Chapter Four

Network Applications
 Outlines

• Details of TCP/IP
• HTTP
• FTP
• SMTP
• DNS
• Telnet
 Details of TCP/IP

• TCP/IP protocol suite is made of four layers: Application,

transport, Internet and network interface layer.
OSI and TCP/IP
 FTP

• is a reliable, connection-oriented service that uses TCP to transfer

files between systems that support FTP. Uses port number 21.
• FTP stands for File Transfer Protocol. In a nutshell, FTP is used to
transfer computer files.
• FTP is also frequently used as a way to transfer web pages.
• The main purpose of FTP is to transfer files from one computer to
another by copying and moving files from servers to clients, and
from clients to servers.
• When files are copied from a server, FTP first establishes a control
connection between the client and the server.
• Then a second connection is established, which is a link between the
computers through which the data is transferred.
 FTP…

• Data transfer can occur in ASCII mode or in binary mode. These

modes determine the encoding used for data file, which in the OSI
model is a presentation layer task.

• After the file transfer has ended, the data connection terminates
automatically. When the entire session of copying and moving files is
complete, the command link is closed when the user logs off and
ends the session.
 FTP…

• Access to an FTP server can be managed in two ways:

• Anonymous- remote clients can access the FTP server by

using the default user account called 'anonymous" or "ftp"
and sending an email address as the password.

• Authenticated - In the Authenticated mode a user must

have an account and a password.
 How does File Transfer
Protocol Work?

09/19/2025 8
 How does File Transfer
Protocol Work?
• A Client makes a TCP connection to the server port 21 . This
connection remains open for the duration of the session...and
thus is called a control session...
• Then another connection is opened called the data
connection...
• The control connection is used for authenticating , command
and administrating (I.e. commands etc..) exchanged between
the client and the server..
• The server responds on the requests with status codes like 200
Ok , 404 error etc

09/19/2025 9
 SMTP

• Email is delivered by having the source machine establish a

TCP connection to port 25 of the destination machine.

• While electronic mail servers and other mail transfer agents

use SMTP to send and receive mail messages,

• User-level client mail applications typically only use SMTP

for sending messages to a mail server for relaying.
 SMTP, POP, and IMAP

• Typically use an application called a Mail User Agent (email

client).
• Allows messages to be sent
• Places received messages into the client's mailbox
• SMTP - Send email from either a client or a server
• POP - Receive email messages from an email server
• IMAP - Internet Message Access Protocol
• Email client provides the functionality of both protocols within one
application
 SMTP, POP, and IMAP

09/19/2025 12
 SMTP, POP, and IMAP

09/19/2025 13
 SMTP, POP, and IMAP
• Simple Mail Transfer Protocol (SMTP)
 transfers mail
 message must be formatted properly
 SMTP processes must be running on both the client and server
 message header must have a properly formatted recipient email address
and a sender
 uses port 25
• Post Office Protocol (POP)
 enables a workstation to retrieve mail from a mail server
 mail is downloaded from the server to the client and then deleted on the
server
 uses port 110
 POP does not store messages
 POP3 is desirable for an ISP, because it alleviates their responsibility for
managing large amounts of storage for their email servers
09/19/2025 14
 SMTP, POP, and IMAP

09/19/2025 15
 SMTP, POP, and IMAP

09/19/2025 16
 SMTP, POP, and IMAP

 MDA accepts a piece of email from MTA and performs the actual de-
livery.
 MDA receives all the inbound mail from the MTA and places it into
mailboxes.
 MDA can also resolve final delivery issues, such as virus scanning,
spam filtering, and return-receipt handling.

