application protocols - huttsystems.com · application protocols domain name system (dns) telnet...

Application Protocols

New York Institute of TechnologyCSCI 690

Michael Hutt

Application Protocols

Domain Name System (DNS) Telnet File Transfer Protocol (FTP) Trivial File Transfer Protocol (TFTP) Simple Mail Transfer Protcol (SMTP) Secure Shell (SSH) Hypertext Transfer Protocol (HTTP)

Clients and Servers Daemon - passive background process

Ports - well known and random ports

TCP or UDP?

Sockets

DNS /etc/hosts

manual task Domain Name System

county code top level domains generic top level domains

www.yahoo.com com - top level domain yahoo - corporation’s registered name www - host name at yahoo

iris.nyit.edu

DNS…

UDP port 53 used for host queries max mtu used: 512 bytes

TCP used for zone transfers

DNS…

Telnet/Rlogin

Remote login Telnet dates back to 1969 on the ARPANET

telecommunications network protocol Rlogin designed to work between UNIX

systems Telnet designed to work between any host Both are superseded now by ssh

Telnet Server listens on tcp port 23 Uses in-band signaling byte 0xff: IAC (interpret as command)

next byte is the command to send 0xff as data, send 0xff 0xff

NVT - network virtual terminal both ends map real terminal to the NVT

Control-] telnet> allows commands to be sent to the telnet client

Telnet…

File Transfer Protocol (FTP) Uses 2 TCP connections Server performs passive-open on port 21 Client performs active-open to port 21 to establish

control connection Server opens data connection from port 20 asc vs bin transfer Passive-FTP

client issues pasv command and opens data connection torandom port specified by server

Active vs Passive FTP

Active Passive

Anonymous FTP login using username: anonymous

password is your email address

anyone can access files on an anonymousftp site

some sites require the client to have a validdomain name for logging purposes

Trivial File Transfer Protocol(TFTP) UDP port 69 Can be used by routers to boot

boot system tftp router-image.bin 192.168.1.8 Router can generate a core dump via tftp

exception dump 192.168.1.8 inetd.conf

tftp dgram udp wait root /usr/sbin/in.tftpdin.tftpd -s /tftpboot

-s , files must exist before they can be written to

Simple Mail Transfer Protocol(SMTP)

SMTP Protocol [mike@saturn ~]$ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 saturn.lab.huttsystems.com ESMTP Sendmail 8.14.3/8.14.1; Tue, 17 Nov 2009

10:46:08 -0500 HELO lab.huttsystems.com 250 saturn.lab.huttsystems.com Hello localhost [127.0.0.1], pleased to meet you MAIL From:<hutt@ieee.org> 250 2.1.0 <hutt@ieee.org>... Sender ok RCPT To:<mhutt@nyit.edu> 250 2.1.5 <mhutt@nyit.edu>... Recipient ok DATA 354 Enter mail, end with "." on a line by itself test message . 250 2.0.0 nAHFk8l7005955 Message accepted for delivery QUIT 221 2.0.0 saturn.lab.huttsystems.com closing connection Connection closed by foreign host. You have mail in /var/spool/mail/mike [mike@saturn ~]$

Secure Shell (SSH)

Servers listens on TCP port 22 Replacement for telnet Uses public-key cryptography SSH-1 vulnerable to man-in-the-middle

