Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
93 views

Chap 17

Uploaded by

Mo Lê
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
93 views

Chap 17

Uploaded by

Mo Lê
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 142

Chapter 17

Introduction
to the
Application
Layer

TCP/IP Protocol Suite 1


Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
OBJECTIVES:
q To introduce client-server paradigm.
q To introduce socket interfaces and list some common functions in
this interface.
q To discuss client-server communication using connectionless
iterative service offered by UDP.
q To discuss client-server communication using connection-
oriented concurrent service offered by TCP.
q To give an example of a client and a server program using UDP.
q To give an example of a client and a server program using TCP.
q To briefly discuss the peer-to-peer paradigm and its application.

TCP/IP Protocol Suite 2


Chapter 17.1 Client-Server Paradigm
Outline 17.2 Peer-to-Peer Paradigm

TCP/IP Protocol Suite 3


17-1 CLIENT-SERVER PARADIGM

The purpose of a network, or an internetwork, is


to provide services to users: A user at a local site
wants to receive a service from a computer at a
remote site. One way to achieve this purpose is to
run two programs. A local computer runs a
program to request a service from a remote
computer; the remote computer runs a program
to give service to the requesting program. This
means that two computers, connected by an
internet, must each run a program, one to provide
a service and one to request a service.
TCP/IP Protocol Suite 4
Topics Discussed in the Section
ü Server
ü Client
ü Concurrency
ü Socket Interfaces
ü Communication Using UDP
ü Communication Using TCP
ü Predefined Client-Server Applications

TCP/IP Protocol Suite 5


Figure 17.1 Server types

TCP/IP Protocol Suite 6


Figure 17.2 Connectionless iterative server

TCP/IP Protocol Suite 7


Figure 17.3 Connection-oriented concurrent server

TCP/IP Protocol Suite 8


Note

An interface is a set of instructions


designed for interaction between two
entities.

TCP/IP Protocol Suite 9


Figure 17.4 Relation between the operating system and the TCP/IP suite

TCP/IP Protocol Suite 10


Example 17.1
Most of the programming languages have a file interface, a
set of instructions that allow the programmer to open a file,
read from the file, write to the file, perform other operations
on the file, and finally close the file. When a program needs
to open the file, it uses the name of the file as it is known to
the operation system. When the file is opened, the
operating system returns a reference to the file (an integer
or pointer) that can be used for other instructions, such as
read and write.

TCP/IP Protocol Suite 11


Figure 17.5 Concepts of sockets

TCP/IP Protocol Suite 12


Figure 17.6 Socket data structure

TCP/IP Protocol Suite 13


Figure 17.7 Socket types

TCP/IP Protocol Suite 14


Figure 17.8 IPv4 socket address

TCP/IP Protocol Suite 15


Figure 17.9 Connectionless iterative communication using UDP

TCP/IP Protocol Suite 16


Example 17.2
As an example, let us see how we can design and write two
programs: an echo server and an echo server. The client
sends a line of text to the server; the server sends the same
line back to the client. Although this client/server pair looks
useless, it has some applications. It can be used, for
example, when a computer wants to test if another
computer in the network is alive. To better understand the
code in a program, we first give the layout of variables used
in both programs as shown in Figure 17.10.

TCP/IP Protocol Suite 17


Figure 17.10 Variables used in echo server and echo client using UDP service

TCP/IP Protocol Suite 18


TCP/IP Protocol Suite 19
TCP/IP Protocol Suite 20
TCP/IP Protocol Suite 21
TCP/IP Protocol Suite 22
Note

To be complete, error-checking code needs


to be added to both server
and client programs.

TCP/IP Protocol Suite 23


Figure 17.11 Flow diagram for connection-oriented, concurrent communication

TCP/IP Protocol Suite 24


Figure 17.12 Status of parent and child processes with respect to the socket

TCP/IP Protocol Suite 25


Example 17.3
We want to write two programs to show how we can have
an echo client and echo server using the services of TCP.
Figure 17.13 shows the variables we use in these two
programs. Since data may arrive in different chunks, we
need pointers to point to the buffer. The first buffer is fixed
and always points to the beginning of the buffer; the second
pointer is moving to let the arrived bytes be appended to
the end of the previous section.