09/19/2025 17
 SMTP, POP, and IMAP

• Simple Mail Transfer Protocol (SMTP)

 Transfers mail reliably and efficiently

• Post Office Protocol (POP)

 Enables a workstation to retrieve mail from a mail server
 With POP, mail is downloaded from the server to the client and then
deleted on the server

• Internet Message Access Protocol (IMAP)

 Another protocol that to retrieves email messages
 Unlike POP, when the user connects to an IMAP-capable server, copies
of the messages are downloaded to the client application
 Original messages are kept on the server until manually deleted

09/19/2025 18
 DNS (Domain Name Sys-
tem)

• DNS is the invention of a hierarchical, domain-based naming

scheme and using a distributed database system.
• A human legible name is resolved to its numeric network device ad-
dress by the DNS protocol.

• It is primarily used for mapping host names and e-mail destinations

to IP addresses

• For eg, www.example.com translates to 208.77.188.166.

 DNS (Domain Name Sys-
tem)

09/19/2025 20
 DNS (Domain Name Sys-
tem)

09/19/2025 21
 DNS (Domain Name Sys-
tem)

09/19/2025 22
 DNS Message Format

 DNS server stores different types of resource records used to resolve names
 Contains the name, address, and type of record.
 Record types are:
 A – An end device address
 NS – An authoritative name server
 CNAME – The canonical name for an alias; used when multiple services
have the single network address, but each service has its own entry in DNS
 MX – Mail exchange record; maps a domain name to a list of mail exchange
servers
 Unable to resolve the name using its stored records, contacts other servers.
 Server temporarily stores the numbered address that matches the name in cache
memory.
 Windows ipconfig /displaydns displays all cached DNS.

23
 DNS Hierarchy

• Examples
top-level
domains:
• .au - Aus-
tralia
• .co - Colom-
bia
• .com - busi-
ness or in-
dustry
• .jp - Japan
• .org - non-
profit organi-
zation
09/19/2025 24
 nslookup

 Operating system utility called nslookup allows the user to manually

query the name servers to resolve a given host name
 Utility can be used to troubleshoot name resolution issues and to verify
the current status of the name servers

09/19/2025 25
 The DNS Name Space

• The Internet is divide into over 200 top-level domain,

which covers many hosts.
• Each domain is partitioned into subdomains,
 The DNS Name Space…

• The top-level domains come in two flavors: generic and

countries.
 The DNS Name
Space…

• In general, getting a second-level domain is easy.

– such as name-of-company.com

• Every common (English) word has been taken in the com domain.
• Domain names are case insensitive
– Edu, EDU and edu mean the same thing

• Each domain controls how it allocates the domains under it.

– eg .et controls .gov.et , .com.et
– Hu.edu.et
 Name Servers

• In theory at least, a single name server could contain the entire

DNS database and respond to all queries about it.
• In practice, this server would be so overloaded as to be
• useless. Furthermore, if it ever went down, the entire Internet
would be crippled.
• The DNS name space is divided into nonoverlapping zones.
Name Servers…
 Name Servers…

• If a resolver on flits.cs.vu.nl wants to know the IP address

of the host linda.cs.yale.edu. The steps are :
– it sends a query to the local name server, cs.vu.nl.

– If the sever does not know this domain the request is

sent to the top-level domain (edu-server.net), even if this
server doesn't know the subdomain it must know the
yale.edu.

– Then from that the subdomains names will be resolved

 HTTP and HTTPS

• is a language between Web servers and browsers.

• HTTP has the following duties:
– To establish a connection between the browser (the
client) and the server
– To negotiate settings and establish parameters for the
session
– To provide for the orderly transfer of HTML content
– To close the connection with the server
 HTTP…

• When one enter a URL into the browser window, The Fig-
ure below shows how a browser uses HTTP to display a
simple HTML resource that resides on a distant server.
 The steps are:

1. The browser extracts the server's hostname from the URL.

2. The browser converts the server's hostname into the server's IP

address. (The client computer sends the DNS lookup request to a
name server and receives the server's IP address. )

3. The browser extracts the port number (if any) from the URL.
With the IP address and port number, a client can easily commu-
nicate via TCP/IP.
 The steps are:

4. The browser establishes a TCP connection with the web server

5. The browser sends an HTTP request message (HTTP GET

command) to the server.

