Mail (smtp), VoIP (sip, rtp) Network Applications Two or more end systems (Hosts) Client server paradigm Client: initiates contact with server (“speaks first”) typically requests service from server, for Web, client is implemented in browser; for e-mail, in mail reader Server: provides requested service to client e.g., Web server sends requested Web page, mail server delivers e-mail Peer to peer paradigm Peers come and leave at any time A peer is both a client and a server Scalability is the advantage Many hybrid peer-to-peer and client-server in real world One or more application Protocols define type of messages syntax of messages: fields and their meaning actions taken user services provided by lower layer protocols Mail (smtp), VoIP (sip, rtp) Application Layer

Identifying Applications Q: how does a process “identify” the other process with which it wants to communicate? IP address of host running other process 32-bit Unique ID “port number” - allows receiving host to determine to which local process the message should be delivered found in RFC 1700 RFC http://www.faqs.org/rfc The combination of IP address and port number is also called “socket” When a client application talks to a server, we need client ip address, client port number source ip address, source port number Server: 1. it is always open; 2. it has a known IP address and a known port number Explain RFC (request for comments) by IETF (Internet Engineering Task Force) Socket = (ip address, port #) TCP connection 4-tuple Application Layer

The Web: introduction Web page: consists of “objects” addressed by a URL Most Web pages consist of: base HTML page, and several referenced objects. URL has two components: host name and path name: User agent for Web is called a browser: Internet Explorer Firefox Server for Web is called Web server: Apache (public domain) MS Internet Information Server Web is the killer application that brought about the fast growth of the current Internet. www.someSchool.edu/someDept/pic.gif Application Layer

The Web: the http protocol http: hypertext transfer protocol Web’s application layer protocol client/server model client: browser that requests, receives, “displays” Web objects server: Web server sends objects in response to requests http1.0: RFC 1945 (before 1997) http1.1: RFC 2068 (after 1998) http request PC running Explorer http response http request Server running NCSA Web server http response http defines how web clients (browsers) request web pages from servers and how servers transfer pages to clients Mac running Navigator Application Layer

The http protocol: more http: TCP transport service: client initiates TCP connection (creates socket) to server, port 80 server accepts TCP connection from client http messages (application-layer protocol messages) exchanged between browser (http client) and Web server (http server) TCP connection closed http is “stateless” server maintains no information about past client requests aside Protocols that maintain “state” are complex! past history (state) must be maintained if server/client crashes, their views of “state” may be inconsistent, must be reconciled http uses TCP as its transport service Stateless: server does not maintain any information about client connections, Application Layer

HTTP connections Nonpersistent HTTP At most one object is sent over a TCP connection. HTTP/1.0 uses nonpersistent HTTP Persistent HTTP Multiple objects can be sent over single TCP connection between client and server. HTTP/1.1 uses persistent connections in default mode Application Layer

Nonpersistent HTTP (contains text, references to 10 jpeg images) Suppose user enters URL www.someSchool.edu/someDepartment/home.index 1a. HTTP client initiates TCP connection to HTTP server (process) at www.someSchool.edu on port 80 1b. HTTP server at host www.someSchool.edu waiting for TCP connection at port 80. “accepts” connection, notifying client 2. HTTP client sends HTTP request message (containing URL) into TCP connection socket. Message indicates that client wants object someDepartment/home.index 3. HTTP server receives request message, forms response message containing requested object, and sends message into its socket time Application Layer

Nonpersistent HTTP (cont.) 4. HTTP server closes TCP connection. 5. HTTP client receives response message containing html file, displays html. Parsing html file, finds 10 referenced jpeg objects time 6. Steps 1-5 repeated for each of 10 jpeg objects 22 roundtrips Q: how many TCP connections? Q2: If the browser opens one TCP connection at one time, how many round trips altogether? Application Layer

Response time modeling Definition of RTT: time to send a small packet to travel from client to server and back. Response time: one RTT to initiate TCP connection one RTT for HTTP request and first few bytes of HTTP response to return file transmission time total = 2RTT+transmit time time to transmit file initiate TCP connection RTT request received time Explain why RTT is bigger than transmission time? Application Layer

Persistent HTTP Persistent HTTP server leaves connection open after sending response subsequent HTTP messages between same client/server are sent over connection Persistent without pipelining: client issues new request only when previous response has been received one RTT for each referenced object Persistent with pipelining: default in HTTP/1.1 client sends requests as soon as it encounters a referenced object as little as one RTT for all the referenced objects How many round trips do we need? Non-persistent, persistent without pipelining, persistent with pipelining Application Layer

http message format: request two types of http messages: request, response http request message: ASCII (human-readable format) request line (GET, POST, HEAD commands) GET /somedir/page.html HTTP/1.0 User-agent: Mozilla/4.0 Host: www.someschool.edu Accept: text/html, image/gif,image/jpeg Accept-language:fr (extra carriage return, line feed) header lines ASCII texts Request line: method, the URL field, the HTTP version field Header lines: Accept-language: the user prefers to receive a French version of the object, if such an object exists; otherwise, the server should send its default version. Carriage return, line feed indicates end of message Application Layer

http request message: general format GET POST HEAD asks server to leave requested object out of response HTTP/1.1 GET, POST, HEAD PUT uploads file in entity body to path specified in URL field DELETE deletes file specified in the URL field POST method fills in the entity body with what user enters into the browser forms Application Layer

