Application Layer Protocols and DNS Name Resolution

Application Layer
Chapter -9 ,Unit 7
shanti verma 1
Fundamental of Networking
8/13/2014

Outline
Introduction
Domain Name System (DNS)
DNS
Registration Process
The Name servers
Resource Records
Dynamic DNS
The WWW and HTTP
HTTP Query and Response
The structure of the Query and Response
Persistent connection with HTTP 1.1
Cookies
session Variables
Proxies as gateway
The Dynamic Web
Bluetooth
Introduction
Architecture
Protocol Stack
Pairing Process
Security
8/13/2014 shanti verma 2

Introduction: Application Layer
 Application layer acts as an interface between the system and its
users.
 There is an important difference between application and application
layer.
 Browsers and FTP clients are few examples of applications that work at the application
layer.
 Applications interact with the transport layer to establish connection
with the other end of application and transfer data as per user
requirements.
 Applications are programmed to communicate with TCP or UDP to
get their job done.
 Firefox browser is application communicate with TCP.
 Application layer is the place where both the clients and servers run.
 The application layer’s job is to standardize the communication) i.e.
come out with a protocol) in a way that any arbitrary client can talk to
any arbitrary server.
 Firefox browser talks to Apache in one case and IIS in another case.
 At the application layer, the protocols are plenty and still counting.
 Transport layer has TCP and UDP, Network Layer has IP.
shanti verma 38/13/2014

Domain Name System (DNS)
 DNS is an application which a normal a normal user does
not encounter unless he uses NSLookup.
 NSLookup is an online web tool that queries the DNS to extract he IP
address of websites.
 What is need of DNS
◦ addresses are hard for people to remember
◦ sending e-mail to tana@128.111.24.41 means that if Tana's ISP or
organization moves the mail server to a different machine with a different
IP address, her e-mail address has to change
◦ Hence ASCII names were introduced
◦ Nevertheless, the network itself understands only numerical addresses
 To map a name onto an IP address,
◦ an application program calls a library procedure called the resolver, passing it the
name as a parameter.
 ** Revolvers are the routines that take queries from browser-like
applications and start querying the name servers.
◦ The resolver sends a UDP packet to a local DNS server,
◦ which then looks up the name and returns the IP address to the resolver, which then
returns it to the caller

The Domain Namespace

The Domain Namespace
 The domain namespace is the representation of domain
names as a part of hierarchy starting from the root
server.
 www.google.com is an example of domain name space.
 This name represents a hierarchy; .com is the highest level, google
comes under it and ‘www’ is at lowest level.
 The domain name either represents a bunch of
computer or single computer.
 The top-level domains come in two flavors:
◦ generic.
 com (commercial), edu (educational institutions), gov (the U.S.
Federal Government), int (certain international organizations), mil
(the U.S. armed forces), net (network providers), and org (nonprofit
organizations).
◦ Countries
 The country domains include one entry for every country, as
defined in ISO 3166.

Domain Namespace
Requirements
 Domain names are case insensitive
 Component names can be up to 63 characters long,
 full path names must not exceed 255 characters
 To create a new domain, permission is required of the domain
in which it will be included
 Efficient i.e. not take an inordinate amount of time to convert
a domain name to an IP address.
 Continue working despite break downs
 It should not introduce additional overheads to any part of the
internet by increasing the number of queries or replies in a
region.
 Information available from the nearby servers
 It should contain a few additional information like official mail
server for a specified organization, the name and mail
address of a person looking after a website etc.
 A single server can manage multiple networks.
 It should be secure enough (not provided)

DNS poisoning
When the system is poisoned with
incorrect information, the users
faithfully type the specified company’s
URL are switched to some other
place. This is known as DNS
poisoning.

Labels and Domain

Labels and Domain
 Domains are quite generic in nature.
 A domain may represent multiple sub domains and
not having any machine attached to it directly.
 For example: most of the sub domains of a top level domain
like com or org do not have any computer attached to them
directly. They are divided in to multiple sub domains.
 A domain name can be of two types:
 Fully qualified: A fully qualified name for google is
google.com. The last dot is not accidental; it represents an
empty string (root server) coming next to com.
 Partially qualified: like abciet.org (without the last dot) or
abciet can also be used if the context is clear.

