[Computer Network] Illustrated Application Layer Protocol

1. Application layer

We have introduced the lower three layers of the TCP/IP model before, which are the network access layer , network layer and transport layer . They all serve the application layer and transmit various data of the application layer. Now let's take a look at the top-level application layer .

In the TCP/IP model, the services provided by the application layer are equivalent to the sum of the services of the application layer , presentation layer and session layer of the OSI model . It not only includes the session layer function for managing communication connections , the presentation layer function for data format conversion , but also the application layer function for interaction between hosts .

The purpose of the application layer is to provide network interfaces to applications and provide services directly to users. Compared with lower-layer network protocols, application protocols are much more common. You may have heard of application layer protocols such as HTTP, HTTPS, and SSH.

In the TCP/IP model, the application layer is located above the transport layer, and the port number of the transport layer is used to identify the application layer protocol corresponding to the data. In other words, protocols with port numbers are application layer protocols . Application protocols are application communication rules between end devices . The information exchanged between applications is called messages , and application protocols define the format of these messages and the rules for message control or operation.

Communication methods of application protocols can be divided into two categories:

• Server and client models
• P2P model

In the server and client model , a host that always exposes a fixed IP address serves applications from other hosts, and hosts requesting services do not communicate with each other. These terminal devices that provide services to other hosts are called servers , and those hosts that request services are called clients . Most application layer protocols are of this model.

In the P2P model , there is no specific server or client. The applications installed on these devices can establish peer-to-peer connections between hosts, which can both provide services and receive services. Usually large-traffic applications use the P2P model, such as downloaders, etc.

When developing applications, in order to achieve corresponding functions and purposes, you can use existing application protocols, or you can define a new application protocol yourself. At the same time, applications can directly use network transmission services below the transport layer. Developers only need to worry about which application protocol to choose and how to develop it, without considering how the data is transmitted to the destination. This is also a characteristic of the TCP/IP layered model.

There are many applications, including web browsers , email , remote login , file transfer , network management , etc. These applications communicate using application protocols, which are designed and created to implement the functionality of the application.

2.Remote login

The management methods of network equipment are divided into local management and remote management. Remote management is a method of logging in to the peer device on the network from the local host and sending management data to the device on the peer network to achieve device management. Through remote management, you can not only use the applications on the host directly, but also set parameters for the host. Remote login mainly uses two protocols, Telnet and SSH, to manage network devices.

The goddess asked Da Liu to go to her company to repair the network. Da Liu didn't even need to go to the goddess's company and could log in remotely to solve the problem.

2.1 Telnet

In actual work, except for a few devices that cannot be managed remotely, most devices use remote management to manage the configuration files and system files of the device. Compared with local management, remote management is not restricted by physical location. You can control devices on the other side of the world by connecting to the network. It also eliminates the process of plugging and unplugging device cables and terminal settings. A large number of devices can be managed simultaneously through a remote application. Internet equipment.

The Telnet protocol defines a communication standard for a device to initiate a clear-text management connection to a remote device through an IP network. You can establish a management connection with a remote device through the Telnet protocol on one device, and configure and monitor the remote device. , the experience in this way is no different from logging in to the device locally. The device that initiates management is the Telnet client , and the device being managed is the Telnet server . Therefore, the Telnet protocol is a typical application layer protocol of server and client models.

The Telnet protocol establishes a connection between the server and the client through the TCP protocol, and sends user names, passwords and commands to the server through this connection. The Telnet protocol uses TCP port 23, which means that when the client initiates a Telnet connection, it connects to the server's TCP port 23 by default.

When the Telnet client enters commands, these commands are sent to port 23 through the TCP connection. After receiving the request, the daemon Telnetd sends the commands to the Shell. The Shell interprets the commands for the operating system, and then the operating system executes the Telnet client. command issued . In the same way, the operating system sends the command execution results back to the Telnet client in reverse order.

