Internet Protocol Analysis/Application Layer
This lesson introduces the Application layer and looks at a variety of application-layer protocols. Activities include using Wireshark to examine Hyper Text Transfer Protocol (HTTP), HTTP Secure (HTTPS), and Simple Mail Transfer Protocol (SMTP) network traffic.
Readings
editMultimedia
editActivities
edit- Review Wireshark: Hyper Text Transfer Protocol (HTTP).
- Use Wireshark to capture and analyze Hypertext Transfer Protocol (HTTP) traffic.
- Review Wireshark: SSL.
- Use Wireshark to capture and analyze HTTP Secure (HTTPS) traffic.
- Review Wireshark: Simple Mail Transfer Protocol (SMTP).
- Use Wireshark to capture and analyze Simple Mail Transfer Protocol (SMTP) traffic.
- Consider situations in which a packet analyzer might be used to troubleshoot application layer traffic.
- Use Mozilla Thunderbird as local email client.
Lesson Summary
edit- The application layer is an abstraction layer reserved for communications protocols and methods designed for process-to-process communications across an Internet Protocol (IP) computer network.[1]
- Application layer protocols use the underlying transport layer protocols to establish host-to-host connections.[2]
- The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.[3]
- HTTP functions as a request-response protocol in the client-server computing model.[4]
- HTTP uses TCP as its transport protocol and servers listen on port 80 by default.[5]
- HTTP defines methods that may be performed on the desired resource. Methods include GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, CONNECT, and PATCH.[6]
- HTTP requests include a request line, headers, an empty line, and an optional message body.[7]
- HTTP responses include a status line, header, an empty line, and an optional message body.[8]
- Hypertext Transfer Protocol Secure (HTTPS) is a widely used communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the Secure Sockets Layer / Transport Layer Security (SSL/TLS) protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.[9]
- HTTPS uses TCP as its transport protocol and servers listen on port 443 by default.[10]
- Web servers supporting HTTPS connections must have a public key certificate signed by a certificate authority the web browser trusts in order to connect without a client warning.[11]
- TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity.[12]
- TLS handshaking includes the exchange of settings, server authentication, optional client authentication, and public key encryption of a symmetric session key.[13]
- Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks.[14]
- Client applications use SMTP for sending messages to a mail server, but usually use either the Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP) or a proprietary system to access their mail box accounts on a mail server.[15]
- Client applications should use TCP port 587 to submit SMTP messages to a server. Servers use TCP port 25 to transfer SMTP messages to destination servers.[16]
- SMTP transactions include commands for MAIL, RCPT, and DATA.[17]
Key Terms
edit- abstraction layer
- A way of hiding the implementation details of a particular set of functionality.[18]
- authentication
- The act of confirming the identity of a person, software program, or computer system.[19]
- eavesdropping
- The act of secretly listening to the private conversation of others without their consent.[20]
- hypermedia
- A logical extension of the term hypertext in which graphics, audio, video, plain text and hyperlinks intertwine to create a generally non-linear medium of information.[21]
- HyperText Markup Language (HTML)
- The main markup language for displaying web pages and other information that can be displayed in a web browser.[22]
- Internet Message Access Protocol (IMAP)
- An Application Layer Internet protocol that allows an e-mail client to access e-mail on a remote mail server.[23]
- man-in-the-middle attack
- A form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection.[24]
- Post Office Protocol (POP)
- An application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.[25]
- public-key cryptography
- A cryptographic system requiring two separate keys, one of which is secret and one of which is public.[26]
- stateless protocol
- A communications protocol that treats each request as an independent transaction that is unrelated to any previous request so that the communication consists of independent pairs of requests and responses.[27]
- symmetric-key algorithms
- A class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext.[28]
- tampering
- The deliberate altering or adulteration of information, a product, a package, or system.[29]
- web cache
- A mechanism for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag.[30]
- web crawler
- A computer program that browses the World Wide Web in a methodical, automated manner or in an orderly fashion.[31]
- World Wide Web Consortium (W3C)
- The main international standards organization for the World Wide Web.[32]
Review Questions
editClick on a question to see the answer.
-
The application layer is an abstraction layer reserved for communications protocols and methods designed for _____ communications across an Internet Protocol (IP) computer network.The application layer is an abstraction layer reserved for communications protocols and methods designed for process-to-process communications across an Internet Protocol (IP) computer network.