Domain Hierarchy
Lower level domain are part of higher level domain. Three
different domains are shown here, the in domain, the ac.in
domain and the ABC.ac.in domain. The entire domain name
space consists of various such domains.

Advantages of Hierarchy
 Space constraint
 Processing time constraint
 Congestion near the server
 Organized form of information
 Efficient resolution of domain names
 A comparatively static database is better to be
organized this way
 Clear cut controlling infrastructure
 Delegation of authority is clearly defined
 Autonomous control

The Distributed Database
 The information about the domains are not stored
at a central location but distributed across various
servers- root servers, the TLD (Top Level Domain)
server, the Local server deployed at a specific
organizations and ISPs, and other servers in
between.
 The distributed organization is better because most
of the queries are resolved locally.
 For example: in above figure ABC server contains information
about ABC domain machines only, both of them only have
pointers to their respective sub domains.

Advantages of Distributed
database in DNS
 Load on big servers like TLD’s and root servers is
reduced to a large extent.
◦ Most of the queries in DNS are resolved with in the local
server’s scope.
 Distributed database reduces the network traffic
◦ Queries are resolved by nearby server and responses do
not have to travel long.
 No single point of failure
◦ If a few servers go dawn at the same pointy of time, most
of the internet users remain unaffected.
 Easy maintenance
◦ Maintaining a single huge data base is much more difficult
than some comparatively small-sized databases.
 Can be easily managed

For the above domain hierarchy figure
database tables are as follows
shanti verma 15
Database for ‘in’
ac Address of ac
mi
l
Address of mil
ed
u
Address of edu
… …
Database for ‘ac’
A Address of ABC
… …
Database for ‘ABC’
ict Address of ict
ibm Address of ibm
Address of
8/13/2014

Search Mechanism and Name
Resolution:
 Searching an IP address for a given domain is the most important and
most frequent operation on DNS. It is also referred as name resolution.
 The resolution process begins when a local server asks any of the
servers for the information.
 There are two ways of resolution possible in a DNS
 Recursive name resolution Method
 First, the client asks for a resolution to a name server and the name
server getting the same name by asking in the hierarchy up if it does
not contain the required value. Thus the client will get the answer
without having to ask anybody else.
 Iterative name resolution Method
 Second, when the name server does not contain the address, it passes
the address to the next level of the server and then the client contact
the server directly. Here the client must be able to send query again to
a higher level, in case the queried DNS server is unable to answer.
 DNS uses both types of name resolution. It also provides clients and
servers to negotiate about their choice of name resolution.

Recursive name resolution
method

Recursive name resolution
method
 The local machine (client) can ask for a recursive
answer from a name server. This means the revolver
expects the server to supply the final answer.
 Local machine sends the query about abcict.org.
 If the server is the authority fro the domain name, it
checks its database and responds. If not it sends the
request to another server (the parent usually) and wait
for the response.
 Local DNS server does not have the address of abcict.org so it
send request to root server and wait for request.
 If the parent is the authority, it responds; otherwise, it
sends the query to yet another server.
 Root server does not have the address of abcict so it send request
to org server.
 When the query is finally resolved, the response travels
back until it finally reaches the requesting client.

Iterative name resolution
method

Iterative name resolution
method
 If the client does not ask for recursive answer, the mapping can
be done iteratively.
 If the server (Local DNS server) is an authority for the name, it
sends the answer. If it is not, it returns to the client (local
machine) the IP address of the server (root server) that it thinks
can resolve the query.
 Local DNS server does not have the address of abcict.org so it sends IP address of
root server.
 The client (Local machine) is responsible for repeating the query
to this second server (root server).
 Root server does not have address of abcict so it sends an IP
address of org server. Now the client (Local machine) must
repeat the query to this third server (org server).
 Now an org server has an IP address of abcict so it returns an IP
address of the abcict.
 The client repeats the same query to multiple servers, that’s whyshanti verma 208/13/2014

