Network Applications Essentials

Cheatsheet Content

1. Application Layer Topmost layer of the TCP/IP reference model. Provides services to the user. Establishes an imaginary direct connection between two application layers for communication. Application Layer Paradigms Client-Server Paradigm: Clients (e.g., web browsers, email clients) request services from a central server. Server listens for requests, processes them, and sends responses. Examples: Web (HTTP), FTP, Email (SMTP/POP3/IMAP). Peer-to-Peer (P2P) Paradigm: Each host can act as both a client and a server. Peers communicate directly with each other without a central server. Examples: File sharing, some VoIP applications. 2. Domain Name System (DNS) Hierarchical and distributed naming system. Translates human-readable domain names (e.g., example.com ) into numerical IP addresses (e.g., 192.0.2.1 ). Ensures requests reach the correct server by resolving the domain to its IP address. DNS Lookup Process User types a domain name (e.g., example.com ) into a web browser. DNS recursive resolver receives the query. Resolver queries a DNS root nameserver ( . ). Root server responds with the address of the Top-Level Domain (TLD) DNS server (e.g., for .com ). Resolver queries the TLD server. TLD server responds with the IP address of the domain's authoritative nameserver (e.g., for example.com ). Resolver queries the authoritative nameserver. Authoritative nameserver returns the IP address for example.com to the resolver. Resolver returns the IP address to the web browser, which then connects to the server. Types of DNS Servers DNS Recursor (Recursive Resolver): First stop in a DNS query, acts as a middleman. Root Name Server: Top of the DNS hierarchy, reference point for all domain name lookups. TLD Name Server: Stores information for specific top-level domains (.com, .org, .net, etc.). Generic TLDs (gTLDs): .com, .net, .org. Country-Code TLDs (ccTLDs): .us, .uk, .jp. Sponsored TLDs (sTLDs): .edu, .gov. Authoritative Name Server: Holds the DNS records (final answer) for a specific domain. 3. Traditional Applications 3.1. Telnet (TErminaL-NETwork) Old network protocol for remote control of computers via a command-line interface. Client-server model: Telnet client connects to a Telnet server. Uses TCP connection on port 23 . Text-oriented protocol, no graphical user interface. Platform-independent. 3.2. File Transfer Protocol (FTP) Standard network protocol for transferring files between client and server. Uses a client-server model. Employs two separate TCP connections: Control Connection: Carries commands and replies (on port 21 ). Data Connection: Transmits actual files (on port 20 ). Standard FTP does not encrypt data (vulnerable to eavesdropping). Secure alternatives: SFTP, FTPS. FTP Basic Commands Connection/Disconnection File Transfer Directory Management open [hostname_or_ip_address] get [remote_file] [local_file] cd [remote_directory] user [username] put [local_file] [remote_file] pwd pass [password] ls or dir bye or quit mkdir [directory_name] close or disconnect rmdir [directory_name] delete [file_name] FTP Response Codes Category Code Range Examples Positive Completion 2xx 200 Command okay , 226 Closing data connection , 230 User logged in Positive Intermediate 3xx 331 User name okay, need password Transient Negative Completion 4xx 425 Can't open data connection , 450 Requested file action not taken Permanent Negative Completion 5xx 500 Syntax error , 501 Syntax error in parameters , 530 Not logged in 3.3. Email Protocols Standard methods for exchanging information between email clients and servers. User Agent (UA): Software (email client) for composing, reading, replying, forwarding messages. Mail Transfer Agent (MTA): Transfers mail between systems (uses SMTP). Mail Access Agent (MAA): Retrieves messages from a server using POP3 or IMAP. Key Email Protocols Simple Mail Transfer Protocol (SMTP): Application-layer protocol for sending emails across the internet. Uses a client-server model. Establishes TCP connection on port 25 . A "push" protocol: client pushes messages to the server. Phases: Connection Establishment, Message Transfer, Connection Termination. Post Office Protocol 3 (POP3): Allows clients to receive and download emails from a server. Typically deletes emails from the server after download. Internet Message Access Protocol (IMAP): Allows clients to receive and manage emails on the server. Emails remain on the server, allowing access from multiple devices. 3.4. Multipurpose Internet Mail Extensions (MIME) Standard that expands email to send and receive non-text content (images, audio, video) along with text. Works with SMTP to enable attachments and rich content. Transforms non-ASCII data to NVT ASCII for transmission, and back to original at receiving end. MIME Header Fields MIME-Version: Defines the MIME version (current: 1.1). Content-Type: Defines the type of data in the message body (e.g., image/jpeg , text/html , video/mp4 ). Content-Transfer-Encoding: Defines how messages are encoded into 0s and 1s for transport. Encoding types: 7-bit, 8-bit, Binary, Base64, Quoted-printable. Content-ID: Uniquely identifies the message in a multiple message environment. Content-Description: Defines whether the body is image, audio, or video. 