attacks SSH-2 should be used Problem with Telnet ->

SSH…11:09:59.909193 IP earth.telnet > 192.168.1.30.61642: P 193:205(12) ack 62 win 4067 0x0000: 000d 9361 cb26 00e0 b064 0b7d 0800 45c0 ...a.&...d.}..E. 0x0010: 0034 0010 0000 ff06 3687 c0a8 01fe c0a8 .4......6....... 0x0020: 011e 0017 f0ca 496f ba4c 6fb8 0ace 5018 ......Io.Lo...P. 0x0030: 0fe3 b779 0000 0d0a 5061 7373 776f 7264 ...y....Password 0x0040: 3a20 19a6 1384 :.....11:10:00.334764 IP 192.168.1.30.61642 > earth.telnet: P 62:63(1) ack 205 win 65535 0x0000: 00e0 b064 0b7d 000d 9361 cb26 0800 4510 ...d.}...a.&..E. 0x0010: 0029 32d0 4000 4006 8382 c0a8 011e c0a8 .)2.@.@......... 0x0020: 01fe f0ca 0017 6fb8 0ace 496f ba58 5018 ......o...Io.XP. 0x0030: ffff 592e 0000 63 ..Y…c11:10:00.535458 IP 192.168.1.30.61642 > earth.telnet: P 63:64(1) ack 205 win 65535 0x0000: 00e0 b064 0b7d 000d 9361 cb26 0800 4510 ...d.}...a.&..E. 0x0010: 0029 32d1 4000 4006 8381 c0a8 011e c0a8 .)2.@.@......... 0x0020: 01fe f0ca 0017 6fb8 0acf 496f ba58 5018 ......o...Io.XP. 0x0030: ffff 532d 0000 69 ..S-..i11:10:00.739341 IP 192.168.1.30.61642 > earth.telnet: P 64:67(3) ack 205 win 65535 0x0000: 00e0 b064 0b7d 000d 9361 cb26 0800 4510 ...d.}...a.&..E. 0x0010: 002b 32d2 4000 4006 837e c0a8 011e c0a8 .+2.@.@..~...... 0x0020: 01fe f0ca 0017 6fb8 0ad0 496f ba58 5018 ......o...Io.XP. 0x0030: ffff d9c6 0000 7363 6f ...…sco11:10:00.947555 IP earth.telnet > 192.168.1.30.61642: P 205:213(8) ack 69 win 4060 0x0000: 000d 9361 cb26 00e0 b064 0b7d 0800 45c0 ...a.&...d.}..E. 0x0010: 0030 0014 0000 ff06 3687 c0a8 01fe c0a8 .0......6....... 0x0020: 011e 0017 f0ca 496f ba58 6fb8 0ad5 5018 ......Io.Xo...P. 0x0030: 0fdc 5f26 0000 0d0a 6561 7274 683e 966e .._&....earth>.n 0x0040: fe72

Hypertext Transfer Protocol(HTTP) Resource discovery services prior to the WWW

Archie provides a directory of thousands of FTP servers

WAIS: Wide Area Information Server Provides databases to search for keywords in files

Gopher Menu driven front end to Archie, WAIS and anonymous

FTP Veronica

Index of titles of Gopher items

The World Wide Web Hypertext markup language

Uniform Resource Locators subset of URIs - Uniform Resource Identifiers

"Uniform Resource Locator" (URL) refers to the subset ofURI that identify resources via a representation of theirprimary access mechanism (e.g., their network "location"),rather than identifying the resource by name or by someother attribute(s) of that resource.”

Hypertext Transfer Protocol

HTML HTML 4.01 - current version HTML 5 - working draft status A basic HTML document looks like this:<!DOCTYPE html><html> <head> <title>Sample page</title> </head> <body> <h1>Sample page</h1> <p>This is a <a href="demo.html">simple</a> sample.</p> <!-- this is a comment --> </body></html>

HTML…

New tags in HTML 5 <nav> <footer> <audio> <video>

“lack of uniform codec availability will make itimpossible for content creators to publish their videosin a single format…

Ogg Theora is an open format that is thought to beunencumbered by patents. ”

HTTP 1.1 RFC 2616 request/response protocol default port for http is TCP port 80 HTTP/1.0 used a new connection for each

request/response exchange HTTP/1.1 connection may be used for one or more

request/response exchanges persistent connection firefox: about:config network.http.max-persistent-

connections-per-server;1

URIs The HTTP protocol does not place any a priori limit

on the length of a URI

Note: Servers ought to be cautious about dependingon URI lengths above 255 bytes, because someolder client or proxy implementations might notproperly support these lengths.

http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]

HTTP Methods OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT

GET Methodtelnet www.w3.org 80Trying 128.30.52.54...Connected to www.w3.org.Escape character is '^]'.GET /pub/WWW/TheProject.html HTTP/1.1Host: www.w3.org

HTTP/1.1 301 Moved PermanentlyDate: Tue, 17 Nov 2009 18:16:52 GMTServer: Apache/2Location: http://www.w3.org/TheProject.htmlCache-Control: max-age=21600Expires: Wed, 18 Nov 2009 00:16:52 GMTContent-Length: 241Connection: closeContent-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.w3.org/TheProject.html">here</a>.</p></body></html>Connection closed by foreign host.

Status Codes 1xx: Informational - Request received, continuing

process 2xx: Success - The action was successfully

received, understood, and accepted 3xx: Redirection - Further action must be taken in

order to complete the request 4xx: Client Error - The request contains bad syntax

or cannot be fulfilled 5xx: Server Error - The server failed to fulfill an

apparently valid request