The Zone
 What a server is responsible for, or has authority over, is
called a zone.
 If a server accepts responsibility for a domain and does not
divide the domain into smaller domains, the domain and the
zone refer the same thing.
 The server makes a database called a zone file and keeps all
the information for every node under that domain.
 If the server divides its domain into sub domains and
delegates parts of its authority to the other servers, domain
and zone refer to different things.
 The information about the nodes in the sub domains is stored
in the servers at the lower levels, with the original server
keeping some sort of reference to these lower level servers.
 A server can also divide its domain and delegate
responsibility but still keep part of the domain for it self.
 In this case, its zone is made of detailed information for the part of the
domain that is not delegated and references to those parts that are
delegated. shanti verma 218/13/2014

The Zone

The Zone
 In the figure shows one server which manages ABC.ac.in
domain also ict. ABC.ac.in, ibm. ABC.ac.in, ica. ABC.ac.in,
thus are under same zone.
 Similarly presidentofindia.nic.in, vicepresidentofindia.nic.in are
managed by nic and come under same zone.
 Nic also manages some other government websites like
dae.gov.in (department of atomic energy) and cic.gov.in
(central information commission), thus it forms a zone
managed by a different server.

The Registration Process

Contd… Registration process is required to register company or institutes and obtain a
suitable domain name.
 ICANN (Internet Corporation of Assigned Names and Numbers) makes sure that
anybody who needs a domain name gets a unique one.
 The organization that wants to act as a registrar must get an accreditation from
ICANN.
 Registrars usually charge some fees for registering a user.
 For government and educational institutes, special registrar is appointed.
 In India NIC (National Informatics Center) is the registrar for government organizations.
 ERNET (Education and Research Network) acts as a registrar for educational institutes (either ac.in
or edu.in)
 For registering a domain name, the following steps are taken:
 Get a unique domain name under your choice of domain.
 Pay a little amount of fee for registering your choice of domain name to the
registrar of your choice.
 Register your domain name first and then register your web server and also a
mail server.
 Registration involves running the primary and backup name servers. For small
organization ISPs provide their own servers for rent.
 The web and mail servers also need to be installed and running for registration.
 Additionally, ISPs usually provide an additional service of registering your domain
in search engines. shanti verma 258/13/2014

The Name Servers
Root Name servers:
 contacted by local name
server that can not resolve
name
 root name server:
◦ contacts authoritative name
server if name mapping not
known
◦ gets mapping
◦ returns mapping to local
name server
Top-level domain (TLD)
servers:
◦ responsible for com, org, net, edu,
etc, and all top-level country
domains uk, fr, ca, jp.
◦ Network Solutions maintains
servers for com TLD
◦ Educause for edu TLD
shanti verma 26
The servers that host some part of domain name hierarchy are known
as name servers.
There are three different types of name servers
Root servers
Top Level Domain (TLD) servers
Authoritative servers
8/13/2014

The Name Servers
 Authoritative DNS
servers:
◦ organization’s DNS servers,
providing authoritative
hostname to IP mappings
for organization’s servers
(e.g., Web, mail).
◦ can be maintained by
organization or service
provider
shanti verma 27
Fig: Name Servers. The ABC server can process queries from ABC.org as well as ABC.ac.in and also the domains
below them. On the contrary, large domains like ‘edu’and ‘in’ need more than one server to handle queries.
8/13/2014

Resource Records
The DNS database is stored as resource records
The resource record is a record containing five different
fields describing each of such entries.
 Domain name
◦ tells the domain to which this record applies
 Time to_live
◦ gives an indication of how stable the record is
◦ 60 to 86400
 Class
◦ Which type of info for internet always IN
 Type
◦ What kind of record this is.
 Value
◦ Value base on Type

Contd…
shanti verma 29
Type Meaning Value
A IPv4 address 32-bit value
AAAA IPv6 address 128-bit value
CNAME Canonical Name Alias name for host
PTR Pointer IP address (IPv4 or IPv6)
NS Name Server Name server(s)
SOA Start of Authority Zone name etc
MX Mail Exchanger mail server/exchanger
HINFO Host Info Optional information
SPF Sender Policy Framework Identify mail servers
TXT Text Text information
DNSKEY DNS Key Public key of domain
RRSIG R R Signature Resource Record Signature
Resource Records may be of many types. Some of the important one are listed below in
table
8/13/2014

