chapter 2 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 2 PowerPoint Presentation
Download Presentation
Chapter 2

Loading in 2 Seconds...

play fullscreen
1 / 102

Chapter 2 - PowerPoint PPT Presentation


  • 426 Views
  • Uploaded on

Chapter 2. Application Protocols. Domain Name Service. defines a hierarchical naming standard for the Internet top-level-domains (TLDs) "old-style" .com, .edu, .net, .mil, .gov ccTLDs .au, .us, .gb "new generic" TLDs .info, .biz second-level-domains company.com, com.au

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chapter 2' - andrew


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 2
Chapter 2

Application Protocols

domain name service
Domain Name Service
  • defines a hierarchical naming standard for the Internet
    • top-level-domains (TLDs)
      • "old-style" .com, .edu, .net, .mil, .gov
      • ccTLDs .au, .us, .gb
      • "new generic" TLDs .info, .biz
    • second-level-domains
      • company.com, com.au
    • third-level-domains
      • bond.edu.au
registration administration
Registration & Administration
  • country code top level domains (ccTLDs)
    • country by country
    • Australia: auDA
  • TLDs
    • was: administrated by Network Solutions
      • Internic
    • now: several 'accredited registrars'
      • accredited by ICANN
      • dispute resolution at infringements
dns function
DNS Function
  • maps domain names to IP addresses
    • aka "forward lookup"
    • eg. kirk.bond.edu.au -> A 131.244.1.1
    • 'A record' holds address information in database
  • maps aliases to other names
    • 'CNAME records' list canonical names
    • eg. www.bond.edu.au -> CNAME redback.bond.edu.au
dns function5
DNS Function
  • maps domain names to mailserver names
    • eg. webmaster@bond.edu.au -> MX staff.bond.edu.au
      • 'MX record' in database
  • maps IP addresses to host names
    • aka "reverse lookup"
    • 'PTR record in subzone of IN-ADDR.arpa
      • eg. 1.1.244.131.in-addr.arpa -> PTR kirk.Bond.edu.au
dns database
DNS Database
  • database contains zones
    • everything what is known about a domain
    • host names, IP addresses, subdomains....
  • every zone is made up by records
    • 'A records' for addresses
    • 'MX records' for mail exchange references
    • 'NS records' specifying the authoritative DNS for a zone
  • every record has TTL (time-to-live) for caching
dns distributed operation
DNS Distributed Operation
  • iterative query
    • server answers either directly or gives reference to other DNS server
  • recursive query
    • server asks other DNSs itself
    • more costly for the server, security issues
  • zone transfer
    • (trusted) DNSs exchange complete 'zones'
    • for replication mainly
dns distributed operation cont d
DNS Distributed Operation (cont'd)
  • data dynamics
    • read often, write seldom
  • fault tolerance
    • more than one name server for a zone
    • caching, replication
    • relaxed consistency, things "converge eventually"
domain name service cont d
Domain Name Service (cont'd)

;; QUESTIONS:

;; bond.edu.au, type = A, class = IN

;; ANSWERS:

bond.edu.au. 86400 A 131.244.1.1

;; AUTHORITY RECORDS:

bond.edu.au. 86400 NS kirk.bond.edu.au.

bond.edu.au. 86400 NS minerva.its.bond.edu.au.

bond.edu.au. 86400 NS diablo.onthenet.com.au.

;; ADDITIONAL RECORDS:

kirk.bond.edu.au. 86400 A 131.244.1.1

minerva.its.bond.edu.au. 86400 A 131.244.14.1

diablo.onthenet.com.au. 75661 A 203.10.89.2

bond.edu.au. 86400 MX 10 kirk.bond.edu.au.

telnet
Telnet
  • for interactive access to a remote machine
  • "Internet terminal"
  • Catalogs, databases, services, etc. via Telnet -> primitive information systems (although mostly displaced by the web)
  • e.g. telnet pac.carl.org
  • Colorado Alliance of Research Libraries
  • TCP-based protocol, default server port 23
  • multiplexes control data and user comm. into one TCP stream
  • Application: telnet <host> [<port>]
telnet process model

user

login shell

kernel

kernel

pseudo terminal driver

terminal driver

telnet client

telnet server

tcp/ip stack

tcp/ip stack

Telnet process model

telnet shell.it.bond.edu.au

Green Hat Linux release 5.5 (Manhattan)