The Telnet protocol implements remote command transmission, but when the client and server span unreliable public networks, all data in the Telnet communication can be intercepted during the command transmission process, and then the intercepted user name and password can be used to pass the identity authentication of the Telnet server, and Log in to the device and modify the configuration file.

The Telnet protocol has major security risks and is not recommended for use outside the laboratory.

2.2 SSH

The SSH protocol is a secure shell protocol (Secure Shell), which is designed to replace Telnet. SSH is an encrypted remote login protocol and provides a more secure remote login service. When using SSH, communications are encrypted. Even if the information is intercepted, the true content of the data cannot be known because it cannot be decrypted.

The commonly used version of the SSH protocol is SSHv2 . The SSH client establishes a TCP encrypted channel with the SSH server through the SSHv2 protocol. The way to establish this secure channel is to let the client use the server's RSA public key to verify the identity of the SSH server. The SSH protocol uses TCP port 22 by default.

If the client successfully authenticates the server's identity, a session key will be created between them, and the data transmitted through this channel will be encrypted using the encryption algorithm and session key negotiated by both parties. In this way, a secure channel is established between the two devices. This secure channel is used to send the password. The password is transmitted in the form of ciphertext and passes the identity authentication of the server. This is how SSH establishes an encrypted channel to ensure that the SSH server, that is, the Shell of the managed device, is protected from illegal user operations.

3.File transfer

In addition to remote login, we also need to transfer files from remote devices. The application services provided by the file transfer protocol can meet our needs. FTP is a standard protocol for file transfer on the network. FTP uses TCP as the transmission protocol and supports user login authentication and access rights control . Another common file transfer protocol is the TFTP protocol. TFTP is a simple file transfer protocol that does not support user login authentication and does not have complex commands. TFTP uses UDP as the transport protocol and has a retransmission mechanism.

3.1 FTP

FTP is used to transfer files between servers and clients. It is a common protocol for transferring files on IP networks. FTP adopts the client and server model and uses the TCP protocol to provide reliable transmission. FTP can authenticate the user name and password for logging into the server, allows the client to specify the file transfer type, and can set file transfer permissions.

FTP uses two TCP connections to transfer files. One is an FTP control connection , used for control and management; the other is an FTP data connection , used for data transmission. The FTP control connection is used to transmit FTP control commands and response information for command execution, such as verification of login user name and password, name of the file to be sent, and setting of the sending method. This connection remains open throughout the FTP session, sending requests and receiving responses via ASCII strings. Data cannot be sent on the control connection, while the FTP data connection is used for the transmission of files and file lists. The data connection is only established when data needs to be transferred and terminated after the data transfer is completed.

The FTP control connection uses TCP port 21, which is also the listening port of the FTP server, waiting for the client's connection. When performing file GET (RETR), PUT (STOR), and file table (LIST) operations on TCP port 21, a data connection for data transmission will be established each time. The transfer of data and file tables is formally performed on this data connection.

TCP connections for data connections typically use port 20 . You can also use the PORT command to modify it to other values.

Different operating systems may have different storage methods for the same file. In order to ensure that files can be accurately transmitted to the other party, 2 transmission modes are commonly used:

• ASCII mode : ASCII mode is the default file transfer mode. The sender converts the local file into standard ASCII code and then transmits it over the network; after the receiver receives the file, it converts it into a local file according to its own file storage method. ASCII file transfer mode is typically used to transfer text files.

• Binary stream mode : Binary stream mode is also known as image file transfer mode. The sender does not perform any conversion and transmits the file as a bit stream. The binary file type is typically used to transfer program files.

During the FTP data connection process, there are two data transmission modes: active mode and passive mode .