6. The server sends an HTTP response back to the browser, along

with
the document is a header containing several settings.
09/19/2025 36
 HTTP Transactions

• HTTP transaction consists of

– A request command (sent from client to server), and
– response result (sent from the server back to the client).

• This communication happens with formatted blocks of data

called HTTP messages
 Messages

• HTTP messages are simple, line-oriented sequences of characters.

– HTTP messages sent from web clients to web servers are called
request messages.
– Messages from servers to clients are called response messages.

The format for a request message:

<method> <request-URL> <version>
• <headers>
• <entity-body>
• <headers>
• <entity-body>
 Messages…

• The format for a response message:

<version> <status> <reason-phrase>
<headers>
<entity-body>
 DHCP

• DHCP allows devices to acquire their addressing information dy-

namically.
• It is built on a client/server model and defines two components:
– Server - Delivering host configuration information
– Client - Requesting and acquiring host configuration information
• DHCP provides the following advantages:
– It reduces the amount of configuration on devices.
– It reduces the likelihood of configuration errors on devices ac-
quiring address information.
– It gives you more administrative control by centralizing IP ad-
dressing information and management.
DHCP…
 DHCP…

• Client/Server Model

• The client and the server negotiate in a series of messages

in order for the client to get the parameters it needs.

• This process can involve more than one server but only one
server is selected by the client.
 DHCP…

09/19/2025 43
 DHCP…
• Description of the communication steps
1. The client broadcasts a DHCPDISCOVER.
2. Each server may respond with a DHCPOFFER message.
3. The client receives one or more DHCPOFFER messages from one
or more servers and chooses one server from which to request
configuration parameters. The client broadcasts a DHCPREQUEST
message.
4. Those servers not selected by the DHCPREQUEST message use
the message as notification that the client has declined that server's
offer. The server selected in the DHCPREQUEST message com-
mits the responds with a DHCPACK message containing the con-
figuration parameters for the requesting client.
 DHCP…

5. The client receives the DHCPACK message with configuration

parameters. At this point, the client is configured. If the client re-
ceives a DHCPNAK message, the client restarts the configuration
process.

6. The client may choose to relinquish its lease on a network ad-

dress by sending a DHCPRELEASE message to the server (e.g.
on shutdown).

7. The server receives the DHCPRELEASE message and marks

the lease as free.
 Telnet

• Telnet client software provides the ability to login to a re-

mote Internet host that is running a Telnet server applica-
tion and then to execute commands from the command line.
• A Telnet client is referred to as a local host. Telnet server,
which uses special software called a daemon, is referred to
as a remote host.

• Telnet works at the application layer of the TCP/IP model.

• Therefore, Telnet works at the top three layers of the OSI
model.
• Telnet - used for remote terminal emulation.
• It enables users to access host-based applications by emulating
one of the host's terminals.
• Telnet provides connectivity between dissimilar operating
systems.

• At the session layer, it provides dialog control; at the presenta-

tion layer, telnet provides translation using byte order and
character codes; and at the application layer, telnet provides
the services for remote operations.
09/19/2025 47
Telnet…
Application layer - Port num-
bers
 The Transport Layer

• There are two transport protocols within the TCP/IP trans-

port layer, TCP and UDP
 UDP

• UDP is more efficient than TCP because it has less over-

head.
 TCP/IP Troubleshooting:
ping, traceroute, ifconfig,
netstat, ipconfig
Ping
•Verifies IP-level connectivity to another TCP/IP computer by send-
ing Internet Control Message Protocol (ICMP) Echo Request mes-
sages.
•The receipt of corresponding Echo Reply messages are displayed,
along with round-trip times.
•Ping is the primary TCP/IP command used to troubleshoot connectiv-
ity, reachability, and name resolution.
•Ping used without parameters, ping displays help.
•It‘s Stands for ―Packet Internet Groper
 Ping

09/19/2025 53
 IPCONFIG
• Displays all current TCP/IP network configuration values and re-
freshes Dynamic Host Configuration Protocol (DHCP) and Domain
Name System (DNS) settings.
• Used without parameters, ipconfig displays the IP address, subnet
mask, and default gateway for all adapters.

