o If a client like a web browser sends a request containing a hostname, then a piece of
software such as DNS resolver sends a request to the DNS server to obtain the IP address
of a hostname. If DNS server does not contain the IP address associated with a hostname,
then it forwards the request to another DNS server. If IP address has arrived at the
resolver, which in turn completes the request over the internet protocol.

FTP and TFTP

FTP and TFTP are application layer protocols that aid in transferring files from a server to a
client and from a client to a server. FTP is far more complicated than TFTP. There are some
important distinctions between FTP and TFTP. TFTP uses a single connection when transferring
files between the client and the server, whereas FTP uses two connections. The connections
utilized in FTP are TCP ports 20 and 21 for the control connection. In contrast, the TFTP makes
use of UDP port 69.

MVPS’s KBTCOE, Nashik Page 13

TE-IT-2019 Pattern Computer Network and Security Application Layer

What is FTP?
o FTP stands for File transfer protocol.
o FTP is a standard internet protocol provided by TCP/IP used for transmitting the files
from one host to another.
o It is mainly used for transferring the web page files from their creator to the computer
that acts as a server for other computers on the internet.
o It is also used for downloading the files to computer from other servers.
Objectives of FTP
o It provides the sharing of files.
o It is used to encourage the use of remote computers.
o It transfers the data more reliably and efficiently.
Why FTP?
Although transferring files from one system to another is very simple and straightforward, but
sometimes it can cause problems. For example, two systems may have different file conventions.
Two systems may have different ways to represent text and data. Two systems may have
different directory structures. FTP protocol overcomes these problems by establishing two
connections between hosts. One connection is used for data transfer, and another connection is
used for the control connection.
Mechanism of FTP

The above figure shows the basic model of the FTP. The FTP client has three components: the
user interface, control process, and data transfer process. The server has two components: the
server control process and the server data transfer process.

MVPS’s KBTCOE, Nashik Page 14

TE-IT-2019 Pattern Computer Network and Security Application Layer

There are two types of connections in FTP:

o Control Connection: The control connection uses very simple rules for communication.
Through control connection, we can transfer a line of command or line of response at a
time. The control connection is made between the control processes. The control
connection remains connected during the entire interactive FTP session.
o Data Connection: The Data Connection uses very complex rules as data types may vary.
The data connection is made between data transfer processes. The data connection opens
when a command comes for transferring the files and closes when the file is transferred.
FTP Clients:
o FTP client is a program that implements a file transfer protocol which allows you to
transfer files between two hosts on the internet.
o It allows a user to connect to a remote host and upload or download the files.
o It has a set of commands that we can use to connect to a host, transfer the files between
you and your host and close the connection.
o The FTP program is also available as a built-in component in a Web browser. This GUI
based FTP client makes the file transfer very easy and also does not require to remember
the FTP commands.
Advantages of FTP:
o Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest way
to transfer the files from one computer to another computer.
o Efficient: It is more efficient as we do not need to complete all the operations to get the
entire file.
o Security: To access the FTP server, we need to login with the username and password.
Therefore, we can say that FTP is more secure.

MVPS’s KBTCOE, Nashik Page 15

TE-IT-2019 Pattern Computer Network and Security Application Layer

o Back & forth movement: FTP allows us to transfer the files back and forth. Suppose
you are a manager of the company, you send some information to all the employees, and
they all send information back on the same server.
Disadvantages of FTP:
o The standard requirement of the industry is that all the FTP transmissions should be
encrypted. However, not all the FTP providers are equal and not all the providers offer
encryption. So, we will have to look out for the FTP providers that provides encryption.
o FTP serves two operations, i.e., to send and receive large files on a network. However,
the size limit of the file is 2GB that can be sent. It also doesn't allow you to run
simultaneous transfers to multiple receivers.
o Passwords and file contents are sent in clear text that allows unwanted eavesdropping.
So, it is quite possible that attackers can carry out the brute force attack by trying to guess
the FTP password.
o It is not compatible with every system.

