2: Application Layer 1 ECE5650 Basic Network Services (II) FTP, Email, and DNS.
Published byModified over 4 years ago
Presentation on theme: "2: Application Layer 1 ECE5650 Basic Network Services (II) FTP, Email, and DNS."— Presentation transcript:
2: Application Layer 1 ECE5650 Basic Network Services (II) FTP, Email, and DNS
2: Application Layer 2 Recap: HTTP and Web r HTTP request msg format and method types: GET, POST, HEAD, PUT, DELATE r HTTP response msg format and status codes r Cookies and their usage: Persistent vs Non-Persistent cookies
2: Application Layer 3 Examples ofInternet Services r 2.1 Principles of network applications r 2.2 Web and HTTP r 2.3 FTP r 2.4 Electronic Mail SMTP, POP3, IMAP r 2.5 DNS r 2.7 Socket programming with TCP r 2.8 Socket programming with UDP r 2.9 Building a Web server
2: Application Layer 4 FTP: the file transfer protocol r transfer file to/from remote host r client/server model client: side that initiates transfer (either to/from remote) server: remote host r ftp: RFC 959 r ftp server: port 21 for control, port 20 for data file transfer FTP server FTP user interface FTP client local file system remote file system user at host
2: Application Layer 5 SFTP: secure file transfer protocol r All communication (login, control and data are secured) r transfer file to/from remote host r same as FTP client/server model r network protocol designed by the IETF to provide secure file transfer and manipulation facilities over the secure shell (SSH) protocol. file transfer over SSH SFTP server SFTP user interface SFTP client local file system remote file system user at host
2: Application Layer 6 FTP: separate control, data connections r FTP client contacts FTP server at port 21, specifying TCP as transport protocol r Client obtains authorization over control connection r Client browses remote directory by sending commands over the persistent control connection. r When server receives a command for a file transfer or directory listing, the server opens a TCP data connection to client r After transferring one file, server closes connection. FTP client FTP server TCP control connection port 21 TCP data connection port 20 r Server opens a second TCP data connection to transfer another file. r Control connection: “out of band” HTTP sends control info in-band r FTP server maintains “state”: current directory, earlier authentication
2: Application Layer 7 FTP commands, responses Sample commands: r sent as ASCII text over control channel USER username PASS password LIST return list of file in current directory RETR (Get) filename retrieves (gets) file STOR (Put) filename stores (puts) file onto remote host Sample return codes r status code and phrase (as in HTTP) r 331 Username OK, password required r 125 data connection already open; transfer starting r 425 Can’t open data connection r 452 Error writing file
2: Application Layer 8 All FTP commands (RFC 959) r Access control commands: USER, PASS, ACT, CWD, CDUP, SMNT, REIN, QUIT. r Transfer parameter commands: PORT, PASV, TYPE STRU, MODE. r Service commands: RETR, STOR, STOU, APPE, ALLO, REST, RNFR, RNTO, ABOR, DELE, RMD, MRD, PWD, LIST, NLST, SITE, SYST, STAT, HELP, NOOP. r www.faqs.org/rfcs/rfc959.html
2: Application Layer 9 FTP Summary r FTP/SFTP is used to transfer files between hosts r FTP is an out-of-band protocol: control is sent over server port 21 while data is sent over server port 20. r Control connection is persistent and the FTP server must maintain the state of the user. r Data connection is non-persistent and initiated by FTP server.
