UNIT-5

Application Layer
[Link]
Kongu Engineering College
TELNET (TErminaL NETwork)
Introduction
• Provides remote login access to another computer over the Internet.
• Sends plain text (including password) – vulnerable to eavesdropping.
• Replaced mostly by SSH (Secure Shell).
• Local vs. Remote Logging
• Local Logging:
• Keystrokes handled by the local OS.
• Remote Logging:
• Keystrokes go to TELNET client → transformed into NVT (Network Virtual Terminal) format → sent
over TCP/IP to server.
• On the Server:
• TELNET server receives NVT characters → converts them to server-understandable form → passed to
OS via pseudoterminal driver.
Introduction
Network Virtual Terminal (NVT)
• A standardized character set used for TELNET communication.
• Client Side:
• TELNET client translates local characters (commands/data) → NVT format
• Sends NVT-formatted characters to the network.
• Server Side:
• TELNET server receives NVT characters → converts them into the remote system’s native format.
• A pseudoterminal driver tricks the OS into thinking input is from a real terminal.
• Handles heterogeneity among client and server systems.
• Two 8-bit character sets:
• Data Characters: 7-bit ASCII + leading 0
• Control Characters: 7-bit ASCII + leading 1
• Options: Options are extra features available to a user with a more sophisticated
terminal
• User Interface: The operating system (UNIX, for example) defines an interface with
user-friendly commands.
Network Virtual Terminal (NVT)
SECURE SHELL (SSH)
Introduction
• SSH provides secure remote access and other services like file transfer.
• Originally built to replace TELNET, which transmits data (like passwords) in
plaintext.
• Current standard: SSH-2 (SSH-1 is outdated due to vulnerabilities).
• SSH operates at the application layer and consists of three major components:
SSH Components
SSH Components
• SSH Transport-Layer Protocol (SSH-TRANS)
• Objective: Establish a secure and encrypted channel over TCP.
• Starts with a regular TCP connection (insecure).
• Then upgrades to a secure session by exchanging cryptographic keys and algorithms.
• SSH Authentication Protocol (SSH-AUTH)
• Objective: Authenticate the client to the server after the secure channel is created.
• Similar to SSL/TLS client authentication.
• Process:
• Client sends a request with: username, authentication method, etc.
• Server replies with success or failure.
• If failed, client retries with new credentials or methods.
• Authentication Methods may include:
• Passwords, Public Key Authentication, Kerberos, Host-based authentication
SSH Components
• SSH Connection Protocol (SSH-CONN)
• Objective:
• Create multiple logical sessions over a single secure channel.
• Key Feature: Multiplexing
• One physical SSH connection can host multiple parallel channels, each used for:
• Remote logging
• File transfer (SCP, SFTP)
• Port forwarding (Tunneling)
• Executing commands
SSH- Applications
• SSH for Remote Logging
• SSH for File Transfer
• Port Forwarding
• SSH port forwarding (also known as SSH tunneling) allows insecure application protocols
(like TELNET, FTP, or SMTP) to send and receive data securely through a secured SSH
channel.
• It encapsulates or tunnels the insecure protocol’s messages inside SSH’s encrypted
connection.
DOMAIN NAME SYSTEM (DNS)
Introduction
• Domain Name System (DNS) is a fundamental client-server application in the TCP/IP
protocol suite
• Designed to map human-friendly domain names to machine-readable IP addresses
• DNS uses a distributed database system, where DNS servers located globally help in
resolving domain names by collaborating with one another.
• When a user tries to access a service (like a file transfer server) using a domain name,
the system follows these six steps:
1. User inputs the host name into the application (e.g., file transfer client).
2. The application forwards the name to the local DNS client (also called resolver).
3. The DNS client queries a known DNS server.
4. The DNS server responds with the corresponding IP address.
5. The DNS client forwards the IP address to the application.
6. The application uses the IP address to contact the desired server.
• This means two connections are typically needed:
1. One between DNS client and server (for name resolution).
2. One between client application and target server (for actual data transfer).
Introduction
Name Space
• A hierarchical collection of domain names that forms the structure of the Internet's
naming system.
• It's like an inverted tree, with the root at the top and different levels of domains
branching down from there.
• This structure allows for the unique identification of every device and resource on the
internet using human-readable domain
• Flat Name Space
• Names are simple strings without hierarchy (e.g., just caesar).
• Cannot scale well in large systems like the Internet, as it requires centralized control to ensure
uniqueness.
• There’s no subdivision like .com, .org, or .edu.
• Hierarchical Name Space
• Names are structured in parts (e.g., [Link]).
• Decentralized control: central authority assigns top levels (e.g., .com, .org), and lower levels are
managed by organizations.
• Ensures global uniqueness while allowing local flexibility
Name Space
• Domain Name Space and Structure
• The domain name space is a hierarchical, tree-like structure called an inverted tree,
where:
• The root is at the top (level 0), and branches go downward.
• Maximum 128 levels (0–127).
• Each node has a label (max 63 characters).
• Each full domain name (FQDN) is a sequence of labels separated by dots, ending in a dot (e.g.,
[Link].).
• FQDN (Fully Qualified Domain Name):
• Ends with a dot (.) representing the root.
• E.g., [Link].
• PQDN (Partially Qualified Domain Name):
• Doesn’t end with a dot; used for local or relative naming.
• E.g., mail within the [Link] domain.
• A domain is any subtree of the domain name space, and each domain can have
subdomains.
Name Space
•D
Name Space
• Distribution of Name Space
• It’s impractical for a single server to store all name-to-address mappings:
• Would be too slow and unreliable.
• Could crash under heavy global usage.
• Solution: Distributed DNS servers arranged in a hierarchical structure:
• Each server is authoritative for a specific part (domain/subdomain).
• The root server directs queries to top-level domain (TLD) servers (like .com, .edu).
• TLD servers direct to organization-specific servers (like [Link]), and so on.
• This design improves scalability, efficiency, and fault tolerance.
• Domain vs. Zone
• Domain:
• A domain is a subtree in the DNS hierarchy.
• It represents a segment or section of the DNS name space.
• The name of the domain corresponds to the top node in the subtree.
• Zone:
• A zone is a contiguous part of the domain name space for which a DNS server has authority.
• If a server delegates part of its domain to another server, it has a zone for the portion it manages, but
the delegated portions are other zones.
Name Space
Example:
If a DNS server manages the [Link] domain, it
may delegate [Link] to another server.
Thus, [Link] is a zone, and [Link] is a
subdomain with its own zone.
Name Space
• Distribution of Name Space:
• Having a single point of failure would impact global accessibility.
• To address this, the name space is distributed across multiple DNS servers globally, reducing the
load on individual servers and ensuring redundancy.
• Root Servers:
• Root Servers are the top-most DNS servers that store information about the entire domain name
space and delegate queries to TLD (Top-Level Domain) servers.
• Root servers do not store domain-specific data but instead direct requests to the correct TLD
servers.
• There are 13 root servers distributed globally, each named from [Link] to [Link]-
[Link]. They know how to route queries for domains like .com, .org, .in, etc.
• Primary and Secondary Servers:
• Primary Server:
• This is the authoritative DNS server that stores the original copy of the zone file.
• It is responsible for creating, maintaining, and updating the zone file.
• Example: [Link] might be the primary server for the [Link] domain.
• Secondary Server:
• This server holds a copy of the zone file and ensures redundancy.
• Simply gets updates from the primary server when necessary.
• Example: [Link] might be the secondary server for the same domain.
Name Space
• Hierarchical DNS Server Structure:
• DNS servers are organized in a hierarchy to distribute the load of handling requests and
zones.
• Each level of the hierarchy is responsible for different parts of the DNS space.
• Root Servers are at the top, directing queries to TLD servers.
• TLD Servers handle the top-level domains such as .com, .org, etc.
• Authoritative Servers are responsible for specific domains like [Link].
• Xample: If a user tries to access [Link], the query first reaches the root server,
then the .in TLD server, and finally the authoritative server for [Link].
DNS in the Internet
• Generic Domains (gTLDs): Organized by the type or purpose of the organization
(e.g., commercial, educational, governmental).
DNS in the Internet
• Country Domains (ccTLDs): Two-letter codes representing countries (e.g., .us,
.in, .uk).
Resolution
• Name-Address Resolution
• DNS maps domain names to IP addresses or vice versa, a process known as name-
address resolution.
• It works as a client-server application where the resolver (DNS client) communicates with
DNS servers to obtain the required mapping.
• Types of Resolution
• Recursive Resolution:
• In recursive resolution, the resolver queries multiple servers on behalf of the client, with each server
either resolving the query or referring to another server until the final answer is found.
• Iterative Resolution:
• In iterative resolution, each DNS server provides a referral to the next server that might know the
answer.
• The resolver ultimately communicates directly with the final server to get the answer.
Registrars
• Commercial entities accredited by ICANN (Internet Corporation for Assigned
Names and Numbers) that handle the creation of new domain names.

