Windowing 489 Table 9-1 Reserved TCP and UDP Port Numbers Decimal Port Number Keyword Description 0 — Reserved 1 to 4 — Unassigned 5 Rje Remote job entry 7 Echo Echo 9 Discard Discard 11 Users Active users 13 Daytime Daytime 15 Netstat Who is up, or netstat 17 Quote Quote of the day 19 Chargen Character generator 20 ftp-data File Transfer Protocol (data) 21 ftp File Transfer Protocol 23 telnet Terminal connection 25 Smtp Simple Mail Transfer Protocol 37 Time Time of day 39 Rlp Resource Location Protocol 42 Nameserver Host name server 43 nickname Who is 53 Domain Domain Name Server 67 Bootps Bootstrap protocol server 68 Bootpc Bootstrap protocol client 69 Tftp Trivial File Transfer Protocol 75 — Any private dial-out service 77 — Any private RJE service continues 1102.book Page 489 Tuesday, May 20, 2003 2:53 PM 490 Chapter 9: TCP/IP Transport and Application Layer As shown in Figure 9-12, end systems use port numbers to select the proper application. Originating source port numbers are assigned dynamically by the source host, with some number greater than 1023. As an example, a host attempting to connect to another using FTP sends a packet with a destination TCP port number of 21 (FTP) and a dynamically generated source port number such as 1028. This pair of port numbers (destination and source) defines the unique “conversation” between these hosts. If the same host initiates another FTP session to a second host, the destination port still is 21, but the source port generated is different (for example, 1030), to keep the two sessions separate. Figure 9-12 Port Numbers Dictate Application Used 79 Finger Finger 80 HTTP Hypertext Transfer Protocol 123 Ntp Network Time Protocol 133 to 159 — Unassigned 160 to 223 — Reserved 224 to 241 — Unassigned 242 to 255 — Unassigned Numbers below 1024 are considered well-known port numbers. Numbers above 1024 are assigned port numbers dynamically. Registered port numbers are those registered for vendor-specific applications. Most are above 1024. Table 9-1 Reserved TCP and UDP Port Numbers (Continued) Decimal Port Number Keyword Description Source Port Destination Port Source Port 1028 Destination Port Telnet Z Destination port = 23. Send packets to my Telnet application. Host A Host Z 23 1102.book Page 490 Tuesday, May 20, 2003 2:53 PM TCP/IP Application Layer 491 TCP/IP Application Layer The last layer of both the OSI and the TCP/IP model is referred to as the application layer. The application layer is the closest to the end user when interacting with soft- ware applications such as sending and receiving e-mail over a network. You see how the application layer deals with data packets from client/server applications, domain name services, and network applications by examining the following elements: ■ Client/server ■ Redirectors ■ Domain Name System ■ E-mail ■ Telnet ■ FTP ■ HTTP Introduction to the Application Layer In the context of the OSI reference model, the application layer (Layer 7) supports the communicating component of an application, as shown in Figure 9-13. The applica- tion layer is responsible for the following: ■ Identifying and establishing the availability of intended communication partners ■ Synchronizing cooperating applications ■ Establishing agreement on procedures for error recovery ■ Controlling data integrity Figure 9-13 Application Layer 1102.book Page 491 Tuesday, May 20, 2003 2:53 PM 492 Chapter 9: TCP/IP Transport and Application Layer The application layer is the layer closest to the end user. This determines whether suffi- cient resources exist for communication between systems. Without the application layer, there would be no network communication support. The application layer does not provide services to any other layer, but it does provide services to application processes lying outside the scope of the TCP/IP model, such as spreadsheet programs, word processing programs, and banking terminal programs. Additionally, the application layer provides a direct interface to the rest of the model for network applications (such as browser or e-mail program) or an indirect interface for standalone applications (such as word processors, spreadsheets, and presentation managers) with a network redirector. Direct Network Applications Most applications that work in a networked environment are classified as client/server applications. These applications, such as FTP clients (not protocols), web browsers, and e-mail programs, all have two components that allow them to function—the client side and the server side. The client side is located on the local computer and is the requestor of the services. The server side is located on a remote computer and provides services in response to the client’s requests. A client/server application works by constantly repeating the following looped routine: client request, server response; client request, server response. For example, a web browser accesses a web page by requesting a uniform resource locator (URL), which is resolved to an IP address on a remote web server. After it locates the URL, the web server that is identified by that URL responds to the request. Then, based on the infor- mation received from the web server, the client can request more information from the same web server or can access another web page from a different web server. Netscape Navigator and Internet Explorer are probably the most commonly used net- work applications. An easy way to understand a web browser is to compare it to a television remote control. A remote control