Contd…
shanti verma 30
The file described in the table below contains few examples of resource
records.
Domain Time-to-live Class Type Value
207.118.130.194 / 24 172800 IN PTR abcict.org.
ftp.abcict.org. 172800 IN CNAME Vishwanath.abcict.org.
abcict.org. 172800 IN NS ns2.webmastersindia.com.
abcict.org. 172800 IN NS ns1.webmastersindia.com.
abcict.org. 172800 IN A 207.118.130.194
abcict.org. 172800 IN MX (10) mail.abcict.org.
172800 IN MX (20) Vishwanath.abcict.org
172800 IN MX (30) Ponting.abcict.org
mail.abcict.org. 172800 IN A 207.118.130.194
www.abcict.org. 172800 IN CNAME Ponting.abcict.org
www.abcict.org. 172800 IN CNAME abcict.org.
Ponting.abcict.org. 172800 IN A 208.118.130.194
Ponting.abcict.org. 172800 IN HINFO HP laptop with RHEL 9
Vishwanath.abcict.org. 172800 IN A 209.118.130.194
172800 IN HINFO HP I3
laser.abcict.org 172800 IN A 210.118.130.194
172800 IN HINFO The laser printer
Table: The zone files of ‘abcict’
8/13/2014

Dynamic DNS
 DDNS is a system which allows the
domain name to be updated in real
time instead of in a few days
 The most common use for this is in
allowing a domain name to be assigned
to a computer with a varying IP address
 This makes it possible for other sites on
the Internet to establish connections to
the machine without needing to track the
IP address themselves

Dynamic DNS

Why Use DDNS?
 Make your server accessible on the
Internet even though it has a dynamic
IP address
 Make your domain name point to your
PC even though its IP address
changes
 Run your own servers at home –
Internet, E-Mail, FTP

How Does DDNS Work?
 Sign up for a DDNS account
 Enter your DDNS registration
information in your router or use
DDNS client software
 Set up your router and Web service to
use the DDNS configuration

DNSSEC Mechanisms
 New Resource Records
 Setting Up a Secure Zone
 Delegating Signing Authority
35shanti verma8/13/2014

Secondary
DNS
primary
DNS
Registrars
& Registrants
Registry
Secondary
DNS
Data flow through the DNS
Where are the vulnerable
points?
Server vulnarability
Man in the Middle
spoofing
&
Man in the Middle

What does DNSSEC provide
 provides message authentication and integrity
verification through cryptographic signatures
◦ You know who provided the signature
◦ No modifications between signing and validation
 It does not provide authorization
 It does not provide confidentiality
 It does not provide protection against DDOS

WWW Background
 1989-1990 – Tim Berners-Lee invents
the World Wide Web at CERN
◦ Means for transferring text and graphics
simultaneously
◦ Client/Server data transfer protocol
 Communication via application level protocol
 System ran on top of standard networking
infrastructure
◦ Text mark up language
 Not invented by Bernes-Lee
 Simple and easy to use
 Requires a client application to render text/graphics

WWW Components
 Structural Components
◦ Clients/browsers – to dominant implementations
◦ Servers – run on sophisticated hardware
◦ Caches – many interesting implementations
◦ Internet – the global infrastructure which facilitates data
transfer
 Semantic Components
◦ Hyper Text Transfer Protocol (HTTP)
◦ Hyper Text Markup Language (HTML)
 eXtensible Markup Language (XML)
◦ Uniform Resource Identifiers (URIs)

WWW Structure
 Clients use browser application to send URIs via
HTTP to servers requesting a Web page
 Web pages constructed using HTML (or other
markup language) and consist of text, graphics,
sounds plus embedded files
 Servers (or caches) respond with requested Web
page
◦ Or with error message
 Client’s browser renders Web page returned by
server
◦ Page is written using Hyper Text Markup Language (HTML)
◦ Displaying text, graphics and sound in browser
◦ Writing data as well
 The entire system runs over standard networking
protocols (TCP/IP, DNS,…)