FTP active transfer mode, also called PORT mode. When establishing a data connection in active mode, the FTP client will send a PORT command to the FTP server through the FTP control connection. The PORT command carries parameters: A1, A2, A3, A4, P1, P2, where A1, A2, A3, and A4 indicate the need The IP address of the host that establishes the data connection, and P1 and P2 represent the temporary port numbers used by the client to transmit data. The value of the temporary port number is 256 * P1 + P2. When data needs to be transmitted, the server establishes a data transmission channel with the temporary port provided by the client through TCP port number 20 to complete the data transmission. Throughout the process, since the server actively initiates the connection when establishing a data connection, it is called the active mode .

If the client is inside the firewall, the active method may be problematic because the client's port number is random and not known to the firewall. With the default security policy, the firewall will only allow external hosts to access some internal known ports and block access to internal random ports, making it impossible to establish an FTP data connection. At this time, you need to use FTP passive mode for file transfer.

Passive mode is also called PASV mode. After the FTP control channel is established, the FTP client that hopes to establish a data transmission channel in passive mode will use the control channel to send a PASV command to the FTP server to tell the server to enter passive mode transmission. The server selects a temporary port number and informs the client that the command parameters are consistent with the active transmission method. When data needs to be transmitted, the client actively establishes a data transmission channel with the server's temporary port and completes the data transmission. During the entire process, the server passively receives the client's data connection, so it is called passive mode.

In passive mode, both connections are initiated by the client . Generally, firewalls will not restrict connections initiated by internal clients, thus solving the problem in active mode.

3.2 TFTP

TFTP is also used to transfer files between servers and clients. Compared with FTP, TFTP does not have complex interactive interfaces and authentication controls, and is suitable for network environments that do not require complex interactions.

TFTP adopts client and server mode and uses UDP protocol for transmission . The server uses port number 69 to listen for TFTP connections. Since UDP cannot provide reliable data transmission, TFTP uses a timeout retransmission mechanism to ensure that data is sent correctly. TFTP can only provide simple file transfer capabilities, including file upload and download. The file directory function is not supported, and the user's identity cannot be verified and authorized.

TFTP protocol transfers are initiated by the client.

• When a file needs to be downloaded , the client sends a read request to the TFTP server , then receives the data from the server and sends a confirmation to the server.
• When a file needs to be uploaded , the client sends a write request to the server , then sends data to the server and receives a confirmation from the server.

Similar to FTP, TFTP has two modes for transferring files: netasciimode and octetmode.

• octetThe transfer mode corresponds to the binary stream mode of FTP and is used to transfer program files.
• netasciiThe mode corresponds to the ASCII mode of FTP, which is used to transfer text files.

When TFTP performs file transfer, the transferred file is regarded as consisting of multiple consecutive file blocks . Each TFTP data packet contains a file block and corresponds to a file block number . Each time after sending a file block, it waits for confirmation from the other party, and indicates the block number when confirming. After the sender sends the data, if it does not receive confirmation from the peer within the specified time, the sender will resend the data. If the party sending the confirmation does not receive the next file block data within the specified time, it will resend the confirmation message. This method ensures that the file transfer will not fail due to the loss of a certain piece of data.

The size of the file block contained in each data packet sent by TFTP is fixed to 512bytes. If the file length happens to be 512an integer multiple of bytes, then after the file transfer is completed, the sender must send a packet that does not contain data at the end. text, used to indicate that the file transfer is completed. If the file length is not 512an integer multiple of bytes, then the file block contained in the last transmitted data message must be smaller than 512bytes, which just serves as a sign of the end of the file.

4. Email

Email, as the name suggests, refers to postal services on the Internet. Through email, you can send text content, pictures, report data and other information that can be stored by a computer. Email is not limited by distance and can communicate with any Internet user in the world. E-mail has become a widely used application due to its ease of use, rapid delivery, easy storage, and no distance restrictions.

The first email sent by Liu to the goddess.