Uploading form input Post method: Web page often includes form input Input is uploaded to server in entity body URL method: Uses GET method Input is uploaded in URL field of request line: www.somesite.com/animalsearch?monkeys&banana Application Layer

http message format: response status line (protocol status code status phrase) HTTP/1.0 200 OK Connection: close Date: Thu, 06 Aug 1998 12:00:15 GMT Server: Apache/1.3.0 (Unix) Last-Modified: Mon, 22 Jun 1998 …... Content-Length: 6821 Content-Type: text/html data data data data data ... header lines data, e.g., requested html file Connection: close, server tells the client that it will close the connection after sending this message Date: indicates the time and date when the server retrieves the object from its file system and sends the response message Application Layer

http response status codes In first line in server->client response message. A few sample codes: 200 OK request succeeded, requested object later in this message 301 Moved Permanently requested object moved, new location specified later in this message (Location:) 400 Bad Request request message not understood by server 404 Not Found requested document not found on this server 505 HTTP Version Not Supported Show how to capture packets exchanged on the network Application Layer

Trying out http (client side) for yourself 1. Telnet to your favorite Web server: telnet cis.poly.edu 80 Opens TCP connection to port 80 (default http server port) at cis.poly.edu. Anything typed in sent to port 80 at cis.poly.edu 2. Type in a GET http request: By typing this in (hit carriage return twice), you send this minimal (but complete) GET request to http server GET /~ross/ HTTP/1.0 3. Look at response message sent by http server! Application Layer

User-Server Identification Server is stateless How to identify a user Authentication Cookies Caching Conditional GET Authentication: restrict access to certain users Cookies: generate responses based on users Application Layer

User-server interaction: authentication client server Authentication goal: control access to server documents stateless: client must present authorization in each request authorization: typically name, password authorization: header line in request usual http request msg 401: authorization req. WWW authenticate: usual http request msg + Authorization:line usual http response msg Show the ethereal captured session usual http request msg + Authorization:line time usual http response msg Browser caches name & password so that user does not have to repeatedly enter it. Application Layer

Cookies: keeping “state” Many major Web sites use cookies Four components: 1) cookie header line in the HTTP response message 2) cookie header line in HTTP request message 3) cookie file kept on user’s host and managed by user’s browser 4) back-end database at Web site Example: Susan access Internet always from same PC She visits a specific e-commerce site for first time When initial HTTP requests arrives at site, site creates a unique ID and creates an entry in backend database for ID Application Layer

Cookies: keeping “state” (cont.) client server http request http response + Set-cookie: 1678 cookie: 1678 http response cookie- specific action spectific Cookie file ebay: 8734 server creates ID 1678 for user entry in backend database Cookie file amazon: 1678 ebay: 8734 access one week later: access Cookie file amazon: 1678 ebay: 8734 Application Layer

Cookies (continued) What cookies can bring: user accounts shopping carts Web portals Advertising Secretly collecting users’ browsing habits What to do? Application Layer

Web Caches (proxy server) Goal: satisfy client request without involving origin server user sets browser: Web accesses via web cache client sends all http requests to web cache if object at web cache, web cache immediately returns object in http response else requests object from origin server, then returns http response to client origin server Proxy server http request http request client http response http response http request http request Advantages: Reduce response time Reduce server load Reduce internet traffic http response http response client origin server Application Layer

Conditional Get First time cache request Subsequent cache request First time server response Cache saves last modification time of the object Subsequent cache request Subsequent server response GET /fruit/kiwi.gif HTTP/1.1 Host: www.exotiquecuisine.com GET /fruit/kiwi.gif HTTP/1.1 Host: www.exotiquecuisine.com If-modified-since: Wed, 2 Jul 2003 09:23:24 HTTP/1.1 200 OK Date: Mon, 7 Jul 2003 15:39:29 Server: Apache/1.3.0 (Unix) Last-Modified: Wed, 2 Jul 2003 09:23:24 Content-Type: image/gif (data data data …) HTTP/1.1 304 Not Modified Date: Mon, 14 Jul 2003 15:39:29 Server: Apache/1.3.0 (Unix) (empty entity body …) Application Layer

Conditional GET: client-side caching server Goal: don’t send object if client has up-to-date cached version client: specify date of cached copy in HTTP request If-modified-since: <date> server: response contains no object if cached copy is up-to-date: HTTP/1.0 304 Not Modified HTTP request msg If-modified-since: <date> object not modified HTTP response HTTP/1.0 304 Not Modified HTTP request msg If-modified-since: <date> object modified HTTP response HTTP/1.0 200 OK <data> Application Layer

HTTPS Secure version of HTTP Procedure: Client connects, Systems exchange fresh public keys Systems agree on a symmetric (fast) protocol (e.g. 3DES) Server presents certificate Client accepts or rejects (Client presents certificate) Application Layer

Review Questions (T/F) Networked applications interact with each other using interprocess communication. The routers run all the five layers in the protocol stack. If an HTTP request message uses the Accept-language: fr header, and the server only has an English version of the object, then the server will return the 404 Document Not Found error message When authorization is required for a web site, the browser only needs to send one HTTP request with Authorization: header line, including the username and password entered by the user; for subsequent HTTP requests, the browser does not send Authorization: header line. F, F, F, F Application Layer

Review Questions (T/F) Networked applications interact with each other using interprocess communication. The routers run all the five layers in the protocol stack. If an HTTP request message uses the Accept-language: fr header, and the server only has an English version of the object, then the server will return the 404 Document Not Found error message When authorization is required for a web site, the browser only needs to send one HTTP request with Authorization: header line, including the username and password entered by the user; for subsequent HTTP requests, the browser does not send Authorization: header line. F, F, F, F Application Layer