TCP/IP Protocol Suite 26


Figure 17.13 Variable used in echo client and echo sever using TCP

TCP/IP Protocol Suite 27


TCP/IP Protocol Suite 28
TCP/IP Protocol Suite 29
TCP/IP Protocol Suite 30
TCP/IP Protocol Suite 31
TCP/IP Protocol Suite 32
Note

In Appendix F we give some simple Java


versions of programs in
Table 17.1 to 17.4

TCP/IP Protocol Suite 33


17-2 PEER-TO-PEER PARADIGM

Although most of the applications available in the


Internet today use the client-server paradigm, the
idea of using peer-to-peer (P2P) paradigm recently
has attracted some attention. In this paradigm, two
peer computers can communicate with each other to
exchange services. This paradigm is interesting in
some areas such file as transfer in which the client-
server paradigm may put a lot of the load on the
server machine. However, we need to mention that
the P2P paradigm does not ignore the client-server
paradigm; it is based on this paradigm.
TCP/IP Protocol Suite 34
Chapter 18

Host
Configuration
:
DHCP

TCP/IP Protocol Suite 35


Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
OBJECTIVES:
q To give the reasons why we need host configuration.
q To give a historical background of two protocols used for host
configuration in the past.
q To define DHCP as the current Dynamic Host Configuration
Protocol.
q To discuss DHCP operation when the client and server are on the
same network or on different networks.
q To show how DHCP uses two well-known ports of UDP to
achieve configuration.
q To discuss the states the clients go through to lease an IP address
from a DHCP server.

TCP/IP Protocol Suite 36


Chapter 18.1 Introduction
Outline 18.2 DHCP Operation
18.3 Configuration

TCP/IP Protocol Suite 37


18-1 INTRODUCTION

Each computer that uses the TCP/IP protocol


suite needs to know its IP address. If the
computer uses classless addressing or is a
member of a subnet, it also needs to know its
subnet mask. Most computers today need two
other pieces of information: the address of a
default router to be able to communicate with
other networks and the address of a name server
to be able to use names instead of addresses as
we will see in the next chapter. In other words,
four pieces of information are normally needed.
TCP/IP Protocol Suite 38
Topics Discussed in the Section
ü Previous Protocols
ü DHCP

TCP/IP Protocol Suite 39


18-2 DHCP OPERATION

The DHCP client and server can either be on the


same network or on different networks. Let us
discuss each situation separately.

TCP/IP Protocol Suite 40


Topics Discussed in the Section
ü Same Network
ü Different Networks
ü UDP Ports
ü Using TFTP
ü Error Control
ü Packet Format

TCP/IP Protocol Suite 41


Figure 18.1 Client and server on the same network

TCP/IP Protocol Suite 42


Figure 18.2 Client and server on two different networks

TCP/IP Protocol Suite 43


Figure 18.3 Use of UDP ports

TCP/IP Protocol Suite 44


Figure 18.4 DHCP packet format

TCP/IP Protocol Suite 45


Figure 18.5 Flag format

TCP/IP Protocol Suite 46


Figure 18.6 Option format

TCP/IP Protocol Suite 47


TCP/IP Protocol Suite 48
18-3 CONFIGURATION

The DHCP has been devised to provide static and


dynamic address allocation.

TCP/IP Protocol Suite 49


Topics Discussed in the Section
ü Static Address Allocation
ü Dynamic Address Allocation
ü Transition States
ü Other Issues
ü Exchanging Messages

TCP/IP Protocol Suite 50


Figure 18.7 Option with tag 53

TCP/IP Protocol Suite 51


Figure 18.8 DHCP client transition diagram

TCP/IP Protocol Suite 52


Figure 18.9 Exchanging messages

TCP/IP Protocol Suite 53


Chapter 19

Domain
Name
System
(DNS)

TCP/IP Protocol Suite 54


Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
OBJECTIVES:
q To describe the purpose of DNS.
q To define the concept of domains and domain name space.
q To describe the distribution of name spaces and define zones.
q To discuss the use of DNS in the Internet and describe three
categories of domains: generic, country, and reverse.
q To discuss name-address resolution and show the two resolution
methods: recursive and iterative.
q To show the format of DNS message and how they can be
compressed.
q To discuss DDNS and DNSSEC..

TCP/IP Protocol Suite 55


Chapter 19.1 Need for DNS
Outline 19.2 Name Spaces
19.3 DNS in the Internet
19.4 Resolution
19. 5 DNS Messages
19. 6 Types of Records
19. 7 Compression
19. 8 Encapsulation
19. 9 Registrars
19. 10 DDNS
19. 11 Security of DNS
TCP/IP Protocol Suite 56
19-1 NEED FOR DNS

To identify an entity, TCP/IP protocols use the IP


address, which uniquely identifies the connection
of a host to the Internet. However, people prefer
to use names instead of numeric addresses.
Therefore, we need a system that can map a name
to an address or an address to a name.