4.1 Communication architecture

Email has undergone significant changes in the course of decades of development. It has evolved from the original sender's computer sending emails directly to the recipient's computer, to both senders and receivers using mail servers to send and receive emails on their behalf . In this way, email communication no longer depends on whether the recipient is currently online, and the email communication process has evolved from a simple sender to the receiver, to the sender's computer to the sender's mail server, and the sender 's mail server to the receiver. The mail server , and the three communication processes from the recipient’s mail server to the recipient’s computer . Moreover, the four parties participating in the communication are not directly connected, but are independently connected to the Internet. In this architecture, the computers used by email senders and receivers are called user agents .

4.2 Email address

When using email, you need to have an address, which is called an email address , also called an email address. It is equivalent to mailing address and name.

My email is as follows: [email protected]. networkfoxIndicates the name of the user. Within the same communication address, the name must be unique and cannot be repeated; @it indicates the separator; qq.comit is the domain name of the mail receiving server of the user's mailbox.

The addresses from which emails are sent are managed by DNS . The email address and the domain name of the corresponding email server are registered in DNS. These mapping information are called MX records . For example:qq.comspecified in the MX recordmail.qq.com. Then anyqq.commail sent to the end is sent tomail.qq.comthe server. In this way, you can manage the mapping between different email addresses and specific mail servers based on the mail server specified in the MX record.

4.3 SMTP protocol

The protocol that provides email services is called SMTP. SMTP is used for communication between the mail servers of the sending and receiving parties, rather than between the user agent and the mail server. In actual use, the SMTP protocol is often used between the sending user agent and the sending server.

In order to efficiently send email content, SMTP uses the TCP protocol at the transport layer , and the port number is 25 . When one mail server sends mail to another mail server, it first initiates a connection to the other party's TCP port 25. This TCP connection is then used to send control messages and data.

Although the logic of the SMTP protocol is simple and sufficient to successfully complete the transmission of emails, it inevitably has some security flaws:

• The emails transmitted by SMTP are in plain text and do not provide a data encryption mechanism. The specific content of the email transmission can be seen, and the confidentiality of user information cannot be guaranteed.
• SMTP does not provide any authentication mechanism . Even if a forged sender email address is used, it cannot be identified, resulting in impersonation security issues.

Flooding advertising emails and spam emails containing phishing links have become an increasingly serious problem. In order to correct the problems of SMTP, the IETF defined extended SMTP, namely ESMTP . The extended functions provided by ESMTP include authentication mechanisms and encryption mechanisms.

During the entire mail transmission process, the SMTP/ESMTP protocol defines the message transmission method between mail servers. After the receiving server receives the email, how the recipient (user agent) accesses the email requires other protocols to handle.

4.4 POP3 protocol

The email reaches the recipient server through the SMTP protocol. The personal computer cannot be turned on for a long time. The user hopes to receive the email as soon as the computer is turned on. However, SMTP does not have this function.

In order to solve this problem, the POP3 protocol was introduced. POP3 protocol is the protocol used for receiving email. The sender's email uses the SMTP protocol to forward the email to an always-online POP3 server. The client then receives mail from the POP3 server according to the POP3 protocol. During this process, in order to prevent others from stealing the email content, user authentication is also required.

The POP3 protocol, like the SMTP protocol, is an application layer protocol based on TCP and uses TCP port 110 to connect to the mail server. The recipient's email client program first uses TCP to connect to TCP port 110 of the POP3 server; then it performs user authentication, mail list query, email download, email deletion and other operations; after the operation is completed, the client and the email server are disconnected TCP connection.

POP3 is only responsible for downloading emails, and uploading emails from the client to the mail server is completed by the SMTP protocol.

4.5 IMAP protocol

The mail client of the POP3 protocol can perform very few operations on the mail server, and the mail needs to be downloaded locally to the client rather than retained on the mail server, which is very inconvenient in actual use. The more widely used protocol for receiving email today is IMAP. In IMAP, mail is managed by the server.

When using IMAP, you don't have to download all your mail from the server to view it . Since IMAP processes MIME information on the server side, it can implement selective downloading of email attachments. For example: when an email has 5 attachments, you can download only 3 of them. IMAP also manages " read/unread " information and mail classifications on the server, so you can open mailboxes on different computers and keep them in sync, which is very convenient to use.