HTTP Request and its
Response
shanti verma 41
Web
Browser
SearchEngines
Servlet
“I want to search for
Bill Gates on Google”
“Go to Google”
“I want to search for
Bill Gates on Google”
“Your results…”
Google
8/13/2014

Client Request Data
 When a user submits a browser request to
a web server, it sends two categories of
data:
◦ Form Data: Data that the user explicitly typed
into an HTML form.
 For example: registration information.
◦ HTTP Request Header Data: Data that is
automatically appended to the HTTP Request
from the client.
 For example: cookies, browser type, etc,

Uniform Resource Identifiers
 Web resources need names/identifiers – Uniform
Resource Identifiers (URIs)
◦ Resource can reside anywhere on the Internet
 URIs are a somewhat abstract notion
◦ A pointer to a resource to which request methods can be applied
to generate potentially different responses
 A request method is eg. fetching or changing the object
 Instance: http://www.foo.com/index.html
◦ Protocol, server, resource
 Most popular form of a URI is the Uniform Resource
Locator (URL)
◦ Differences between URI and URL are beyond scope
◦ RFC 2396

HTTP Basics
 Protocol for client/server communication
◦ The heart of the Web
◦ Very simple request/response protocol
 Client sends request message, server replies with response
message
◦ Stateless
◦ Relies on URI naming mechanism
 Three versions have been used
◦ 09/1.0 – very close to Berners-Lee’s original
 RFC 1945 (original RFC is now expired)
◦ 1.1 – developed to enhance performance, caching,
compression
 RFC 2068
◦ 1.0 dominates today but 1.1 is catching up

HTTP Request Messages
 GET – retrieve document specified by URL
 PUT – store specified document under given
URL
 HEAD – retrieve info. about document specified
by URL
 OPTIONS – retrieve information about available
options
 POST – give information (eg. annotation) to the
server
 DELETE – remove document specified by URL
 TRACE – loopback request message
 CONNECT – for use by caches

HTTP Request Format
 First type of HTTP message: requests
◦ Client browsers construct and send
message
 Typical HTTP request:
◦ GET http://www.cs.wisc.edu/index.html
HTTP/1.0
shanti verma 46
request-line ( request request-URI HTTP-version)
headers (0 or more)
<blank line>
body (only for POST request)
8/13/2014

HTTP Response Format
 Second type of HTTP message: response
◦ Web servers construct and send response
messages
 Typical HTTP response:
◦ HTTP/1.0 301 Moved Permanently
Location: http://www.wisc.edu/cs/index.html
shanti verma 47
status-line (HTTP-version response-code
response-phrase)
headers (0 or more)
<blank line>
body
8/13/2014

HTTP Response Codes
 1xx – Informational – request received,
processing
 2xx – Success – action received,
understood, accepted
 3xx – Redirection – further action
necessary
 4xx – Client Error – bad syntax or cannot
be fulfilled
 5xx – Server Error – server failed

HTTP Headers
 Both requests and responses can contain a
variable number of header fields
◦ Consists of field name, colon, space, field value
◦ 17 possible header types divided into three
categories
 Request
 Response
 Body
 Example: Date: Friday, 27-Apr-01 13:30:01
GMT
 Example: Content-length: 3001

HTTP/1.0 Network Interaction
 Clients make requests to port 80 on servers
◦ Uses DNS to resolve server name
 Clients make separate TCP connection for each
URL
◦ Some browsers open multiple TCP connections
 Netscape default = 4
 Server returns HTML page
◦ Many types of servers with a variety of implementations
◦ Apache is the most widely used
 Freely available in source form
 Client parses page
◦ Requests embedded objects

HTTP/1.1 Performance
Enhancements
 HTTP/1.0 is a “stop and wait” protocol
◦ Separate TCP connection for each file
 Connect setup and tear down is incurred for each file
 Inefficient use of packets
 Server must maintain many connections in
TIME_WAIT
◦ Resulted in HTTP/1.1 specification focused on
performance enhancements
 Persistent connections
 Pipelining
 Enhanced caching options
 Support for compression