Kernel 2.20.36 on an 68000

login: jruser

Password:

tcsh>

telnet s pros and cons
Telnet's pros and cons
  • Standardized (RFC 854)
  • Application useful to debug text-based protocols (HTTP, SMTP, NNTP, POP, ....)
  • but 1 keystroke = 3 TCP packets
  • Data and Passwords in the clear
    • like most other remote login tools
    • simple to eavesdrop
  • don't use it for interactive work!
    • use SSH for that
telnet for debugging http
Telnet for Debugging: HTTP

> telnet www.bond.edu.au http

Trying 203.144.16.237...

Connected to redback.Bond.edu.au.

Escape character is '^]'.

GET / HTTP/1.0

HTTP/1.1 200 OK

Server: Netscape-Enterprise/3.0

Date: Tue, 16 Apr 2002 11:34:21 GMT

Content-type: text/html

Last-modified: Sun, 26 May 2002 23:59:55 GMT

Content-length: 22944

Accept-ranges: bytes

Connection: close

<html>

<head>

<title>Bond University</title>

.....

slide14
SSH
  • interactive access to a remote computer, like TELNET
  • but encrypted data transfer
    • password not sniffable
  • nifty authentication tricks possible
  • arbitrary TCP traffic can be tunneled
  • not fully standardized
  • not as widespread yet, less applications and servers
  • no replacement for TELNET as a debugging tool
file transfer protocol
File Transfer Protocol
  • Bi-directional file transfer (binary, ASCII)
  • ftp <host> (default port: 21)
  • Interactive access (file, directory commands)
  • Authentication via username/password
  • Anonymous FTP:
    • login as anonymous/<email address>
ftp process model

user

user interface

user protocol

interpreter

user data

transfer function

FTP process model

client

server

control connection

server protocol

interface

(FTP commands,

FTP replies)

file

system

file

system

server data

transfer function

data connection

ftp sample session
FTP sample session

> ftp mirror.aarnet.edu.au

Connected to ....

220 AARNet Mirror FTP server ready.

Name (mirror.aarnet.edu.au:az): ftp

331 Anonymous login ok

Password: az@bond.edu.au

230 Anonymous access granted, restrictions apply.

ftp> ls

150 Opening ASCII mode data connection for file list

drwxr-xr-x 13 mirror mirror 4096 May 26 21:17 pub

drwxr-xr-x 7 root root 512 Feb 28 00:47 raid

226 Transfer complete.

ftp> bye

221 Goodbye.

ftp commands
FTP commands
  • User commands, understood by the client app.
    • get, put, mget, mput
    • cd, dir, lcd, prompt, ascii, binary
  • Protocol commands exchanged by client and server
    • USER, PASS, QUIT, RETR, STOR, CWD, LIST
ftp replies
FTP replies
  • 3-digit code (ASCII) + optional message
  • Example replies:
  • 125 Data connection already open; transfer starting.
  • 200 Command OK.
  • 331 Username OK, password required.
  • 425 Can'topen data connection.
  • 500 Syntax error (unrecognized command).
  • QUIT -> 221 Goodbye
ftp s pros and cons
FTP's pros and cons
  • Pro:
    • Standardized (RFC 959)
    • Anonymous FTP
  • Contra:
    • Passwords and data in the clear
    • Very hard to get through a firewall securely
electronic mail

queue

user

user agent

transfer agent

user

user agent

transfer agent

user mail drop

Electronic Mail

client

sender

TCP port 25

server

receiver

protocols involved in email
Protocols involved in email
  • Simple Mail Transfer Protocol (SMTP)
    • mail exchange between MTAs
    • TCP protocol, port 25
    • binary transport still not guaranteed
  • Post Office Protocol (POP)
    • retrieve mail from a mail drop
    • TCP , port 110 (POP3)
  • Internet Message Access Protocol (IMAP)
    • access and manage remote mail drop
    • TCP, port 143 (IMAP4)
smtp sample session
SMTP sample session

220 athena.bond.edu.au -- Server ESMTP

helo cluon.it.bond.edu.au

250 athena.bond.edu.au OK, cluon.it.bond.edu.au [131.244.8.139].

mail from: <az@bond.edu.au>

250 2.5.0 Address Ok.

rcpt to: <az@bond.edu.au>

250 2.1.5 az@bond.edu.au OK.

data

354 Enter mail, end with a single ".".

bla

.