5.WWW

The World Wide Web ( WWW) is a system that displays information on the Internet in the form of hypertext, also called the Web. Client software that can display WWW information is called a Web browser, sometimes simply called a browser. Currently commonly used web browsers include Microsoft's Internet Explorer, Google's Google Chrome, Tencent's QQ Browser, and Apple's Safari.

Using a browser, we don't need to care about which server the information is stored on. With just a click of the mouse, we can access the links on the page and open related information.

After accessing through a browser, the content displayed on the browser is called a Web page. The first page you see when you visit a website is called the home page (also called the homepage). Many companies' homepage addresses are in the form:

http://www.公司名称.com.cn

This type of homepage usually contains company profiles, product information, recruitment information, etc. We can click on the icons or links of these titles to jump to the corresponding pages. The information on these pages is not only text content, but also various information such as pictures or animations, even sounds or other programs. Not only can we obtain information through Web pages, but we can also create our own Web pages to publish information to the world.

WWW has three important concepts, which are the way and location of accessing information ( URI), the representation of information ( HTML), and information transmission ( HTTP) and other operations.

5.1 URI

URI is used to identify resources and is an efficient identification code that is used in homepage addresses, emails, phone numbers, etc.

• http://www.rfc-editor.org/rfc/rfc4395.txt
• http://www.ietf.org:80/index.html
• http://localhost:321

Usually the home page address is called URL . URLs are often used to represent the specific location of network resources. However, URI is not limited to identifying Internet resources and can be used as an identifier for all resources. Simply put, URL is a subset of URI.

WWW mainly uses httpand httpsto represent the location of Web pages and the method of accessing Web pages. The specific format of http is as follows:

• http://hostname/path
• http://hostname:port number/path
• http://hostname:port number/path?Access content#Part of the information

The host name can be represented by a domain name or IP address , and the port number represents the transmission port number. When the port number is omitted, httpthe default port 80 is used. The path refers to the location of the information on the host, the access content indicates the information to be passed to CGI, and some information indicates the location in the page, etc.

This representation can identify specific data on the Internet. Since httpthe displayed data may change at any time, remembering the URI (URL) of the page cannot guarantee that you can access the page next time.

5.2 HTML

HTML is a language used to describe Web pages. It can specify the text displayed in the browser, the size and color of the text, and can also set images, animations or audio.

In the page, HTML can not only attach text or pictures to links, but also display the content pointed to by the link when the link is clicked. Information in any WWW server on the Internet can be displayed in the form of links.

HTML can also be said to be the data presentation protocol of the WWW. As long as the data is displayed in HTML, the effect is basically the same even on different computers.

5.3 HTTP

When the user enters the URL of the Web page in the browser's address bar, HTTP processing begins. HTTP uses port 80 by default. Its working mechanism is that the client first establishes a TCP connection to port 80 of the server, and then performs requests and responses and sends data packets on this TCP connection .

There are two versions commonly used in HTTP, one is HTTP 1.0, and the other is HTTP 1.1. HTTP 1.0Each command and response in will trigger the establishment and disconnection of a TCP connection . Starting from HTTP 1.1, multiple commands and responses are allowed to be sent on a TCP connection. This method is also called maintaining the connection ( keep-alive). It can greatly reduce the establishment and disconnection operations of TCP connections and improve transmission efficiency.

6. Network management applications

Many application layer protocols are well-known because we use a large number of applications related to these application protocols in our daily Internet use. Such application protocols are called end-user . , but we rarely hear about them. We only realize their existence when the network cannot be used normally. This type of application layer protocol is called a system application protocol .

In daily work, network engineers often use system application protocols such as DHCP protocol and DNS protocol. (Following blogs will focus on these two protocols)

6.1 DHCP protocol

6.2 DNS protocol