Persistent Connections and
Pipelining
 Persistent connections
◦ Use the same TCP connection(s) for transfer of
multiple files
◦ Reduces packet traffic significantly
◦ May or may not increase performance from client
perspective
 Load on server increases
 Pipelining
◦ Pack as much data into a packet as possible
◦ Requires length field(s) within header
◦ May or may not reduce packet traffic or increase
performance
 Page structure is critical

Persistent Connection

HTML Basics
 Hyper-Text Markup Language
◦ A subset of Standardized General Markup Language (SGML)
◦ Facilitates a hyper-media environment
 Embedded links to other documents and applications
 Documents use elements to “mark up” or identify
sections of text for different purposes or display
characteristics
 Mark up elements are not seen by the user when
page is displayed
 Documents are rendered by browsers
 NOTE: Not all documents in the Web are HTML!
 Most people use WYSIWYG editors (MS Word) to
generate HTML

HTML Example
shanti verma 55
<HTML>
<HEAD>
<TITLE> PB’s HomePage </TITLE>
</HEAD>
<BODY>
<CENTER><IMG SRC = “bad_picture.gif” ALT = “
“><BR></CENTER>
<P><CENTER><H1>UW Computer Science
Department</H1></CENTER>
Welcome to my goofy HomePage!
…
<A HREF = http://www.cs.wisc.edu/~pb/mydogs_page.html> Spot’s
Page </A>
</BODY>
</HTML>
8/13/2014

The structure of request and
response

Components of request and
response

Complete request structure

Complete response structure

Cookies & Sessions
 Cookies
◦ Cookies are a mechanism for storing data in
the remote browser and thus tracking or
identifying return users.
 Sessions
◦ Session support in PHP consists of a way to
preserve certain data across subsequent
accesses. This enables you to build more
customized applications and increase the
appeal of your web site.

What is a Cookie?
A cookie is a small file that the
server embeds on the user's
computer. Each time the same
computer requests for a page
with a browser, it will send the
cookie too. With PHP, you can
both create and retrieve cookie
values.

The role of cookies

How to Create a Cookie
The setcookie() function is used to
create cookies.
Note: The setcookie() function must
appear BEFORE the <html> tag.
setcookie(name, [value], [expire], [path],
[domain], [secure]);
This sets a cookie named "uname" - that expires after
ten hours.
<?php setcookie("uname", $name, time()+36000); ?>
<html> <body> …

How to Retrieve a Cookie Value
 To access a cookie you just refer to the
cookie name as a variable or use
$_COOKIE array
 Tip: Use the isset() function to find out if a
cookie has been set.
<html> <body>
<?php
if (isset($uname))
echo "Welcome " . $uname . "!<br />";
else
echo "You are not logged in!<br />"; ?>
</body> </html>

How to Delete a Cookie
 It will expire
or
 Cookies must be deleted with the
same parameters as they were set
with. If the value argument is an
empty string (""), and all other
arguments match a previous call to
setcookie, then the cookie with the
specified name will be deleted from
the remote client.

What is a Session?
 The session support allows you to
register arbitrary numbers of variables
to be preserved across requests.
 A visitor accessing your web site is
assigned an unique id, the so-called
session id. This is either stored in a
cookie on the user side or is
propagated in the URL.

How to Create a Session
The session_start() function is
used to create cookies.
<?php
session_start();
?>

How to Retrieve a Session Value
 Register Session variable
 session_register('var1','var2',...); // will also create a
session
 PS:Session variable will be created on using even if you will not
register it!
 Use it
<?php
session_start();
if (!isset($_SESSION['count']))
$_SESSION['count'] = 0;
else
$_SESSION['count']++;
?>

How to Delete a Session Value
 session_unregister(´varname´
);
How to destroy a session:
 session_destroy()

Proxy Servers
 Part of an overall Firewall strategy
 Sits between the local network and the external network
◦ Originally used primarily as a caching strategy to minimize
outgoing URL requests and increase perceived browser
performance
◦ Primary mission is now to insure anonymity of internal users
 Still used for caching of frequently requested files
 Also used for content filtering
 Acts as a go-between, submitting your requests to the
external network
◦ Requests are translated from your IP address to the Proxy’s IP
address
◦ E-mail addresses of internal users are removed from request
headers
◦ Cause an actual break in the flow of communications