TCP/IP Protocol Suite 57


Figure 19.1 Purpose of DNS

TCP/IP Protocol Suite 58


19-2 NAME SPACE

To be unambiguous, the names assigned to


machines must be carefully selected from a name
space with complete control over the binding
between the names and IP addresses. In other
words, the names must be unique because the
addresses are unique. A name space that maps
each address to a unique name can be organized
in two ways: flat or hierarchical.

TCP/IP Protocol Suite 59


Topics Discussed in the Section
ü Flat Name Space
ü Hierarchical Name Space
ü Domain Name Space
ü Domain
ü Distribution of Name Space

TCP/IP Protocol Suite 60


Figure 19.2 Domain name space

TCP/IP Protocol Suite 61


Figure 19.3 Domain names and labels

TCP/IP Protocol Suite 62


Figure 19.4 FQDN and PQDN

TCP/IP Protocol Suite 63


Figure 19.5 Domains

TCP/IP Protocol Suite 64


Figure 19.6 Hierarchy of name servers

TCP/IP Protocol Suite 65


Figure 19.7 Zones and domains

TCP/IP Protocol Suite 66


Note

A primary server loads all information from


the disk file; the secondary server loads all
information from the primary server.

When the secondary downloads information


from the primary, it is
called zone transfer.

TCP/IP Protocol Suite 67


19-3 DNS IN THE INTERNET

DNS is a protocol that can be used in different


platforms. In the Internet, the domain name space
(tree) is divided into three different sections:
generic domains, country domains, and the
inverse domain (see Figure 19.8).

TCP/IP Protocol Suite 68


Topics Discussed in the Section
ü Generic Domains
ü Country Domains
ü Inverse Domain
ü Registrar

TCP/IP Protocol Suite 69


Figure 19.8 DNS used in the Internet

TCP/IP Protocol Suite 70


Figure 19.9 Generic domains

TCP/IP Protocol Suite 71


TCP/IP Protocol Suite 72
Figure 19.10 Country domains

TCP/IP Protocol Suite 73


Figure 19.11 Inverse domain

TCP/IP Protocol Suite 74


19-4 RESOLUTION

Mapping a name to an address or an address to a


name is called name-address resolution.

TCP/IP Protocol Suite 75


Topics Discussed in the Section
ü Resolver
ü Mapping Names to Addresses
ü Mapping Addresses to Names
ü Recursive Resolution
ü Iterative Resolution
ü Caching

TCP/IP Protocol Suite 76


Figure 19.12 Recursive resolution

TCP/IP Protocol Suite 77


Figure 19.13 Iterative resolution

TCP/IP Protocol Suite 78


19-5 DNS MESSAGES

DNS has two types of messages: query and


response. Both types have the same format. The
query message consists of a header and question
records; the response message consists of a
header, question records, answer records,
authoritative records, and additional records (see
Figure 19.14).

TCP/IP Protocol Suite 79


Topics Discussed in the Section
ü Header

TCP/IP Protocol Suite 80


Figure 19.14 Query and response messages

TCP/IP Protocol Suite 81


Figure 19.15 Header format

TCP/IP Protocol Suite 82


Figure 19.16 Flags field

TCP/IP Protocol Suite 83


TCP/IP Protocol Suite 84
19-6 TYPES OF RECORDS

As we saw in the previous section, two types of


records are used in DNS. The question records are
used in the question section of the query and
response messages. The resource records are
used in the answer, authoritative, and additional
information sections of the response message.

TCP/IP Protocol Suite 85


Topics Discussed in the Section
ü Question Record
ü Resource Record

TCP/IP Protocol Suite 86


Figure 19.17 Question record format

TCP/IP Protocol Suite 87


Figure 19.18 Query name format

TCP/IP Protocol Suite 88


TCP/IP Protocol Suite 89
TCP/IP Protocol Suite 90
Figure 19.19 Resource record format

TCP/IP Protocol Suite 91


19-7 COMPRESSION

DNS requires that a domain name be replaced by


an offset pointer if it is repeated. For example, in
a resource record the domain name is usually a
repetition of the domain name in the question
record. For efficiency, DNS defines a 2-byte offset
pointer that points to a previous occurrence of
the domain or part of it. The format of the field is
shown in Figure 19.20.