gives you the capability to directly control a TV’s functions: volume, channels, brightness, and so on. For the remote control to function properly, you do not need to understand how the remote control functions electronically. The same is true of a web browser; the browser gives you the capability to navigate through the web by clicking hyperlinks. For the web browser to function properly, it is not necessary for you to understand how the lower-layer OSI protocols work and interact. Indirect Network Support Within a LAN environment, indirect-application network support is also a client/server function. If a client wants to save a file from a word processor to a network server, the 1102.book Page 492 Tuesday, May 20, 2003 2:53 PM TCP/IP Application Layer 493 redirector enables the word-processing application to do so transparently. Remember that this transparency is supplied by the session layer Remote Procedure Call (RPC) functionality. A redirector is an OSI model session layer function that works with computer operat- ing systems and network clients instead of specific application programs. Examples of protocols that use redirectors are as follows: ■ AppleTalk Filing Protocol ■ NetBIOS Extended User Interface (NetBEUI) ■ Novell IPX/SPX protocols ■ Network File System (NFS) of the TCP/IP protocol suite A redirector enables a network administrator to assign remote resources to logical names on the local client. When you select one of these logical names to perform an operation such as saving a file or printing a file, the network redirector sends the selected file to the proper remote resource on the network for processing. If the resource is on a local computer, the redirector ignores the request and allows the local operating system to process the request. The advantage of using a network redirector on a local client is that the applications on the client never have to recognize the network. In addition, the application that requests service is located on the local computer, and the redirector reroutes the request to the proper network resource, while the application treats it as a local request. Redirectors expand the capabilities of non-network software. They also enable users to share documents, templates, databases, printers, and many other resource types without having to use special application software. Networking has had a great influence on the development of programs such as word processors, spreadsheets, presentation managers, database programs, graphics, and productivity software. Many of these software packages are now network-integrated or network-aware; they have the capabilities of launching integrated web browsers or Internet tools and publishing their output to the Hypertext Markup Language (HTML) for easy web integration. Making and Breaking a Connection It is important to note that in each of the examples mentioned in the preceding sections, the connection to the server was maintained only long enough to complete a single task. In the web example, the connection was maintained just long enough to download the current web page. In the printer example, the connection was maintained just long 1102.book Page 493 Tuesday, May 20, 2003 2:53 PM 494 Chapter 9: TCP/IP Transport and Application Layer enough to send the document to the print server. After the processing was completed, the connection was broken and had to be re-established for the next processing request to take place. This is one of the two ways that communication sessions take place. Later in this chapter, you learn about the second method in which communication ses- sions take place. This is illustrated by the Telnet and FTP examples, in which a connec- tion to the server is established and maintained until all processing has been performed. The client computer terminates the connection when the user determines that he or she has finished. All communication activity falls into one of these two categories. In the next section, you learn about the Domain Name System (DNS), which is supported by the application layer processes. DNS The Internet is built on a hierarchical addressing scheme. This allows for routing that is based on classes of addresses, as opposed to individual addresses. The problem that this creates for the user is associating the correct address with the Internet site. The only difference between the addresses 198.151.11.12 and 198.151.11.21 is one trans- posed digit. It is very easy to forget an address to a particular site because there is nothing to associate the contents of the site with its address. To associate the contents of the site with its address, a domain-naming system was devel- oped. DNS is a system used on the Internet for translating names of domains and their publicly advertised network nodes into IP addresses. A domain is a group of computers that are associated by their geographical location or their business type. A domain name is a string of characters and/or numbers, usually a name or abbreviation that represents the numeric address of an Internet site. More than 200 top-level domains exist on the Internet; examples include the following: ■ .us—United States ■ .uk—United Kingdom There are also generic names, examples of which include the following: ■ .edu—Educational sites ■ .com—Commercial sites ■ .gov—Government sites ■ .org—Nonprofit sites ■ .net—Network service ■ .mil—U.S. military sites ■ .int—International database/treaty organization sites N O TE For more information on domain names, visit the IANA web- site (www.iana.org/ domain-names.htm) for domain names. 