-
Application layer protocols use the underlying transport layer protocols to establish _____ connections.Application layer protocols use the underlying transport layer protocols to establish host-to-host connections.
-
The Hypertext Transfer Protocol (HTTP) is an application protocol for _____.The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.
-
HTTP functions as a _____ protocol in the _____ computing model.HTTP functions as a request-response protocol in the client-server computing model.
-
HTTP uses _____ as its transport protocol and servers listen on port _____ by default.HTTP uses TCP as its transport protocol and servers listen on port 80 by default.
-
HTTP defines methods that may be performed on the desired resource. Methods include _____.HTTP defines methods that may be performed on the desired resource. Methods include GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, CONNECT, and PATCH.
-
HTTP requests include _____.HTTP requests include a request line, headers, an empty line, and an optional message body.
-
HTTP responses include _____.HTTP responses include a status line, header, an empty line, and an optional message body.
-
Hypertext Transfer Protocol Secure (HTTPS) is a widely used communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in itself; rather, it is _____.Hypertext Transfer Protocol Secure (HTTPS) is a widely used communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the Secure Sockets Layer / Transport Layer Security (SSL/TLS) protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.
-
HTTPS uses _____ as its transport protocol and servers listen on port _____ by default.HTTPS uses TCP as its transport protocol and servers listen on port 443 by default.
-
Web servers supporting HTTPS connections must have a public key certificate _____.Web servers supporting HTTPS connections must have a public key certificate signed by a certificate authority the web browser trusts in order to connect without a client warning.
-
TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using _____.TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity.
-
TLS handshaking includes _____.TLS handshaking includes the exchange of settings, server authentication, optional client authentication, and public key encryption of a symmetric session key.
-
Simple Mail Transfer Protocol (SMTP) is an Internet standard for _____.Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks.
-
Client applications use _____ for sending messages to a mail server, but usually use either _____ or _____ or a proprietary system to access their mail box accounts on a mail server.Client applications use SMTP for sending messages to a mail server, but usually use either the Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP) or a proprietary system to access their mail box accounts on a mail server.
-
Client applications should use TCP port _____ to submit SMTP messages to a server. Servers use TCP port _____ to transfer SMTP messages to destination servers.Client applications should use TCP port 587 to submit SMTP messages to a server. Servers use TCP port 25 to transfer SMTP messages to destination servers.
-
SMTP transactions include commands for _____.SMTP transactions include commands for MAIL, RCPT, and DATA.
Assessments
editSee Also
editReferences
edit- ↑ Wikipedia: Application layer
- ↑ Wikipedia: Application layer
- ↑ Wikipedia: Hypertext Transfer Protocol
- ↑ Wikipedia: Hypertext Transfer Protocol#Technical overview
- ↑ Wikipedia: Hypertext Transfer Protocol#HTTP session
- ↑ Wikipedia: Hypertext Transfer Protocol#Request methods
- ↑ Wikipedia: Hypertext Transfer Protocol#Request message
- ↑ Wikipedia: Hypertext Transfer Protocol#Response message
- ↑ Wikipedia: HTTP Secure
- ↑ Wikipedia: HTTP Secure#Difference from HTTP
- ↑ Wikipedia: HTTP Secure#Server setup
- ↑ Wikipedia: Transport Layer Security
- ↑ Wikipedia: Transport Layer Security#Simple TLS handshake
- ↑ Wikipedia: Simple Mail Transfer Protocol
- ↑ Wikipedia: Simple Mail Transfer Protocol
- ↑ Wikipedia: Simple Mail Transfer Protocol#Mail processing model
- ↑ Wikipedia: Simple Mail Transfer Protocol#Protocol overview
- ↑ Wikipedia: Abstraction layer
- ↑ Wikipedia: Authentication
- ↑ Wikipedia: Eavesdropping
- ↑ Wikipedia: Hypermedia
- ↑ Wikipedia: HTML
- ↑ Wikipedia: Internet Message Access Protocol
- ↑ Wikipedia: Man-in-the-middle attack
- ↑ Wikipedia: Post Office Protocol
- ↑ Wikipedia: Public-key cryptography
- ↑ Wikipedia: Stateless protocol
- ↑ Wikipedia: Symmetric-key algorithm
- ↑ Wikipedia: Tamper-evident
- ↑ Wikipedia: Web cache
- ↑ Wikipedia: Web crawler
- ↑ Wikipedia: World Wide Web Consortium