• ipconfig [/all] [/renew [Adapter]] [/release [Adapter]] [/flushdns]

[/displaydns] [/registerdns] [/showclassid Adapter] [/setclassid
Adapter [ClassID]]
• IPCONFIG /RELEASE or /RENEW - Release or renew an IP Ad-
dress from a DHCP Server
 IPCONFIG

09/19/2025 55
IPCONFIG…
 PATHPING

• Provides information about network latency and network loss at in-

termediate hops between a source and destination.
• Pathping sends multiple Echo Request messages to each router be-
tween a source and destination over a period of time and then com-
putes results based on the packets returned from each router. Be-
cause pathping displays the degree of packet loss at any given
router or link, you can determine which routers or subnets might be
having network problems.
• Pathping performs the equivalent of the tracert command by identi-
fying which routers are on the path.
• It then sends pings periodically to all of the routers over a specified
time period and computes statistics based on the number returned
from each.
• Used without parameters, pathping displays help.
 PATHPING

09/19/2025 58
 NET

• You can use the net user command to create and modify
user accounts on computers.
• When you use this command without command-line
switches, the user accounts for the computer are listed.

• The user account information is stored in the user accounts

database. This command works only on servers.
 NET

09/19/2025 60
 NETSAT

• Displays active TCP connections, ports on which the com-

puter is listening, Ethernet statistics, the IP routing table,
IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols),
and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6,
and UDP over IPv6 protocols).

• Used without parameters, netstat displays active TCP con-

nections.
 NETSAT

09/19/2025 62
 IFCONFIG

• ifconfig checks the network interface configuration.

• ifconfig (Interface Configuration) is a command that is used on
Linux, Mac, and UNIX operating systems. Use this command to
verify the user's configuration if the user's system has been
recently configured or if the user's system cannot reach the
remote host while other systems on the same network can.
• When ifconfig is entered with an interface name and no
other arguments, it displays the current values assigned to
that interface.
• For example, checking interface dnet0 on a Solaris 8 sys-
tem gives this report:
 IFCONFIG…

The ifconfig command displays two lines of output. The first line of
the display shows the interface's name and its characteristics.
UP
•The interface is enabled for use. If the interface is "down," have the
system's superuser bring the interface "up" with the ifconfig com-
mand (e.g., ifconfig dnet0 up). If the interface won't come up, replace
the interface cable and try again. If it still fails, have the interface
hardware checked.
 IFCONFIG…

Running
•This interface is operational. If the interface is not "running," the
driver for this interface may not be properly installed. The system
administrator should review all of the steps necessary to install this in-
terface, looking for errors or missed steps.
•The second line of ifconfig output shows the IP address, the subnet
mask (written in hexadecimal), and the broadcast address. Check
these three fields to make sure the network interface is properly con-
figured.
•Two common interface configuration problems are misconfigured
subnet masks and incorrect IP addresses.
 IFCONFIG…
• A bad subnet mask is indicated when the host can reach other hosts
on its local subnet and remote hosts on distant networks, but it can-
not reach hosts on other local subnets. ifconfig quickly reveals if a
bad subnet mask is set.
• An incorrectly set IP address can be a subtle problem. If the net-
work part of the address is incorrect, every ping will fail with the
"no answer" error. In this case, using ifconfig will reveal the incor-
rect address.
 IFCONFIG…

• However, if the host part of the address is wrong, the problem

can be more difficult to detect.
• A small system, such as a PC that only connects out to other
systems and never accepts incoming connections, can run for a
long time with the wrong address without its user noticing the
problem.