What is TFTP?
TFTP is an abbreviation for "Trivial File Transfer Protocol". It is a sample protocol that is
commonly used for file transmission. TFTP employs the User Datagram Protocol (UDP) to
transport data from one end to the other. In comparison to the FTP, it is very simple in design
and has limited functionalities (FTP). TFTP doesn't provide authentication or security while
transferring data. As a result, boot data or configuration files are typically shared between
computer systems in a local setup. It aids in booting devices and systems that lack storage
devices or hard disk drives because utilizing a small amount of memory may be easily installed.
It is primarily used for booting systems that store configuration on a remote TFTP server. It
operates on Port number 69, and its service is given by UDP.
Advantages of TFTP
1. It utilizes the User Datagram Protocol (UDP) protocol.
2. It is very easy to use and implement.
3. It needs minimum coding.
4. It needs minimum memory utilization.
5. It is a faster file transfer protocol.

MVPS’s KBTCOE, Nashik Page 16

TE-IT-2019 Pattern Computer Network and Security Application Layer

Disadvantages
1. It doesn't offer file security as compared to FTP.
2. It doesn't list the directory's contents.
3. It is an unsecured FTP.
4. There is no encryption or authentication mechanism.

Differences between FTP and TFTP

Features FTP TFTP

Full Forms FTP is an abbreviation for File TFTP is an abbreviation for Trivial
Transfer Protocol. File Transfer Protocol.
Authentication It supports user authentication. It doesn't support user
authentication.
Port numbers It uses TCP port numbers 20 and It uses UDP port number 69.
21.
Control commands It utilizes robust control It utilizes simple control
commands. commands.
Protocol used It is mainly based on the TCP. It is mainly based on the UDP.
Commands It utilizes a lot of commands to It utilizes five messages to perform
perform tasks. tasks.
Complexity It is more complex. It is less complex.
Memory It needs more memory. It needs less memory.
Service FTP protocol is a connection- TFTP protocol is a connection-less
oriented service. service.
Usage Remote users utilize the FTP TFTP is mainly used to transfer
protocol to download and upload configurations to network devices.
files.
Software FTP software is larger in size. So, TFTP software is smaller in size.
it is heavier than TFTP. So, it is lighter than FTP.
Speed It is slower. It is faster.

MVPS’s KBTCOE, Nashik Page 17

TE-IT-2019 Pattern Computer Network and Security Application Layer

Terminal Network (Telnet)

o The main task of the internet is to provide services to users. For example, users want to
run different application programs at the remote site and transfer a result to the local site.
This requires a client-server program such as FTP, SMTP. But this would not allow us to
create a specific program for each demand.
o The better solution is to provide a general client-server program that lets the user access
any application program on a remote computer. Therefore, a program that allows a user
to log on to a remote computer. A popular client-server program Telnet is used to meet
such demands. Telnet is an abbreviation for Terminal Network.
o Telnet provides a connection to the remote computer in such a way that a local terminal
appears to be at the remote side.
There are two types of login:
Local Login

o When a user logs into a local computer, then it is known as local login.
o When the workstation running terminal emulator, the keystrokes entered by the user are
accepted by the terminal driver. The terminal driver then passes these characters to the
operating system which in turn, invokes the desired application program.
o However, the operating system has special meaning to special characters. For example,
in UNIX some combination of characters have special meanings such as control
character with "z" means suspend. Such situations do not create any problem as the
terminal driver knows the meaning of such characters. But, it can cause the problems in
remote login.

MVPS’s KBTCOE, Nashik Page 18

TE-IT-2019 Pattern Computer Network and Security Application Layer

Remote login

o When the user wants to access an application program on a remote computer, then the
user must perform remote login.

How remote login occurs

At the local site:
The user sends the keystrokes to the terminal driver, the characters are then sent to the
TELNET client. The TELNET client which in turn, transforms the characters to a
universal character set known as network virtual terminal characters and delivers them to
the local TCP/IP stack

At the remote site:

The commands in NVT forms are transmitted to the TCP/IP at the remote machine. Here,
the characters are delivered to the operating system and then pass to the TELNET server.
The TELNET server transforms the characters which can be understandable by a remote
computer. However, the characters cannot be directly passed to the operating system as a
remote operating system does not receive the characters from the TELNET server.
Therefore it requires some piece of software that can accept the characters from the
TELNET server. The operating system then passes these characters to the appropriate
application program.

MVPS’s KBTCOE, Nashik Page 19

TE-IT-2019 Pattern Computer Network and Security Application Layer

Network Virtual Terminal (NVT)

o The network virtual terminal is an interface that defines how data and commands are sent
across the network.
o In today's world, systems are heterogeneous. For example, the operating system accepts a
special combination of characters such as end-of-file token running a DOS operating
system ctrl+z while the token running a UNIX operating system is ctrl+d.
o TELNET solves this issue by defining a universal interface known as network virtual
interface.
o The TELNET client translates the characters that come from the local terminal into NVT
form and then delivers them to the network. The Telnet server then translates the data
from NVT form into a form which can be understandable by a remote computer.