1102.book Page 494 Tuesday, May 20, 2003 2:53 PM TCP/IP Application Layer 495 The Domain Name Server The Domain Name System (DNS) server is a device on a network that responds to requests from clients to translate a domain name into the associated IP address. The DNS system is set up in a hierarchy that creates different levels of DNS servers. If a local DNS server is capable of translating a domain name into its associated IP address, it does so and returns the result to the client. If it cannot translate the address, it passes the request up to the next higher-level DNS server on the system, which then tries to translate the address. If the DNS server at this level is capable of translating the domain name into an associated IP address, it does so and returns the result to the client. If not, it sends the request to the next higher level. This process repeats itself until the domain name has been translated or until the top-level DNS server has been reached. If the domain name cannot be found on the top-level DNS server, it is con- sidered to be an error and the corresponding error message is returned. Any type of application that uses domain names to represent IP addresses uses the DNS server to translate that name into its corresponding IP address. FTP and TFTP The File Transfer Protocol (FTP) is designed to download files (received or gotten from the Internet) and upload files (sent or put to the Internet). The capability to upload and download files is one of the most valuable features of the Internet. This is especially helpful for people who rely on computers for many purposes and who might need software drivers and upgrades immediately. Network administrators rarely can wait even a few days to get the necessary drivers that enable their network servers to function again. The Internet can provide these files immediately by using FTP. Like e-mail and Telnet, FTP is a client/server application. It requires server software running on a host that can be accessed by client software. An FTP session is established the same way in which a Telnet session is established. Just like Telnet, the FTP session is maintained until the client terminates it or until there is some sort of communication error. When you establish a connection to an FTP process or daemon, you must supply a login ID and a password. Normally, you use Anonymous as the login ID and your e-mail address as the password. This type of con- nection is known as anonymous FTP. After your identity is established, a command link opens between your client machine and the FTP server. This is similar to a Telnet session, in which commands are sent and executed on the server and the results are returned to the client. This feature enables you to create and change folders, erase and rename files, and execute many other functions associated with file management. 1102.book Page 495 Tuesday, May 20, 2003 2:53 PM 496 Chapter 9: TCP/IP Transport and Application Layer The main purpose of FTP is to transfer files from one computer to another by copying and moving files from servers to clients and from clients to servers. When you copy files from a server, FTP establishes a second connection, a data link between the com- puters, across which the data is transferred. Data transfer can occur in American Stan- dard Code for Information Interchange (ASCII) mode or binary mode. These two modes determine how the data file is to be transferred between the stations. ASCII format returns a human-readable representation of the number in seven ASCII characters. The first character is a space or a negation sign, followed by three digits, a decimal point, and two more digits. If a number has less than three digits to the left of the decimal point, then the optional sign and digits are right-justified in the seven character field, and spaces are filled in on the left. Because binary-mode numbers take only 4 bytes each, compared to the 7 of an ASCII representation, the binary representation takes less time to send over the serial link to the computer. However, there are marked advantages to using the ASCII representation. After the file transfer has ended, the data connection terminates automatically. After you complete the entire session of copying and moving files, you might log off, thus closing the command link and end- ing the session. The Trivial File Transport Protocol (TFTP) is a connectionless service that uses UDP. TFTP is used on routers and switches to transfer configuration files and Cisco IOS Software images, and to transfer files between systems that support TFTP. It is designed to be small and easy to implement. Therefore, it lacks most of the features of regular FTP. The only thing it can do is read and write files (or mail) from or to a remote server. It cannot list directories, and currently it has no provisions for user authentication. It is useful in some LANs because it operates faster than FTP in a stable environment. Another protocol that has the capability to download files is Hypertext Transfer Pro- tocol (HTTP), as discussed in the next section. One limitation of HTTP is that you can use it only to download files, not upload them. HTTP The Hypertext Transfer Protocol (HTTP) works with the World Wide Web, which is the fastest-growing and most used part of the Internet. One of the main reasons for the extraordinary growth of the web is the ease in which it allows access to information. A web browser is a client/server application, which means that it requires both a client and a server component to function. A web browser presents data in multimedia formats on web pages that use text, graphics, sound, and video. The web pages are created with a format language called the Hypertext Markup Language (HTML). HTML directs a web browser on a particular web page to produce the appearance of the page in a specific manner. In addition, HTML specifies locations for the placement of text, files, and objects that are to be transferred from the web server to the web browser. 