TCP Connection Termination
 Both the outgoing and incoming TCP connections are
terminated
 prevents a hacker from hijacking a stale connection on a service
that is being proxied
 ex . HTTP page request
Use
r
Proxy Serve
r
request
packet
request
packet’
response packet’response
packet
Connection left open until
the proxy closes it after
receiving response packet
and sending it back to user
Connection only left open
until server closes the
connection after sending the
response packet 71shanti verma8/13/2014

Performance Aspects
 Caching
◦ By keeping local copies of frequently accessed file the proxy can
serve those files back to a requesting browser without going to
the external site each time, this dramatically improves the
performance seen by the end user
◦ Only makes sense to implement this at the ISP rather than the
small business level because of the number of pages available
◦ Because of dynamic content many pages are invalidated in the
cache right away
 Load balancing
◦ A proxy can be used in a reverse direction to balance the load
amongst a set of identical servers (servers inside the firewall and
users outside)
◦ Used especially with web dynamic content (.asp, .php,.cfm,.jsp)

Proxy Liabilities
 Single point of failure
◦ if the proxy dies , no one can get to the external network
 Client software must usually be designed to use a proxy
 Proxies must exist for each service
 Doesn’t protect the OS
◦ proxies run at the application level
 Usually optimized for performance rather than security
◦ WINGATE was installed to be easy to configure; opened a winsock
proxy to the external interface, which let hackers essentially hijack
the machine
 Create a service bottleneck
◦ solved via parallelism (more proxies, and load balance)

This Proxy designed according to the client/server-programming
model. It consists of six modules:
Architecture - Overview
• Manager - a configuration module.
• Syntaxer - responsible for HTTP support: generation,
parsing and modification of HTTP messages.
• Server - a module that interacts with proxy clients.
• Mediator - an interface layer between Server and
Client.
• Client - accepts requests from Mediator and executes
them.
• Cache - a part of mediator that keeps copies of
received data.

Architecture – Data flow diagram
PROXY
Server
Module
Client
Module
Mediator
Module
Cache
Module
User
Remote
Host
Request
Response
Request Request
Response

How Proxy works

shanti verma 77
Dynamic Web
8/13/2014

What is Bluetooth?
 A cable-replacement technology that can
be used to connect almost any device to
any other device
 Radio interface enabling electronic
devices to communicate wirelessly via
short range (10 meters) ad-hoc radio
connections
 a standard for a small , cheap radio chip
to be plugged into computers, printers,
mobile phones, etc

What is Bluetooth?
 Uses the radio range of 2.45 GHz
 Theoretical maximum bandwidth is 1
Mb/s
 Several Bluetooth devices can form an ad
hoc network called a “piconet”
◦ In a piconet one device acts as a master (sets
frequency hopping behavior) and the others as
slaves
◦ Example: A conference room with many
laptops wishing to communicate with each
other

History
 Harald Bluetooth : 10th century Danish King,
managed to unite Denmark and Norway
 Bluetooth SIG (Special Interest Group) :
◦ Founded in 1998 by : Ericsson, Intel, IBM, Toshiba
and Nokia
◦ Currently more than 2500 adopter companies
◦ Created in order to promote, shape an define the
specification and position Bluetooth in the market
place Current specification : Bluetooth 2.1

Bluetooth Architecture
 Piconet
◦ Each piconet has one master and up to 7 simultaneous
slaves
 Master : device that initiates a data exchange.
 Slave : device that responds to the master
 Scatternet
◦ Linking of multiple piconets through the master or slave
devices
◦ Bluetooth devices have point-to-multipoint capability to
engage in Scatternet communication.