2: Application Layer 10 Electronic Mail Three major components: r user agents r mail servers r simple mail transfer protocol: SMTP User Agent r a.k.a. “mail reader” r composing, editing, reading mail messages r e.g., Eudora, Outlook, elm, Netscape Messenger r outgoing, incoming messages stored on server user mailbox outgoing message queue mail server user agent user agent user agent mail server user agent user agent mail server user agent SMTP
2: Application Layer 11 Electronic Mail: mail servers Mail Servers r mailbox contains incoming messages for user r message queue of outgoing (to be sent) mail messages r SMTP protocol between mail servers to send email messages client: sending mail server “server”: receiving mail server mail server user agent user agent user agent mail server user agent user agent mail server user agent SMTP
2: Application Layer 12 Electronic Mail: SMTP [RFC 2821] r uses TCP to reliably transfer email message from client to server, port 25 r direct transfer: sending server to receiving server r three phases of transfer handshaking (greeting) transfer of messages closure r command/response interaction commands: ASCII text response: status code and phrase r messages must be in 7-bit ASCII
2: Application Layer 13 Scenario: Alice sends message to Bob 1) Alice uses UA to compose message and “to” email@example.com 2) Alice’s UA sends message to her mail server; message placed in message queue 3) Client side of SMTP opens TCP connection with Bob’s mail server 4) SMTP client sends Alice’s message over the TCP connection 5) Bob’s mail server places the message in Bob’s mailbox 6) Bob invokes his user agent to read message user agent mail server mail server user agent 1 2 3 4 5 6
2: Application Layer 14 Sample SMTP interaction C: telnet smtp.wayne.edu 25 S: 220 mirapointmr3.wayne.edu C: HELO alice S: 250 Hello alice, pleased to meet you C: MAIL FROM: S: 250 firstname.lastname@example.org... Sender ok C: RCPT TO: S: 250 email@example.com... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line by itself C: Do you like ketchup? C: How about pickles? C:. S: 250 Message accepted for delivery C: QUIT S: 221 wayne.edu closing connection
2: Application Layer 15 Try SMTP interaction for yourself: telnet ece.eng.wayne.edu 25 r see 220 reply from server r enter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands above lets you send email without using email client (reader)
2: Application Layer 16 SMTP Mail message format SMTP: protocol for exchanging email msgs RFC 822: standard for text message format: r header lines, e.g., To: From: Subject: different from SMTP commands. SMTP msg goes into the DATA command r body the “message”, 7-bit ASCII characters only header body blank line
2: Application Layer 17 Message format: multimedia extensions r MIME: multimedia mail extension, RFC 2045, 2056 r additional lines in msg header declare MIME content type From: firstname.lastname@example.org To: email@example.com Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data....................................base64 encoded data multimedia data type, subtype, parameter declaration method used to encode data, quoted- printable is another method MIME version encoded data where each line is 78 7-bit ASCII characters including CRLF
2: Application Layer 18 Base64 encoding scheme (RFC 2045) r Encoding (not encrypting) method r input: 8 bit ASCII data r output: one of the 64 values listed in the Base64 encoding table and the “=“ character r Process: group the input data in chunks of 3-bytes or 24-bits each break each 24-bit chunk into 4 values that are 6-bits each use the Base64 encoding table to find the character of each value if any chunk is less than 3 bytes then pad it with 0s and use the “=“ for any of these 6 0s. A 6-bit value with all 0s and at least 1 non-padded 0 will be an “A” Smallest base64 encoded output is 4 characters. Example: input is AB A ASCII hex=0x41 B ASCII hex=0x42 16-bits + 8 padded 0s: 0100 0001 0100 0010 0000 0000 4 values that are 6-bits each: 010000-010100-001000-000000 16-20-8-6 padded 0s Base64 output is QUI=
2: Application Layer 19 Mail access protocols r SMTP: delivery/storage to receiver’s server r Mail access protocol: retrieval from server POP3: Post Office Protocol version 3 [RFC 1939] uses port 110 authorization (agent server) and download IMAP: Internet Mail Access Protocol [RFC 1730] more features (more complex) manipulation of stored msgs on server HTTP: Hotmail, Yahoo! Mail, etc. user agent sender’s mail server user agent SMTP access protocol receiver’s mail server
2: Application Layer 20 POP3 protocol authorization phase r client commands: user: declare username pass: password r server responses +OK (Server accepted prior command) -ERR (server rejected prior command) transaction phase, client: list: list message numbers retr: retrieve message by number dele: delete r quit r UIDL: “unique-ID listing” list unique message ID for all of the messages present in the users mailbox. Useful for download- and-keep by keeping a file that lists the messages retrieved in earlier sessions, the client can use the UIDL command to determine which messages on the server have already been seen. r “Received:” in the msg indicates the SMTP servers that forwarded the msg C: list S: 1 498 S: 2 912 S:. C: retr 1 S: Return-Path: S: Received: from b1 by d1... S: more data.. S:. C: dele 1 C: retr 2 S: S:. C: dele 2 C: quit S: +OK POP3 server signing off C: telnet ece.eng.wayne.edu 110 S: +OK POP3 server ready C: user bob S: +OK C: pass hungry S: +OK user successfully logged on
2: Application Layer 21 POP3 (more) and IMAP More about POP3 r Previous example uses “download-and-delete” mode. r User cannot re-read the deleted e-mail. r “Download-and-keep”: copies of messages on different clients r POP3 is stateless across sessions IMAP r Keep all messages in one place: the server r Allows user to organize messages in folders r IMAP keeps user state across sessions: names of folders and mappings between message IDs and folder name
2: Application Layer 22 Email Summary r SMTP and POP3 uses persistent connections r SMTP requires message (header & body) to be in 7- bit ASCII SMTP server uses CRLF.CRLF to determine end of message r download-and-delete vs download-and-keep in POP3 r All data communications are insecure by default Comparison with HTTP: r HTTP: pull data from web server r SMTP: push data to mail server r both have command/response interaction, status codes r HTTP: each object encapsulated in its own response msg r SMTP: multiple objects sent in one multipart msg r SMPT msg must be in 7-bit ASCII while HTTP has no restriction
2: Application Layer 23 DNS: Domain Name System People: many identifiers: SSN, name, passport # Internet hosts, routers: IP address (32 or 128 bit) - used for addressing datagrams “canonical name”, e.g., ww.yahoo.com - used by humans Q: map between IP addresses and name ? Domain Name System (DNS) is: 1- distributed database implemented in hierarchy of many name servers 2- application-layer protocol: host, routers and name servers communicate to resolve names (address/name translation). DNS protocol uses UDP transport protocol and port 53. 3- employed by other application layer protocols (HTTP, SMTP, FTP) to resolve host names.