09/19/2025 67
 IFCONFIG…

• Additionally, the system that suffers the ill effects may not
be the one that is misconfigured.
• It is possible for someone to accidentally use your IP ad-
dress on his system, and for his mistake to cause your sys-
tem intermittent communications problems.
• This type of configuration error cannot be discovered by if-
config because the error is on a remote host. The arp com-
mand is used for this type of problem.
 IFCONFIG…

09/19/2025 69
 TRACEROUTE

• If the local routing table is correct, the problem may be occurring

some distance away from the local host. Remote routing problems
can cause the "no answer" error message, as well as the "network un-
reachable" error message. But the "network unreachable" message
does not always signify a routing problem.
• It can mean that the remote network cannot be reached because
something is down between the local host and the remote destination.
traceroute is the program that can help you locate these problems.
• Traceroute traces the route of UDP packets from the local host to a
remote host. It prints the name (if it can be determined) and IP ad-
dress of each gateway along the route to the remote host.
 TRACER-
OUTE …

• Traceroute uses two techniques, small TTL (time-to-live) values

and an invalid port number, to trace packets to their destination.
• traceroute sends out UDP packets with small TTL values to de-
tect the intermediate gateways. The TTL values start at 1 and in-
crease in increments of 1 for each group of three UDP packets
sent.
• When a gateway receives a packet, it decrements the TTL. If the
TTL is then 0, the packet is not forwarded and an ICMP "Time
Exceeded" message is returned to the source of the packet.
• traceroute displays one line of output for each gateway from
which it receives a "Time Exceeded" message.
 TRACEROUTE …

• When the destination host receives a packet from traceroute, it re-

turns an ICMP "Unreachable Port" message.
• This happens because traceroute intentionally uses an invalid port
number (33434) to force this error.
• When traceroute receives the "Unreachable Port" message, it knows
that it has reached the destination host, and it terminates the trace.
• So, traceroute is able to develop a list of the gateways, starting at
one hop away and increasing one hop at a time until the remote host
is reached.
 TRACEROUTE …
• The following shows a traceroute to www.internic.net from a
Solaris system hanging off the Comcast network. traceroute
sends out three packets at each TTL value.

• If no response is received to a packet, traceroute prints an aster-

isk (*).

• If a response is received, traceroute displays the name and ad-

dress of the gateway that responded and the packet's round trip
time in milliseconds
TRACEROUTE …
 Resource Monitor
• Resource Monitor is a graphical tool that allows you to
monitor system resource utilization.
• You can use Resource Monitor to view TCP and UDP ports
that are in use.
• You can also verify which programs are using specific ports
and the amount of data that they are transferring on those
ports.
• You can get resource monitor in task manger on windows
operating system.
 Resource Monitor

09/19/2025 76
 Event Viewer

• Event logs are files that record significant events on a com-

puter, such as when a process encounters an error.

• When these events occur, the Windows Server 2012 operating

system records the event in an appropriate event log.
• You can use Event Viewer to read the event log.

• IP conflicts, which might prevent services from starting, are

listed in the System event log
• You can get event viewer in administrative tools on windows
operating system.
 Event Viewer

09/19/2025 78
 What Is Microsoft Message
Analyzer?
• Microsoft Message Analyzer is a tool used to capture network
traffic and then display and analyze information about that traffic.
• You can use Microsoft Message Analyzer to monitor live network
traffic, or to import, aggregate, and analyze data from log and
trace files.
• You can use Microsoft Message Analyzer to perform the follow-
ing network analysis tasks:
– Capture message data
– Save message data
– Import message data
– View message data
– Filter message data
 Assignments

1. Briefly explain the difference between TCP and UDP with

examples?
2. Name Three Steps Which You Would Use To Troubleshoot
Internet Related Problems.?
3. What Are The Differences Among Router, Switch And Hub?

09/19/2025 81
 Question & Answer

09/19/2025 82
 Thank You !!!

09/19/2025 83
 Quiz
• 1. what is the difference between POP3
and IMAP?
• 2. what is the difference between FTP and
HTTP
• 3. what are the use of cookies?
• 4. Active mode vs Passive mode?
• 5. pathping vs tracert?`

09/19/2025 84