1102.book Page 496 Tuesday, May 20, 2003 2:53 PM TCP/IP Application Layer 497 Hyperlinks make the World Wide Web easy to navigate. A hyperlink is an object (word, phrase, or picture) on a web page that, when clicked, transfers you to a new web page. The web page contains (often hidden within its HTML description) an address location known as a uniform resource locator (URL). Table 9-2 shows the components of a standard URL address (http://www.cisco.com/edu/ in this case). When you open a web browser, the first thing you usually see is a starting (or “home”) page. The URL of the home page already has been stored in the configuration area of your web browser and can be changed at any time. From the starting page, you can click one of the web page hyperlinks or type a URL in the browser’s address bar. The web browser then examines the protocol to determine whether it needs to open another program, and it determines the IP address of the web server. After that, the transport layer, network layer, data link layer, and physical layer initiate a session with the web server. The data that is transferred to the HTTP server contains the folder name of the web page location (the data also can contain a specific filename for an HTML page). If no name is given, the server uses a default name (as specified in the server’s configuration). The server responds to the request by sending all of the text, audio, video, and graphic files, as specified in the HTML instructions, to the web client. The client browser reas- sembles all the files to create a view of the web page and then terminates the session. If you click another page that is located on the same server or a different server, the whole process begins again. SMTP E-mail servers communicate with each other using the Simple Mail Transfer Protocol (SMTP) to send and receive mail. The SMTP protocol transports e-mail messages in ASCII format using TCP. You can connect to an SMTP server by performing a ping test to the SMTP port (25). This is a good way to test if a mail server is reachable. Table 9-2 URL Components http:// www. Cisco.com /cgi/ Identifies to the browser what proto- col should be used. Identifies what type of site is being contacted by the browser. Represents the domain entry of the web site. Identifies the folder where the web page is located on the server. Also, because no name is specified, the browser loads the default page identified by the server. 1102.book Page 497 Tuesday, May 20, 2003 2:53 PM 498 Chapter 9: TCP/IP Transport and Application Layer When a mail server receives a message destined for a local client, it stores that message and waits for the client to collect the mail. Mail clients can collect their mail in several ways: They can use programs that access the mail server files directly or can use one of many network protocols. The most popular mail client protocols are Post Office Protocol Version 3 (POP3) and Internet Messaging Access Protocol Version 4 (IMAP4), which both use TCP to transport data. Even though mail clients use these special pro- tocols to collect mail, they almost always use SMTP to send mail. Because two different protocols, and possibly two different servers, are used to send and receive mail, it is possible that mail clients can perform one task and not the other. Therefore, you should troubleshoot the sending of mail and the receiving of mail separately. When verifying the configuration of a mail client, both the mail relay server (SMTP) and mail servers (POP or IMAP) should be verified. SMTP does not offer much in the way of security and does not require any authentication. To prevent unauthorized users from bouncing mail messages off their servers, administrators often don’t allow hosts that are not part of their network to use their SMTP server to send (or relay) mail. SNMP The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. An SNMP-managed network consists of the following three key components: ■ Managed device—A network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management informa- tion and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers. ■ Agent—A network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. ■ Network-management system (NMS)—Executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network. 1102.book Page 498 Tuesday, May 20, 2003 2:53 PM . Hypertext Transfer Protocol 12 3 Ntp Network Time Protocol 13 3 to 15 9 — Unassigned 16 0 to 22 3 — Reserved 22 4 to 2 41 — Unassigned 24 2 to 25 5 — Unassigned Numbers below 10 24 are considered well-known. site. The only difference between the addresses 19 8 .15 1 .11 . 12 and 19 8 .15 1 .11 . 21 is one trans- posed digit. It is very easy to forget an address to a particular site because there is nothing to. Destination Port Source Port 10 28 Destination Port Telnet Z Destination port = 23 . Send packets to my Telnet application. Host A Host Z 23 11 02. book Page 490 Tuesday, May 20 , 20 03 2: 53 PM TCP/IP Application Layer 4 91 TCP/IP