2: Application Layer 24 DNS Why not centralize DNS? r single point of failure r traffic volume r distant centralized database r maintenance doesn’t scale! DNS services r Hostname to IP address translation r Host aliasing Canonical (actual) and alias names (user-friendly): cwis-1.wayne.edu for alias www.wayne.edu r Mail server aliasing: mail server and web server can share the same alias name. E.g. firstname.lastname@example.org, wayne.edu r Load distribution Replicated Web servers: a set of IP addresses for one canonical name. DNS returns the list of IPs for a name but rotated by 1 each time so the user can use the first listed IP.
2: Application Layer 25 Root DNS Servers (13 servers labeled A-M) com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu DNS servers yahoo.com DNS servers amazon.com DNS servers pbs.org DNS servers Distributed, Hierarchical Database Each Client uses a local DNS server that does not belong to the hierarchy: r The local DNS is usually assigned by the DHCP server as part of the temporary IP assignment (run command: “ipconfig /all” to find your local DNS server). Top-Level Domain Servers (TLDs) Authoritative DNS servers
2: Application Layer 26 DNS: Root name servers b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 17 other locations) i Autonomica, Stockholm (plus 3 other locations) k RIPE London (also Amsterdam, Frankfurt) m WIDE Tokyo a Verisign, Dulles, VA c Cogent, Herndon, VA (also Los Angeles) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD j Verisign, ( 11 locations) There are 13 root DNS server world wide that are labeled A-M: map of root DNS, as of Oct 2006.
2: Application Layer 27 TLD and Authoritative Servers r Top-level domain (TLD) servers: responsible for com, org, net, edu, etc, and all country code top-level domains (ccTLD) us, ca, in, cn, jp. Network solutions maintains servers for com TLD Educause for edu TLD r Authoritative DNS servers: organization’s with public names has DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web and mail). Can be maintained by organization or service provider
2: Application Layer 28 Local Name Server r Does not strictly belong to hierarchy r Each ISP (residential ISP, company, university) has one. Also called “default name server” r When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy, forwards query into hierarchy.
2: Application Layer 29 requesting host X Y root DNS server local DNS server 1 2 3 4 5 6 authoritative DNS server 7 8 TLD DNS server Example of Typical DNS request r Client X wants IP address for Y r Steps performed: 1- Client sends DNS request to the local DNS server to search on its behalf (recursive query) 2- local DNS contacts one of the root DNSs to resolve hostname Y. 3- root DNS returns the TLD DNS IP to local DNS 4- local DNS contacts one of the TLDs to get an Authoritative DNS nam 5- TLD returns IP of authoritative DNS to local DNS 6- local DNS contacts authoritative DNS to resolve X 7- authoritative DNS returns IP of Y 8- local DNS return IP of Y to X Query 1 is recursive Queries 2, 4 and 6 are iterative Example of recursive+iterative DNS query - typically used
2: Application Layer 30 requesting host requested host root DNS server local DNS server 1 2 4 5 6 authoritative DNS server 7 8 TLD DNS server 3 Recursive and Iterative DNS queries recursive query: r puts burden of name resolution on contacted name server r heavy load? iterative query: r reply is directly returned to requesting server r “I don’t know this name, but ask this server” Example of pure recursive DNS query - not typically used
2: Application Layer 31 DNS: caching and updating records r once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after some time TLD servers typically cached in local name servers Thus root name servers not often visited Client may also cache DNS names r update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html
2: Application Layer 32 hosts file r local file that is checked by the client DNS of the OS before sending a DNS request. It can speed the web access. r If the requested name is found in the hosts file then its corresponding IP is used. r Can be used to create custom (name-IP) entries. r File Location: windows XP: C:\WINDOWS\system32\drivers\etc most UNIX and Linux: /etc r File Structure: Example of an entry: 127.0.0.1 localhost#default entry
2: Application Layer 33 DNS records DNS: distributed db storing resource records (RR) r Type=NS name is domain (e.g. foo.com) value is hostname of authoritative name server for this domain always in non-authoritative DNSs to point to authoritative DNSs RR format: (name, value, type, ttl) r Type=A name is hostname value is IP address always in authoritative DNS may be cached in non- authoritative DNSs r Type=CNAME name is alias name for some “canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name used by all hosts r Type=MX value is name of mailserver associated with name that is usually an alias name company can have a web server and a mail server with the same alias name. e.g. [wayne.edu mail.wayne.edu, MX] TTL is time to live of the RR and determines when an RR should be removed from cache.
