Experiment: Application layer Protocol Learning notes

Application Layer Protocol

Above the transport layer is the application layer. The data portion of the UDP packet and TCP segment of the transport layer is the data that the application layer delivers.

Different types of network applications have different communication rules, so the application layer protocol is various, such as DNS, FTP, Telnet, SMTP, HTTP, RIP, NFS and other protocols are used to solve their own class of problems.

This section of the experiment, introduces the DNS, FTP, HTTP three commonly used application layer protocol.

One, DNS

The DNS (Domain Name service Domain name Services) protocol is based on UDP, using port number 53.

IP addresses made up of numbers are hard to remember, so we use the alias-domain name of the Web site's IP address online. In practice, the domain name corresponds to the IP address, and this correspondence is stored in the DNS server .

After you enter a domain name in the browser, a DNS server resolves the domain name to the corresponding IP address. Note that this differs from the network layer's ARP protocol: DNS provides a correspondence between the domain name and the IP address, and ARP provides the corresponding relationship between the IP address and the MAC address.

DNS Server

A DNS server is a hierarchical system:

• (1) Root DNS server : There are 13 root nameservers worldwide, numbered A through m, most of which are located in the United States.

• (2) top-level (TLD) DNS servers : Responsible for top-level domains such as COM, org, edu, and top-level domain names for all countries (such as CN, UK, JP).

• (3) authoritative DNS servers : Domain name resolution services for large organizations, universities, and enterprises.

• (4) local DNS server : Usually the closest DNS server to our host.

And the process of domain name parsing, there are two ways of iterative query and recursive query:

Host command

In the Linux system, you can use the Host command for DNS queries, to view a specified domain name of the IP, such as to query the IP address of the lab building:

host www.shiyanlou.com

DNS Messages

The queries that the host sends to the DNS server are called DNS messages , roughly structured:

The content of the DNS question and answer message is the corresponding information of the IP and domain name, and the DNS header and the content fields are not described in detail here. In-depth understanding, you can first host a domain name, and then use tcpdump crawl message and interpretation.

DNS Cache and Hosts file

Just now the DNS parsing query process diagram, a total of 8 DNS messages, which is very time-consuming, so the actual application of the use of DNS caching : When a DNS server receives a DNS answer, the information will be cached for a period of time, when there is a query for the same domain name, will be able to respond directly.

With DNS caching, many queries require only a local DNS server to complete.

"FQ" hobby students should know the hosts file, in fact, the hosts file can be seen as a small DNS server.

To open the Hosts file with a command:

sudo gedit /etc/hosts

View the contents of the file, you can find that there are all IP and domain name corresponding records:

In the actual online process, the priority of the domain name resolution is: First in the DNS cache query, if not found records, and then query the hosts file, if still did not find records, and then sent to the DNS server DNS query message.

Second, FTP

FTP (file Transfer Protocol) is based on TCP, using port number 20 (data) and 21 (control).

Its main function is to reduce or eliminate the incompatibility of processing files under different operating systems, in order to achieve a convenient and efficient file transfer effect.

• FTP provides only the basic service for file transfer, which uses a client-server approach, and an FTP server can serve multiple clients at the same time.

• During file transfer, two TCP connections are established between the FTP client and the server: Port 21st establishes a control connection and Port 20th establishes a data connection .

• There are two ways to transfer ftp: ASCII transfer mode and binary data transfer mode.

Third, HTTP

HTTP (hypertext Transfer Protocol Hypertext Transfer Protocol) is based on TCP, using port number 80 or 8080.

Whenever you enter a Web address or click a link in a browser, the browser extracts the page information from the server via the HTTP protocol, which is now the most frequently used application layer protocol.

The principle is simple:

• After clicking on a link, the browser initiates a TCP connection to the server;

• After the connection is established, the browser sends the HTTP request message, and the server responds to the message.

• The content of the response message received by the browser is displayed on the webpage;

• The message ends and the TCP connection is closed.

The HTTP message is encapsulated as a TCP segment by the transport layer and then encapsulated as an IP datagram by the IP layer. The structure of the HTTP message:

The visible message is divided into 3 parts:

• (1) Start line: Used to distinguish between a request message or a response message, the start line in the request message is called the request line , and in the response message, the start line is called the status line . Each of the three fields in the start line is separated by a space, and the CRLF at the end indicates carriage return and line wrapping.

• (2) First line: Some information used to describe the browser, server, or message body.

• (3) Entity body: The entity body is usually not used in the request message.

The Method field of the request message is the operation on the requested object, and the status code of the response message is a 3-digit number, divided into 5 classes of 33 kinds:

• 1xx indicates notification information, such as received or being processed.

• 2xx indicates successful reception.

• 3xx indicates redirection.

• 4xx indicates a customer error, such as 404 indicating that the page was not found.

• 5xx represents a server error, such as the common 502 bad Gateway.

Learning Pathway: Experimental Building

Experiment: Application layer Protocol Learning notes