Simple Mail Transfer Protocol (SMTP)

o SMTP stands for Simple Mail Transfer Protocol.
o SMTP is a set of communication guidelines that allow software to transmit an electronic
mail over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers, and it also
supports:

MVPS’s KBTCOE, Nashik Page 20

TE-IT-2019 Pattern Computer Network and Security Application Layer

o It can send a single message to one or more recipients.

o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between servers. The
servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. They also have a way of handling the errors
such as incorrect email address. For example, if the recipient address is wrong, then
receiving server reply with an error message of some kind.
Components of SMTP

o First, we will break the SMTP client and SMTP server into two components such as user
agent (UA) and mail transfer agent (MTA). The user agent (UA) prepares the message,
creates the envelope and then puts the message in the envelope. The mail transfer agent
(MTA) transfers this mail across the internet.

o SMTP allows a more complex system by adding a relaying system. Instead of just having
one MTA at sending side and one at receiving side, more MTAs can be added, acting
either as a client or server to relay the email.

MVPS’s KBTCOE, Nashik Page 21

TE-IT-2019 Pattern Computer Network and Security Application Layer

o The relaying system without TCP/IP protocol can also be used to send the emails to
users, and this is achieved by the use of the mail gateway. The mail gateway is a relay
MTA that can be used to receive an email.

Working of SMTP
1. Composition of Mail: A user sends an e-mail by composing an electronic mail message
using a Mail User Agent (MUA). Mail User Agent is a program which is used to send
and receive mail. The message contains two parts: body and header. The body is the main
part of the message while the header includes information such as the sender and
recipient address. The header also includes descriptive information such as the subject of
the message. In this case, the message body is like a letter and header is like an envelope
that contains the recipient's address.

MVPS’s KBTCOE, Nashik Page 22

TE-IT-2019 Pattern Computer Network and Security Application Layer

2. Submission of Mail: After composing an email, the mail client then submits the
completed e-mail to the SMTP server by using SMTP on TCP port 25.
3. Delivery of Mail: E-mail addresses contain two parts: username of the recipient and
domain name. For example, vivek@gmail.com, where "vivek" is the username of the
recipient and "gmail.com" is the domain name.
If the domain name of the recipient's email address is different from the sender's domain
name, then MSA will send the mail to the Mail Transfer Agent (MTA). To relay the
email, the MTA will find the target domain. It checks the MX record from Domain Name
System to obtain the target domain. The MX record contains the domain name and IP
address of the recipient's domain. Once the record is located, MTA connects to the
exchange server to relay the message.
4. Receipt and Processing of Mail: Once the incoming message is received, the exchange
server delivers it to the incoming server (Mail Delivery Agent) which stores the e-mail
where it waits for the user to retrieve it.
5. Access and Retrieval of Mail: The stored email in MDA can be retrieved by using
MUA (Mail User Agent). MUA can be accessed by using login and password.

Post Office Protocol (POP Protocol)

The POP protocol stands for Post Office Protocol. As we know that SMTP is used as a message
transfer agent. When the message is sent, then SMPT is used to deliver the message from the
client to the server and then to the recipient server. But the message is sent from the recipient
server to the actual server with the help of the Message Access Agent. The Message Access
Agent contains two types of protocols, i.e., POP3 and IMAP.

How is mail transmitted?

MVPS’s KBTCOE, Nashik Page 23

TE-IT-2019 Pattern Computer Network and Security Application Layer

Suppose sender wants to send the mail to receiver. First mail is transmitted to the sender's mail
server. Then, the mail is transmitted from the sender's mail server to the receiver's mail server
over the internet. On receiving the mail at the receiver's mail server, the mail is then sent to the
user. The whole process is done with the help of Email protocols. The transmission of mail from
the sender to the sender's mail server and then to the receiver's mail server is done with the help
of the SMTP protocol. At the receiver's mail server, the POP or IMAP protocol takes the data
and transmits to the actual user.
What is POP3?
The POP3 is a simple protocol and having very limited functionalities. In the case of the POP3
protocol, the POP3 client is installed on the recipient system while the POP3 server is installed
on the recipient's mail server.