Piconet
 All devices in a piconet hop together
◦ Master gives slaves its clock and device ID
 Non-piconet devices are in standby
MS
S
S
P
P
SB
SB
M=Master P=Parked
S=Slave SB=Standby

Scatternet
 Devices can be slave in one piconet and master
of another
MS
S
SP
P
SB
SB
M
S
S
SB
P

Physical links
 Between master and slave(s), different
types of links can be established. Two link
types have been defined:
◦ Synchronous Connection-Oriented (SCO) link
◦ Asynchronous Connection-Less (ACL) link

Physical links
 Synchronous Connection Oriented (SCO)
◦ Support symmetrical, circuit-switched, point-to-point
connections
◦ Typically used for voice traffic.
◦ Data rate is 64 kbit/s.
 Asynchronous Connection-Less (ACL)
◦ Support symmetrical and asymmetrical, packet-
switched, point-to-multipoint connections.
◦ Typically used for data transmission .
◦ Up to 433.9 kbit/s in symmetric or 723.2/57.6 kbit/s in
asymmetric

Bluetooth Protocol Stack
Bluetooth Radio
Baseband
LMP
L2CAP
Audio
RFCOMM
PPP
IP
UDP TCP
WAP
WAE
OBEX
vCard/vCal
AT-
Commands
TCS BIN
Host Controller Interface (HCI)
Bluetooth Core Protocol
Adopted Protocol
Cable Replacement Protocol
SDP
Telephony Protocol

 Bluetooth Radio : specifics details of the air interface,
including frequency, frequency hopping, modulation
scheme, and transmission power.
 Baseband: concerned with connection establishment
within a piconet, addressing, packet format, timing and
power control.
 Link manager protocol (LMP): establishes the link
setup between Bluetooth devices and manages ongoing
links, including security aspects (e.g. authentication and
encryption), and control and negotiation of baseband
packet size

 Logical link control and adaptation protocol
(L2CAP): adapts upper layer protocols to the baseband
layer. Provides both connectionless and connection-
oriented services.
 Service discovery protocol (SDP): handles device
information, services, and queries for service
characteristics between two or more Bluetooth devices.
 Host Controller Interface (HCI): provides an interface
method for accessing the Bluetooth hardware
capabilities. It contains a command interface, which acts
between the Baseband controller and link manager

 TCS BIN (Telephony Control Service): bit-oriented
protocol that defines the call control signaling for the
establishment of voice and data calls between Bluetooth
devices.
 OBEX(OBject EXchange) : Session-layer protocol for the
exchange of objects, providing a model for object and
operation representation
 RFCOMM: a reliable transport protocol, which provides
emulation of RS232 serial ports over the L2CAP protocol
 WAE/WAP: Bluetooth incorporates the wireless application
environment and the wireless application protocol into its
architecture.

Connection Establishment States
 Standby
◦ State in which Bluetooth device is inactive, radio not
switched on, enable low power operation.
 Page
◦ Master enters page state and starts transmitting paging
messages to Slave using earlier gained access code
and timing information.
 Page Scan
◦ Device periodically enters page state to allow paging
devices to establish connections.

Connection Establishment States
 Inquiry
◦ State in which device tries to discover all Bluetooth
enabled devices in the close vicinity.
 Inquiry scan
◦ Most devices periodically enter the inquiry scan state
to make themselves available to inquiring devices.

Inquiry and Page
Inquiry
Page
Inquiry
scan
Master
response
Inquiry
response
Page
scan
Slave
response
Connection Connection
(1) ID packet (Broadcast)
(2) FHS packet
(4) ID packet
(6) ID packet
(7) ID packet
Standby Standby
Master Slave

Bluetooth Security
 There are three modes of security for Bluetooth
access between two devices.
◦ non-secure
◦ service level enforced security
◦ link level enforced security
 Device security level
◦ Trusted
◦ untrusted
 Service security level
◦ Authorization and Authentication
◦ Authentication only
◦ Open to all devices

Bluetooth Security
 The following are the three basic security
services specified in the Bluetooth standard:
◦ Authentication
 verifying the identity of communicating devices. User
authentication is not provided natively by Bluetooth.
◦ Confidentiality
 preventing information compromise caused by eavesdropping
by ensuring that only authorized devices can access and view
data.
◦ Authorization
 allowing the control of resources by ensuring that a device is
authorized to use a service before permitting it to do so.

THANK YOU

Application Layer Protocols and DNS Name Resolution

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (8)

Similaire à Application Layer Protocols and DNS Name Resolution

Similaire à Application Layer Protocols and DNS Name Resolution (20)

Dernier

Dernier (20)

Application Layer Protocols and DNS Name Resolution