TCP/IP Protocol Suite 92


Figure 19.20 Format of an offset pointer

TCP/IP Protocol Suite 93


Example 19.1
A resolver sends a query message to a local server to find
the IP address for the host “chal.fhda.edu.”. We discuss the
query and response messages separately. Figure 19.21
shows the query message sent by the resolver. The first 2
bytes show the identifier (1333)16. It is used as a sequence
number and relates a response to a query. The next bytes
contain the flags with the
value of 0x0100 in hexadecimal. In binary it is
0000000100000000, but it is more meaningful to divide it
into the fields as shown below:

TCP/IP Protocol Suite 94


Figure 19.21 Example 19.1: Query message

TCP/IP Protocol Suite 95


Example 19.1 Continued
Figure 19.22 shows the response of the server. The
response is similar to the query except that the flags are
different and the number of answer records is one. The flags
value is 0x8180 in hexadecimal. In binary it is
1000000110000000, but again we divide it into fields as
shown below:

TCP/IP Protocol Suite 96


Figure 19.22 Example 19.1: Response message

TCP/IP Protocol Suite 97


Example 19.2
An FTP server has received a packet from an FTP client with
IP address 153.2.7.9. The FTP server wants to verify that the
FTP client is an authorized client. The FTP server can consult
a file containing the list of authorized clients. However, the
file consists only of domain names. The FTP server has only
the IP address of the requesting client, which was the
source IP address in the received IP datagram. The FTP
server asks the resolver (DNS client) to send an inverse
query to a DNS server to ask for the name of the FTP client.
We discuss the query and response messages separately.
Figure 19.23 shows the query message sent from the
resolver to the server.

TCP/IP Protocol Suite 98


Figure 19.23 Example 19.2: Inverse query message

TCP/IP Protocol Suite 99


Example 19.2 Continued
The first 2 bytes show the identifier (0x1200). The flags value
is 0x0900 in hexadecimal. In binary it is 0000100100000000,
and we divide it into fields as shown below:

The OpCode is 0001, which defines an inverse query. The


message contains only one question record. The domain name
is 19171231537in-addr4arpa. The next 2 bytes define the
query type as PTR, and the last 2 bytes define the class as the
Internet. Figure 19.24 shows the response. The flags value is
0x8D80 in hexadecimal. In binary it is 1000110110000000, and
we divide it into fields as shown below:

TCP/IP Protocol Suite 100


Figure 19.24 Example 19.2: Inverse response message

TCP/IP Protocol Suite 101


Example 19.3
In UNIX and Windows, the nslookup utility can be used to
retrieve address/name mapping. The following shows how
we can retrieve an address when the domain name is given.

The nslookup utility can also be used to retrieve the domain


name when the address is given as shown below:

TCP/IP Protocol Suite 102


19-8 ENCAPSULATION

DNS can use either UDP or TCP. In both cases the


well-known port used by the server is port 53.
UDP is used when the size of the response
message is less than 512 bytes because most
UDP packages have a 512-byte packet size limit. If
the size of the response message is more than
512 bytes, a TCP connection is used. In that case,
one of two scenarios can occur:

TCP/IP Protocol Suite 103


19-9 REGISTRARS

How are new domains added to DNS? This is done


through a registrar, a commercial entity
accredited by ICANN. A registrar first verifies that
the requested domain name is unique and then
enters it into the DNS database. A fee is charged.

TCP/IP Protocol Suite 104


19-10 DDNS

When the DNS was designed, no one predicted


that there would be so many address changes. In
DNS, when there is a change, such as adding a
new host, removing a host, or changing an IP
address, the change must be made to the DNS
master file. The DNS master file must be updated
dynamically. The Dynamic Domain Name System
(DDNS) therefore was devised to respond to this
need.

TCP/IP Protocol Suite 105


19-11 SECURITY OF DNS
DNS is one of the most important systems in the
Internet infrastructure; it provides crucial services to
the Internet users. Applications such as Web access
or e-mail are heavily dependent on the proper
operation of DNS. DNS can be attacked in several
Ways.
To protect DNS, IETF has devised a technology
named DNS Security (DNSSEC) that provides the
message origin authentication and message
integrity using a security service called digital
signature (See Chapter 29).
TCP/IP Protocol Suite 106
Chapter 20

Remote
Login:
TELNET
and
SSH
TCP/IP Protocol Suite 107
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
OBJECTIVES:
q To introduce the TELNET protocol and show how it implements
local and remote login.
q To discuss options and sub-options used in TELNET and how
they are negotiated.
q To define out-of-band signaling in TELNET.
q To define different modes of operations in TELNET.
q To introduce SSH as an alternative to TELNET.
q To show how different components of SSH are combined to
provide a secure connection over an insecure TCP connection.
q To discuss port-forwarding in SSH and how it can be used to
provide security for other applications.