Working of the POP3 protocol

To establish the connection between the POP3 server and the POP3 client, the POP3 server asks
for the user name to the POP3 client. If the username is found in the POP3 server, then it sends
the ok message. It then asks for the password from the POP3 client; then the POP3 client sends
the password to the POP3 server. If the password is matched, then the POP3 server sends the OK
message, and the connection gets established. After the establishment of a connection, the client
can see the list of mails on the POP3 mail server. In the list of mails, the user will get the email
numbers and sizes from the server. Out of this list, the user can start the retrieval of mail.

MVPS’s KBTCOE, Nashik Page 24

TE-IT-2019 Pattern Computer Network and Security Application Layer

Once the client retrieves all the emails from the server, all the emails from the server are deleted.
Therefore, we can say that the emails are restricted to a particular machine, so it would not be
possible to access the same mails on another machine. This situation can be overcome by
configuring the email settings to leave a copy of mail on the mail server.

Advantages of POP3 protocol

o It allows the users to read the email offline. It requires an internet connection only at the
time of downloading emails from the server. Once the mails are downloaded from the
server, then all the downloaded mails reside on our PC or hard disk of our computer,
which can be accessed without the internet. Therefore, we can say that the POP3 protocol
does not require permanent internet connectivity.
o It provides easy and fast access to the emails as they are already stored on our PC.
o There is no limit on the size of the email which we receive or send.
o It requires less server storage space as all the mails are stored on the local machine.
o There is maximum size on the mailbox, but it is limited by the size of the hard disk.
o It is a simple protocol so it is one of the most popular protocols used today.
o It is easy to configure and use.

Disadvantages of POP3 protocol

o If the emails are downloaded from the server, then all the mails are deleted from the
server by default. So, mails cannot be accessed from other machines unless they are
configured to leave a copy of the mail on the server.
o Transferring the mail folder from the local machine to another machine can be difficult.
o Since all the attachments are stored on your local machine, there is a high risk of a virus
attack if the virus scanner does not scan them. The virus attack can harm the computer.
o The email folder which is downloaded from the mail server can also become corrupted.
o The mails are stored on the local machine, so anyone who sits on your machine can
access the email folder.

MVPS’s KBTCOE, Nashik Page 25

TE-IT-2019 Pattern Computer Network and Security Application Layer

Internet Message Access Protocol (IMAP)

IMAP stands for Internet Message Access Protocol. It is an application layer protocol which is
used to receive the emails from the mail server. It is the most commonly used protocols like
POP3 for retrieving the emails.
It also follows the client/server model. On one side, we have an IMAP client, which is a process
running on a computer. On the other side, we have an IMAP server, which is also a process
running on another computer. Both computers are connected through a network.

The IMAP protocol resides on the TCP/IP transport layer which means that it implicitly uses the
reliability of the protocol. Once the TCP connection is established between the IMAP client and
IMAP server, the IMAP server listens to the port 143 by default, but this port number can also be
changed.

By default, there are two ports used by IMAP:

o Port 143: It is a non-encrypted IMAP port.
o Port 993: This port is used when IMAP client wants to connect through IMAP securely.

Why should we use IMAP instead of POP3 protocol?

POP3 is becoming the most popular protocol for accessing the TCP/IP mailboxes. It implements
the offline mail access model, which means that the mails are retrieved from the mail server on
the local machine, and then deleted from the mail server. Nowadays, millions of users use
the POP3 protocol to access the incoming mails. Due to the offline mail access model, it cannot
be used as much. The online model we would prefer in the ideal world. In the online model, we
need to be connected to the internet always. The biggest problem with the offline access using
POP3 is that the mails are permanently removed from the server, so multiple computers cannot
access the mails. The solution to this problem is to store the mails at the remote server rather

MVPS’s KBTCOE, Nashik Page 26

TE-IT-2019 Pattern Computer Network and Security Application Layer

than on the local server. The POP3 also faces another issue, i.e., data security and safety. The
solution to this problem is to use the disconnected access model, which provides the benefits of
both online and offline access. In the disconnected access model, the user can retrieve the mail
for local use as in the POP3 protocol, and the user does not need to be connected to the internet
continuously. However, the changes made to the mailboxes are synchronized between the client
and the server. The mail remains on the server so different applications in the future can access
it. When developers recognized these benefits, they made some attempts to implement the
disconnected access model. This is implemented by using the POP3 commands that provide the
option to leave the mails on the server. This works, but only to a limited extent, for example,
keeping track of which messages are new or old become an issue when both are retrieved and
left on the server. So, the POP3 lacks some features which are required for the proper
disconnected access model.