4. World Wide Web (WWW) Distributed client-server service, a system of interlinked hypertext documents and resources. Invented by Tim Berners-Lee in 1989. Uses URLs and HTTP to connect users to websites via web browsers. Web pages are distributed globally and linked together. Key Components & Concepts Hypertext: System of links connecting documents, allowing navigation between web pages. Web Browser: Software applications (Chrome, Firefox, Safari) used to access and view websites. Uniform Resource Locator (URL): Unique address for each web resource. Structure: PROTOCOL://HOST:PORT/PATH Example: https://www.google.com/search?q=cheatsheet WWW Document Categories Static Documents: Pre-written HTML documents stored on a server, delivered as-is to the client. Dynamic Documents: Generated by server-side scripts (e.g., PHP, Python, Node.js) in response to client requests. Active Documents: Contain client-side scripts (e.g., JavaScript, applets) that run on the client's browser. 5. Hypertext Transfer Protocol (HTTP) Protocol enabling communication between web servers and clients. Web server uses port 80 , web client uses a temporary port. Uses TCP services. Supports multiple request/reply exchanges over a single TCP connection. Prior to HTTP/1.1, used non-persistent connections; persistent connections are default in HTTP/1.1 and later. Latest version: HTTP/3 (released 2022), uses QUIC (Quick UDP Internet Connection) to reduce latency and improve speed. HTTP Message Formats Request Message (Client to Server): Request Line: METHOD URL VERSION (e.g., GET /index.html HTTP/1.1 ) Header Lines: Key-value pairs providing additional info (e.g., Host: example.com , User-Agent , Accept ). Body: Optional, contains data for methods like POST (e.g., form data). Response Message (Server to Client): Status Line: VERSION STATUS_CODE PHRASE (e.g., HTTP/1.1 200 OK ) Header Lines: Key-value pairs (e.g., Content-Type: text/html , Content-Length ). Body: Contains the requested resource (e.g., HTML content, image data). HTTP Methods Method Action GET Requests a document from the server. HEAD Requests information about a document but not the document itself. POST Sends some information (e.g., form data) from the client to the server. PUT Sends a document from the client to the server (e.g., to create/update a resource). TRACE Echoes the incoming request. DELETE Removes the web page or resource. CONNECT Reserved (used for tunneling). OPTIONS Inquires about available options for a resource. HTTP Status Codes (Common) 200 OK: Request succeeded, information returned. 301 Moved Permanently: Resource has been permanently moved. 302 Moved Temporarily: Resource has been temporarily moved. 400 Bad Request: Server could not understand the request. 401 Unauthorized: Request lacks proper authentication. 404 Not Found: Requested document does not exist. 500 Internal Server Error: Generic server-side error. 505 HTTP Version Not Supported: Server does not support the requested HTTP version. HTTP Request Header Fields Header Description User-agent Identifies the client program (browser). Accept Specifies media formats the client can accept. Accept-charset Specifies character sets the client can handle. Accept-encoding Specifies encoding schemes the client can handle. Accept-language Specifies languages the client can accept. Authorization Contains client's authentication credentials. Host Specifies the domain name of the server. Date Date and time of the request. Upgrade Specifies preferred communication protocol for upgrade. Cookie Sends stored cookies to the server. If-Modified-Since Conditional request; only return if modified since date. HTTP Response Header Fields Header Description Date Date and time of the response. Upgrade Specifies preferred communication protocol for upgrade. Server Information about the server software. Set-Cookie Instructs the client to store a cookie. Content-Encoding Specifies the encoding scheme of the body. Content-Language Specifies the language of the content. Content-Length Size of the response body in bytes. Content-Type Media type of the response body (e.g., text/html ). Location Used for redirection (e.g., with 3xx status codes). Accept-Ranges Indicates if the server accepts byte-range requests. Last-modified Date and time the resource was last modified. 6. Hypertext Transfer Protocol Secure (HTTPS) Secure, encrypted version of HTTP. Uses Transport Layer Security (TLS) to encrypt data. Ensures sensitive information (passwords, credit cards) is protected. URL starts with https:// and often shows a padlock icon. Uses port 443 (HTTP uses port 80). HTTP vs. HTTPS Feature HTTP HTTPS URL Prefix http:// https:// Port Used 80 443 Security No encryption, vulnerable. Uses TLS/SSL for encryption, secure. Layer Application Layer Works at Transport Layer (with TLS). Speed Generally faster due to less overhead. Slightly slower due to encryption/decryption overhead. Data Integrity No data integrity check. Ensures data integrity (data not tampered with).