Chapter 10:

Application Layer

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
 10.1 Application Layer Protocols
10.2 Well-Known Application
Layer Protocols and Services

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Application Layer
▪ The application layer is closest to the end user.
▪ Network applications enable users to send and receive data with ease.
▪ The application layer acts as interface between the applications and the
underlying network.
▪ Application layer protocols help
exchange data between programs
running on the source and
destination hosts.
▪ The TCP/IP application layer
performs the functions of the upper
three layers of the OSI model.
▪ Common application layer protocols
include: HTTP, FTP, TFTP, DNS.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Presentation and Session Layer
▪ The presentation layer has three primary functions:
o Format data
o Compress data
o Encrypt data
▪ Common standards for video include QuickTime and Motion Picture
Experts Group (MPEG).
▪ Common graphic image formats are:
• Graphics Interchange Format (GIF)
• Joint Photographic Experts Group (JPEG)
• Portable Network Graphics (PNG) format

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Presentation and Session Layer (cont.)
▪ The session layer creates and maintains dialogs between source and
destination applications.
▪ The session layer handles the exchange of information to initiate
dialogs, keep them active, and to restart sessions that are disrupted or
idle for a long period of time.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
TCP/IP Application Layer Protocols
▪ TCP/IP application protocols specify the format and control information
necessary for common Internet functions.
▪ Application layer protocols must be implemented in both the source and
destination devices.
▪ Application layer protocols implemented on the source and destination
host must be compatible to allow communication.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Client-Server Model
▪ The device requesting the information is called a client.
▪ The device responding to the request is called a server.
▪ Client and server processes are considered to be in the application layer.
▪ The client initiates the exchange by requesting data from the server.
▪ The server responds by sending one
or more streams of data to the client.
▪ Application layer protocols describe
the format of the requests and
responses between clients and
servers.
▪ The contents of the data exchange
will depend of the application in use.
▪ Email is an example of a
Client-Server interaction.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Peer-to-Peer Networks
▪ In the peer-to-peer (P2P) networking model, the data is accessed
without the use of a dedicated server.
▪ Two or more computers can be connected to a P2P network to share
resources.
▪ Every connected end device (a peer) can function as both a server and
a client.
▪ The roles of client and
server are set on a per
request basis.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
 Upon completion of this section, you should be able to:
• Explain how web and email protocols operate.

• Explain how the IP addressing protocols operate.

• Explain how file transfer protocols operate.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Hypertext Transfer Protocol and Hypertext
Markup Language
▪ A web address or uniform resource locator (URL) is a reference to a web
server. A URL allows a web browser to establish a connection to that web
server.
▪ URLs and Uniform Resource Identifier (URIs) are the names most people
associate with web addresses.
▪ The URL http://cisco.com/index.html has three basic parts:
o http (the protocol or scheme)
o www.cisco.com (the server name)
HTTP Protocol Step 1
o index.html (the specific filename requested)
▪ Using DNS, the server name portion of
the URL is then translated to the
associated IP address before the server
can be contacted.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Hypertext Transfer Protocol and Hypertext
Markup Language (cont.) HTTP Protocol Step 2
▪ The browser sends a GET request
to the server’s IP address and asks
for the index.html file.
▪ The server sends the requested file
to the client.
▪ The index.html was specified in
the URL and contains the HTML
code for this web page.
HTTP Protocol Step 3
▪ The browser processes the HTML
code and formats the page for the
browser window based on the code
in the file.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
HTTP and HTTPS
▪ HTTP
o Is a request/response protocol.
o Has three common message types: GET, POST, PUT.
o Is not secure. Messages can be intercepted.
▪ HTTPS uses authentication and
encryption to secure data.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Email Protocols
▪ Email is a store-and-forward method of sending,
storing, and retrieving electronic messages.
▪ Email messages are stored in databases on mail
servers.
▪ Email clients (MUA) communicate with mail
servers to send and receive email.
▪ Mail servers communicate with other
mail servers (MTA, MDA) to transport messages
from one domain to another.
▪ Email clients do not communicate
directly when sending email.
▪ Email relies on three separate protocols
for operation: SMTP (sending),POP (retrieving),
IMAP (retrieving).