IMAP Features
IMAP was designed for a specific purpose that provides a more flexible way of how the user
accesses the mailbox. It can operate in any of the three modes, i.e., online, offline, and
disconnected mode. Out of these, offline and disconnected modes are of interest to most users of
the protocol.
The following are the features of an IMAP protocol:
o Access and retrieve mail from remote server: The user can access the mail from the
remote server while retaining the mails in the remote server.
o Set message flags: The message flag is set so that the user can keep track of which
message he has already seen.
o Manage multiple mailboxes: The user can manage multiple mailboxes and transfer
messages from one mailbox to another. The user can organize them into various
categories for those who are working on various projects.
o Determine information prior to downloading: It decides whether to retrieve or not before
downloading the mail from the mail server.
o Downloads a portion of a message: It allows you to download the portion of a message,
such as one body part from the mime-multi part. This can be useful when there are large
multimedia files in a short-text element of a message.

MVPS’s KBTCOE, Nashik Page 27

TE-IT-2019 Pattern Computer Network and Security Application Layer

o Organize mails on the server: In case of POP3, the user is not allowed to manage the
mails on the server. On the other hand, the users can organize the mails on the server
according to their requirements like they can create, delete or rename the mailbox on the
server.
o Search: Users can search for the contents of the emails.
o Check email-header: Users can also check the email-header prior to downloading.
o Create hierarchy: Users can also create the folders to organize the mails in a hierarchy.

IMAP General Operation

1. The IMAP is a client-server protocol like POP3 and most other TCP/IP application
protocols. The IMAP4 protocol functions only when the IMAP4 must reside on the server
where the user mailboxes are located. In c the POP3 does not necessarily require the
same physical server that provides the SMTP services. Therefore, in the case of the
IMAP protocol, the mailbox must be accessible to both SMTP for incoming mails and
IMAP for retrieval and modifications.
2. The IMAP uses the Transmission Control Protocol (TCP) for communication to ensure
the delivery of data and also received in the order.
3. The IMAP4 listens on a well-known port, i.e., port number 143, for an incoming
connection request from the IMAP4 client.

MVPS’s KBTCOE, Nashik Page 28

TE-IT-2019 Pattern Computer Network and Security Application Layer

Multipurpose Internet Mail Extensions Protocol (MIME)

MIME stands for Multipurpose Internet Mail Extensions. It is used to extend the capabilities of
Internet e-mail protocols such as SMTP. The MIME protocol allows the users to exchange
various types of digital content such as pictures, audio, video, and various types of documents
and files in the e-mail. MIME was created in 1991 by a computer scientist named Nathan
Borenstein at a company called Bell Communications.
MIME is an e-mail extension protocol, i.e., it does not operate independently, but it helps to
extend the capabilities of e-mail in collaboration with other protocols such as SMTP. Since
MIME was able to transfer only text written file in a limited size English language with the help
of the internet. At present, it is used by almost all e-mail related service companies such as
Gmail, Yahoo-mail, Hotmail.

Need of MIME Protocol

MIME protocol is used to transfer e-mail in the computer network for the following reasons:
1. The MIME protocol supports multiple languages in e-mail, such as Hindi, French,
Japanese, Chinese, etc.
2. Simple protocols can reject mail that exceeds a certain size, but there is no word limit in
MIME.
3. Images, audio, and video cannot be sent using simple e-mail protocols such as SMTP.
These require MIME protocol.
4. Many times, emails are designed using code such as HTML and CSS, they are mainly
used by companies for marketing their product. This type of code uses MIME to send
email created from HTML and CSS.
MIME Header
MIME adds five additional fields to the header portion of the actual e-mail to extend the
properties of the simple email protocol. These fields are as follows:
1. MIME Version
2. Content Type
3. Content Type Encoding
4. Content Id
5. Content description