TCP/IP Protocol Suite 108


Chapter 20.1 TELNET
Outline
20.2 Secure Shell (SSH)

TCP/IP Protocol Suite 109


20-1 TELNET

TELNET is an abbreviation for TErminaL


NETwork. It is the standard TCP/IP protocol for
virtual terminal service as proposed by ISO.
TELNET enables the establishment of a
connection to a remote system in such a way that
the local terminal appears to be a terminal at the
remote system.

TCP/IP Protocol Suite 110


Topics Discussed in the Section
ü Concepts
ü Time-Sharing Environment
ü Network Virtual Terminal (NVT)
ü Embedding
ü Options and Suboption Negotiation
ü Controlling the Server
ü Out-of-Band Signaling
ü Escape Character
ü Modes of Operation
ü User Interface
ü Security Issue
TCP/IP Protocol Suite 111
Note

TELNET is a general-purpose
client-server application program.

TCP/IP Protocol Suite 112


Figure 20.1 Local login

TCP/IP Protocol Suite 113


Figure 20.2 Remote login

TCP/IP Protocol Suite 114


Figure 20.3 Concept of NVT

TCP/IP Protocol Suite 115


Figure 20.4 Format of data and control characters

TCP/IP Protocol Suite 116


TCP/IP Protocol Suite 117
Figure 20.5 An example of embedding

TCP/IP Protocol Suite 118


TCP/IP Protocol Suite 119
TCP/IP Protocol Suite 120
Figure 20.6 Offer to enable an option

TCP/IP Protocol Suite 121


Figure 20.7 Request to enable an option

TCP/IP Protocol Suite 122


Figure 20.8 Offer to disable an option

TCP/IP Protocol Suite 123


Figure 20.9 Request to disable an option

TCP/IP Protocol Suite 124


Example 20.1
Figure 20.10 shows an example of option negotiation. In this
example, the client wants the serverto echo each character
sent to the server. In other words, when a character is typed
at the user keyboard terminal, it goes to the server and is
sent back to the screen of the user before being processed.
The echo option is enabled by the server because it is the
server that sends the characters back to the user terminal.
Therefore, the client should request from the server the
enabling of the option using DO. The request consists of
three characters: IAC, DO, and ECHO. The server accepts the
request and enables the option. It informs the client by
sending the three-character approval: IAC, WILL, and ECHO.

TCP/IP Protocol Suite 125


Figure 20.10 Example 20.1: Echo option

TCP/IP Protocol Suite 126


TCP/IP Protocol Suite 127
Figure 20.11 Example of sub-option negotiation

TCP/IP Protocol Suite 128


TCP/IP Protocol Suite 129
Figure 20.12 Example of interrupting an application program

TCP/IP Protocol Suite 130


Figure 20.13 Out-of-band signaling

TCP/IP Protocol Suite 131


Figure 20.14 Two different interruptions

TCP/IP Protocol Suite 132


Example 20.2
In this example, we use the default mode to show the
concept and its deficiencies even though it is almost
obsolete today. The client and the server negotiate the
terminal type and terminal speed and then the server checks
the login and password of the user (see Figure 20.15).

TCP/IP Protocol Suite 133


Figure 20.15 Example 20.2

TCP/IP Protocol Suite 134


Example 20.3
In this example, we show how the client switches to the
character mode. This requires that the client request the
server to enable the SUPPRESS GO AHEAD and ECHO
options (see Figure 20.16).

TCP/IP Protocol Suite 135


Figure 20.16 Example 20.3

TCP/IP Protocol Suite 136


TCP/IP Protocol Suite 137
20-2 SECURE SHELL (SSH)

Another popular remote login application


program is Secure Shell (SSH). SSH, like TELNET,
uses TCP as the underlying transport protocol,
but SSH is more secure and provides more
services than TELNET.

TCP/IP Protocol Suite 138


Topics Discussed in the Section
ü Versions
ü Components
ü Port Forwarding
ü Format of the SSH Packet

TCP/IP Protocol Suite 139


Figure 20.17 Components of SSH

TCP/IP Protocol Suite 140


Figure 20.18 Port forwarding

TCP/IP Protocol Suite 141


Figure 20.19 SSH packet format

TCP/IP Protocol Suite 142

You might also like