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
SMTP Operation
▪ SMTP message formats require a message header and body.
▪ The body can contain any amount of text.
▪ The header must have a properly formatted recipient email address and a
sender address.
▪ An SMTP client sends an email by
connecting to a SMTP server on
port 25.
▪ The server receives the message and
stores it message in a local mailbox or
relays the message to another mail server.
▪ Users use email clients to retrieve messages
stored on the server.
▪ IMAP and POP are two protocols commonly
used by email clients to retrieve messages.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
POP Operation
▪ Messages are downloaded from the server to the client.
▪ The server listens on port 110 TCP for client requests.
▪ Email clients direct their POP requests to mail servers on port TCP 110.
▪ The POP client and server exchange commands and responses until
the connection is closed or aborted.
▪ POP allows for email messages
to be downloaded to the client’s
device (computer or phone) and
removed from the server.
▪ There is no centralized location
where email messages are kept.
▪ A downloaded message resides on
the device that triggered the download.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
IMAP Operation
▪ IMAP is another protocol used to retrieve email messages.
▪ Allows for messages to be displayed to the user rather than downloaded.
▪ The original messages reside on the server until manually deleted by the
user.
▪ Users view copies of the messages in their email client software.
▪ Users can create a folder hierarchy on
the server to organize and store mail.
▪ That file structure is displayed on the
email client.
▪ When a user decides to delete a message,
the server synchronizes that action and
deletes the message from the server.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
MUA, MDA, MTA
▪ Mail User Agent (Client)
▪ Mail Delivery Agent ( Same domain)
▪ Mail Transfer Agent (if different domain)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Domain Name Service
▪ While IP addresses are crucial for network communication, they are not
easy to memorize.
▪ Domain names are created to make server addresses more user-
friendly.
▪ Domain names such as http://www.cisco.com are user-friendly
addresses associated with the IP address of a specific server.
▪ However, computers still need the actual numeric address before they
can communicate.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Domain Name Service (cont.)
▪ The DNS protocol allows for the
dynamic translation of a domain
name into the correct IP address.
▪ The DNS protocol messages
DNS query
DNS query response

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
DNS Message Format
▪ DNS supports different types of records. Some of these record types are:
o A - An end device IPv4 address
o NS - An authoritative name server
o AAAA - An end device IPv6 address (pronounced quad-A)
o MX - A mail exchange record
▪ DNS servers will first look at its own records to resolve the name. If the server is
unable to resolve the name using its locally stored records, it relays the query to
other servers.
▪ The response is then forwarded to
the requesting client.
▪ The DNS Client service on Windows
PCs also stores previously resolved
names in memory.
▪ ipconfig /displaydns displays all of
the cached DNS entries on Windows.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
DNS Hierarchy
▪ The DNS protocol uses a hierarchical system, with the root at the top
and branches below. The naming structure is broken down into small,
manageable zones.
▪ Each DNS server is only responsible for managing name-to-IP
mappings for that small portion of the DNS structure.
▪ Requests for zones not stored in a specific DNS server are forwarded to
other servers for translation.
▪ Top-level domains represent either the type
of domain or the country of origin.
Examples of top-level domains are:
o .com - a business or industry
o .org - a non-profit organization
o .au - Australia
o .co - Colombia

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
The nslookup Command
▪ Allows the user to manually place DNS queries.
▪ It can also be used to troubleshoot name resolution issues.
▪ Has many options available for extensive testing and verification of the
DNS process.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Dynamic Host Configuration Protocol
▪ Computers need network addresses to communicate over a network.
▪ Additional crucial information includes gateway address, subnet mask,
and DNS server.
▪ Manually configuring end devices is not scalable. DHCP allows for
automated distribution of network information.
▪ DHCP-distributed addresses are
leased for a set period of time.
▪ Addresses are returned to the pool
for reuse when no longer in use.
▪ DHCP supports IPv4 and DHCPv6
supports IPv6.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
DHCP Operation
▪ A DHCP client goes through the following basic steps to request an IP:
o The client broadcasts a DHCPDISCOVER.
o A DHCP server replies with a DHCPOFFER message
o The client sends a DHCPREQUEST message to the server it wants
to use (in case of multiple offers).
▪ A client may also choose to request an address that it had previously
been allocated by the server.
▪ The server returns a DHCPACK
message to confirm the lease has
been finalized.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
DHCP Operation (cont.)
▪ The server would respond with a DHCPNAK if the offer is no longer
valid
▪ Leases must be renewed before its expiration through another
DHCPREQUEST.
▪ DHCPv6 has a similar set of messages:
o SOLICIT
o ADVERTISE
o INFORMATION REQUEST
o REPLY

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
File Transfer Protocol
▪ FTP was developed to allow the transfer of files over the network.
▪ An FTP client is an application that runs on a client computer used to
push and pull data from an FTP server.
▪ FTP requires two connections between the client and the server: one
connection for commands and replies and another connection for the
actual file transfer.
▪ The client initiates and establishes the
first connection to the server for control
traffic on TCP port 21.
▪ The client then establishes the second
connection to the server for the actual
data transfer on TCP port 20.
▪ The client can download (pull) data from
the server or upload (push) data to the server.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
FTP commands
▪ To upload file into server, the command put is used
▪ To download file from server, the command get is used.

▪ Example.

▪ put abc.txt
▪ get xyz.txt

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
Secure protocols
▪ FTP is not a secure protocol. Transmission is not encrypted
▪ Login and password can be seen if the packets are intercepted in the
network.
▪ Contents of the file transferred can also be seen.
▪ FTP now is replaced by a more secured protocol called SFTP (Secure
FTP) and also SSH (Secure Shell).
▪ These protocols are secured as transmissions are encrypted.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36