Dynamic DNS (DDNS)

• Dynamic Domain Name System (DDNS) is an extension of the traditional DNS
that allows for automatic updates to DNS records in real-time.
• It is useful for situations where the IP addresses of hosts change frequently,
such as with dynamic IP addressing
Network Management
Introduction
• Network management refers to monitoring, testing, configuring, and
troubleshooting network components to meet the organization’s quality of
service (QoS) goals.
• It involves a combination of hardware, software, and human resources.
Introduction
• Configuration Management
• Maintains information about network devices and their settings, and updates them as changes
occur.
• Reconfiguration
• Hardware: Replacement or relocation of devices (manual).
• Software: Updates or installations (can be automated).
• User-Accounts: Changing user roles and privileges (partially automatable).
• Example: At a university, students are added with group-based permissions.
• Documentation
• Hardware: Includes maps and detailed specifications.
• Software: Type, version, install date, and license.
• User Accounts: Access rights, file privileges, group membership
• Fault Management
• Detects and resolves network malfunctions to minimize downtime.
• Reactive Fault Management
• Detect Fault: Identify the fault (e.g., cable cut).
• Isolate Fault: Limit impact and notify users.
• Correct Fault: Repair or replace components.
• Record Fault: Log details for future reference.
• Proactive Fault Management
• Prevent failures by identifying recurring issues or replacing aging hardware.
Introduction
• Performance Management
• Ensures the network runs efficiently by monitoring:
Metric Description
[Link] Avoid overloading (e.g., too many devices).
[Link] Internal and external data flow.
[Link] Data handled by devices/sections of network.
[Link] Time Time taken to fulfill a user request.
• Security Management
• Controls access to the network using policies.
• Implements encryption and authentication to ensure data privacy and secure access.
• Accounting Management
• Tracks resource usage per user, department, or project.
• Used for charging, planning, and ensuring fair use of network resources.
Introduction
Introduction
Introduction
Introduction
Introduction
Introduction
Introduction
Introduction
Introduction
Introduction
Introduction
Introduction