2: Application Layer 34 DNS records with DNS servers r Authoritative DNSs for an institution: must contain Type A RRs for the institution’s public names and IPs. may contain Type MX RRs for the institution’s public mail server names and IPs. may contain Type CNAME RRs if the institution has Canonical names for its alias names. r TLD DNSs contain Type NS RRs with each organization’s public name is mapped to its authoritative DNS server names. There is usually a primary and secondary authoritative DNS servers. contain Type A RRs with the Authoritative DNS server name and IP address.
2: Application Layer 35 DNS protocol, messages DNS protocol : query and reply messages, both with same message format msg header r identification: 16 bit #, query and reply msgs use the same # r flags: query or reply 1 bit flag recursion desired or available 1 bit reply is authoritative
2: Application Layer 36 DNS protocol, messages Name, type fields for a query RRs in response to query records for authoritative servers additional “helpful” info that may be used
2: Application Layer 37 Inserting records into DNS r Example: just created startup “Network Utopia” r Register name networkuptopia.com at a registrar (e.g., Network Solutions) Need to provide registrar with names and IP addresses of your authoritative name server (primary and secondary) Registrar inserts two RRs into the com TLD server: (networkutopia.com, dns1.networkutopia.com, NS) (dns1.networkutopia.com, 188.8.131.52, A) r Put in authoritative server Type A record for www.networkuptopia.com and Type MX record for networkutopia.com r How do people get the IP address of your Web site?
2: Application Layer 38 nslookup command and whois DB r used to displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Contacts the specified DNS server to retrieve requested records. r nslookup r Example: nslookup wayne.com r whois database can be used to locate the corresponding registrar, DNS server and IPs for a particular domain. r Only registrars accredited by the Internet Corporation for Assigned Names and Numbers (ICANN - non-profit org) are authorized to register.aero,.biz,.com,.coop,.info,.museum,.name,.net,.org, or.pro names. r.com whois database: http://www.internic.net/whois.html r.edu whois database http://whois.educause.net/index.asp r wayne.edu DNS name servers: NS.WAYNE.EDU184.108.40.206 NS2.WAYNE.EDU220.127.116.11 DNS.MERIT.NET NS2.CS.WAYNE.EDU18.104.22.168
2: Application Layer 39 DNS Vulnerabilities r DDoS bw-flooding attack against DNS server. A large scale attack on 13 DNS root servers on Oct 21, 2002 by using ICMP ping messages Block ICMP ping packets in packet filtering r DNS queries attack Hard to be filtered Mitigated by caching in local DNS servers r Man-in-the-middle attack Trick a server into bogus records into its cache Hard to implement, because it needs to intercept packets r Reflection attack on other hosts Send queries with spoofed source addr of a target server
2: Application Layer 40 DNS Summary r DNS services: Hostname to IP address translation Host aliasing, Mail server aliasing, Load distribution r DNS is hierarchical and distributed r root DNS vs TLD vs Authoritative DNS vs local DNS r recursive vs iterative DNS query r DNS cache: local server caches TLDs so that root servers are rarely visited r DNS record types: A, NS, CNAME, MX r DNS Query and Reply msg format is the same r nslookup command and the whois database r DNS vulnerabilities
2: Application Layer 41 Examples ofInternet Services r 2.1 Principles of network applications r 2.2 Web and HTTP r 2.3 FTP r 2.4 Electronic Mail SMTP, POP3, IMAP r 2.5 DNS r 2.6 P2P and File Sharing r 2.7 Socket programming with TCP r 2.8 Socket programming with UDP r 2.9 Building a Web server