MVPS’s KBTCOE, Nashik Page 29

TE-IT-2019 Pattern Computer Network and Security Application Layer

1. MIME Version
It defines the version of the MIME protocol. This header usually has a parameter value 1.0,
indicating that the message is formatted using MIME.
2. Content Type
It describes the type and subtype of information to be sent in the message. These messages can
be of many types such as Text, Image, Audio, Video, and they also have many subtypes such
that the subtype of the image can be png or jpeg. Similarly, the subtype of Video can be WEBM,
MP4 etc.
3. Content Type Encoding
In this field, it is told which method has been used to convert mail information into ASCII or
Binary number, such as 7-bit encoding, 8-bit encoding, etc.
4. Content Id
In this field, a unique "Content Id" number is appended to all email messages so that they can be
uniquely identified.
5. Content description
This field contains a brief description of the content within the email. This means that
information about whatever is being sent in the mail is clearly in the "Content Description". This
field also provides the information of name, creation date, and modification date of the file.
Example of Content description
Content-Description: attachment; filename = javatpoint.jpeg;
modification-date = "Wed, 12 Feb 1997 16:29:51 -0500";

Working diagram of MIME Protocol

MVPS’s KBTCOE, Nashik Page 30

TE-IT-2019 Pattern Computer Network and Security Application Layer

Features of MIME Protocol

1. It supports multiple attachments in a single e-mail.
2. It supports the non-ASCII characters.
3. It supports unlimited e-mail length.
4. It supports multiple languages.
Advantage of the MIME
The MIME protocol has the following advantages:
1. It is capable of sending various types of files in a message, such as text, audio, video
files.
2. It also provides the facility to send and receive emails in different languages like Hindi,
French, Japanese, Chinese etc.
3. It also provides the facility of connecting HTML and CSS to email, due to which people
can design email as per their requirement and make it attractive and beautiful.
4. It is capable of sending the information contained in an email regardless of its length.
5. It assigns a unique id to all e-mails.

Hyper Text Transfer Protocol (HTTP)

o It is a protocol used to access the data on the World Wide Web (www).
o The HTTP protocol can be used to transfer the data in the form of plain text, hypertext,
audio, video, and so on.
o This protocol is known as HyperText Transfer Protocol because of its efficiency that
allows us to use in a hypertext environment where there are rapid jumps from one
document to another document.
o HTTP is similar to the FTP as it also transfers the files from one host to another host. But,
HTTP is simpler than FTP as HTTP uses only one connection, i.e., no control connection
to transfer the files.
o HTTP is used to carry the data in the form of MIME-like format.
o HTTP is similar to SMTP as the data is transferred between client and server. The HTTP
differs from the SMTP in the way the messages are sent from the client to the server and
from server to the client. SMTP messages are stored and forwarded while HTTP
messages are delivered immediately.

MVPS’s KBTCOE, Nashik Page 31

TE-IT-2019 Pattern Computer Network and Security Application Layer

Features of HTTP:
o Connectionless protocol: HTTP is a connectionless protocol. HTTP client initiates a
request and waits for a response from the server. When the server receives the request,
the server processes the request and sends back the response to the HTTP client after
which the client disconnects the connection.
o Media independent: HTTP protocol is a media independent as data can be sent as long
as both the client and server know how to handle the data content. It is required for both
the client and server to specify the content type in MIME-type header.
o Stateless: HTTP is a stateless protocol as both the client and server know each other only
during the current request. Due to this nature of the protocol, both the client and server do
not retain the information between various requests of the web pages.

HTTP Transactions:

The above figure shows the HTTP transaction between client and server. The client initiates a
transaction by sending a request message to the server. The server replies to the request message
by sending a response message.
Messages
HTTP messages are of two types: request and response. Both the message types follow the same
message format.

MVPS’s KBTCOE, Nashik Page 32

TE-IT-2019 Pattern Computer Network and Security Application Layer

Request Message: The request message is sent by the client that consists of a request line,
headers, and sometimes a body.

Response Message: The response message is sent by the server to the client that consists of a
status line, headers, and sometimes a body.

Uniform Resource Locator (URL)

o A client that wants to access the document in an internet needs an address and to facilitate
the access of documents, the HTTP uses the concept of Uniform Resource Locator
(URL).
o The Uniform Resource Locator (URL) is a standard way of specifying any kind of
information on the internet.
o The URL defines four parts: method, host computer, port, and path.

MVPS’s KBTCOE, Nashik Page 33

TE-IT-2019 Pattern Computer Network and Security Application Layer

o Method: The method is the protocol used to retrieve the document from a server. For
example, HTTP.
o Host: The host is the computer where the information is stored, and the computer is
given an alias name. Web pages are mainly stored in the computers and the computers are
given an alias name that begins with the characters "www". This field is not mandatory.
o Port: The URL can also contain the port number of the server, but it's an optional field. If
the port number is included, then it must come between the host and path and it should be
separated from the host by a colon.
o Path: Path is the pathname of the file where the information is stored. The path itself
contain slashes that separate the directories from the subdirectories and files.

Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to
dynamically assign an IP address to nay device, or node, on a network so they can communicate
using IP (Internet Protocol). DHCP automates and centrally manages these configurations. There
is no need to manually assign IP addresses to new devices. Therefore, there is no requirement for
any user configuration to connect to a DHCP based network.
DHCP can be implemented on local networks as well as large enterprise networks. DHCP is the
default protocol used by the most routers and networking equipment. DHCP is also called RFC
(Request for comments) 2131.
DHCP does the following:
o DHCP manages the provision of all the nodes or devices added or dropped from the
network.
o DHCP maintains the unique IP address of the host using a DHCP server.
o It sends a request to the DHCP server whenever a client/node/device, which is configured
to work with DHCP, connects to a network. The server acknowledges by providing an IP
address to the client/node/device.
DHCP is also used to configure the proper subnet mask, default gateway and DNS server
information on the node or device.
There are many versions of DCHP are available for use in IPV4 (Internet Protocol Version 4)
and IPV6 (Internet Protocol Version 6).

MVPS’s KBTCOE, Nashik Page 34

TE-IT-2019 Pattern Computer Network and Security Application Layer

How DHCP works

DHCP runs at the application layer of the TCP/IP protocol stack to dynamically assign IP
addresses to DHCP clients/nodes and to allocate TCP/IP configuration information to the DHCP
clients. Information includes subnet mask information, default gateway, IP addresses and domain
name system addresses.
DHCP is based on client-server protocol in which servers manage a pool of unique IP addresses,
as well as information about client configuration parameters, and assign addresses out of those
address pools.
The DHCP lease process works as follows:
o First of all, a client (network device) must be connected to the internet.
o DHCP clients request an IP address. Typically, client broadcasts a query for this
information.
o DHCP server responds to the client request by providing IP server address and other
configuration information. This configuration information also includes time period,
called a lease, for which the allocation is valid.
o When refreshing an assignment, a DHCP clients request the same parameters, but the
DHCP server may assign a new IP address. This is based on the policies set by the
administrator.
Components of DHCP
When working with DHCP, it is important to understand all of the components. Following are
the list of components:
o DHCP Server: DHCP server is a networked device running the DCHP service that holds
IP addresses and related configuration information. This is typically a server or a router
but could be anything that acts as a host, such as an SD-WAN appliance.
o DHCP client: DHCP client is the endpoint that receives configuration information from
a DHCP server. This can be any device like computer, laptop, IoT endpoint or anything
else that requires connectivity to the network. Most of the devices are configured to
receive DHCP information by default.
o IP address pool: IP address pool is the range of addresses that are available to DHCP
clients. IP addresses are typically handed out sequentially from lowest to the highest.

MVPS’s KBTCOE, Nashik Page 35

TE-IT-2019 Pattern Computer Network and Security Application Layer

o Subnet: Subnet is the partitioned segments of the IP networks. Subnet is used to keep
networks manageable.
o Lease: Lease is the length of time for which a DHCP client holds the IP address
information. When a lease expires, the client has to renew it.
o DHCP relay: A host or router that listens for client messages being broadcast on that
network and then forwards them to a configured server. The server then sends responses
back to the relay agent that passes them along to the client. DHCP relay can be used to
centralize DHCP servers instead of having a server on each subnet.
Benefits of DHCP
There are following benefits of DHCP:
Centralized administration of IP configuration: DHCP IP configuration information can be
stored in a single location and enables that administrator to centrally manage all IP address
configuration information.
Dynamic host configuration: DHCP automates the host configuration process and eliminates
the need to manually configure individual host. When TCP/IP (Transmission control
protocol/Internet protocol) is first deployed or when IP infrastructure changes are required.
Seamless IP host configuration: The use of DHCP ensures that DHCP clients get accurate and
timely IP configuration IP configuration parameter such as IP address, subnet mask, default
gateway, IP address of DND server and so on without user intervention.
Flexibility and scalability: Using DHCP gives the administrator increased flexibility, allowing
the administrator to move easily change IP configuration when the infrastructure changes.

MVPS’s KBTCOE, Nashik Page 36