250 2.5.0 Ok.

quit

221 2.3.0 Bye received. Goodbye.

the corresponding email
The corresponding email
  • Email format specified in RFC 2821 and RFC 2822

Received: from conversion-daemon.staff.bond.edu.au by staff.bond.edu.au (iPlanet Messaging Server 5.1 (built May 7 2001)) id <0GXB00G01M0GH6@staff.bond.edu.au> for azangerl@ims-ms-daemon (ORCPT az@bond.edu.au); Fri, 07 Jun 2002 15:51:54 +1000 (EST)

Received: from cluon.it.bond.edu.au (cluon.it.bond.edu.au [131.244.8.139]) by staff.bond.edu.au (iPlanet Messaging Server 5.1 (built May 7 2001)) with SMTP id <0GXB00GN0MXK2G@staff.bond.edu.au> for azangerl@ims-ms-daemon (ORCPT az@bond.edu.au); Fri, 07 Jun 2002 15:51:54 +1000 (EST)

Date: Fri, 07 Jun 2002 15:51:53 +1000 (EST)

From: az@staff.bond.edu.au

To: az@staff.bond.edu.au

Message-id: <0GXB00GN4MY02G@staff.bond.edu.au>

bla

smtp commands
SMTP commands
  • Minimal SMTP command set (RFC 2821)
    • HELO: client identification
    • MAIL FROM: identify sender
    • RCPT TO : identify receiver
    • DATA: start taking the message
    • QUIT: terminate mail exchange
    • RSET: abort current mail transaction, reset
    • VRFY: verify recipient address
    • NOOP: do nothing
smtp replies
SMTP replies
  • 3-digit code (ASCII) + optional message
  • Example replies:
    • 250 <address>... Sender ok
    • 354 Enter mail, end with "." on a line by itself
    • 421 <domain> Service not available, closing transmission channel
    • 500 Syntax error (unrecognized command).
    • 221 <domain> closing connection (after QUIT)
smtp future
SMTP future
  • Extended SMTP (ESMTP): RFC 1425

220 athena.bond.edu.au -- Server ESMTP

ehlo cluon.it.bond.edu.au

250-athena.bond.edu.au

250-8BITMIME

250-EXPN

250-STARTTLS

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN

250 SIZE 4096000

  • .....lots of other capability codes
    • SIZE: willing to take mail up to size x, RFC1427
    • 8BITMIME: "8bit clean"
    • EXPN: expand address (do not send mail)
    • AUTH, STARTTLS: authentication at the server
mail and the dns
Mail and the DNS
  • MX resource record in the DNS
  • Defines mail relay and precedence for domains (hosts)

tcsh > nslookup

> set qt=mx

> sun.com

sun.com preference = 40, mail exchanger = mondzo.sun.com

sun.com preference = 5, mail exchanger = venus.Sun.COM

sun.com preference = 5, mail exchanger = lukla.Sun.COM

sun.com preference = 15, mail exchanger = mercury.Sun.COM

sun.com preference = 40, mail exchanger = mars.sun.com

mondzo.sun.com internet address = 192.18.100.1

venus.Sun.COM internet address = 192.9.25.5

.......

>

anatomy of an email
Anatomy of an email

Received: from mail.bond.edu.au

by localhost with POP3 (fetchmail-4.7.5)

for rho@localhost (single-drop); Tue, 01 Feb 2000 00:00:06 +1000 (EST)

Received: from ocean-xterm4.it.bond.edu.au (localhost [127.0.0.1])

by ocean-xterm4.it.bond.edu.au (8.9.3/8.9.3) with ESMTP id VAA17801;

Mon, 31 Jan 2000 21:52:54 +1000

Message-Id: <200001311152.VAA17801@ocean-xterm4.it.bond.edu.au>

X-Mailer: exmh version 2.1.1 10/15/1999

To: some_student@student.bond.edu.au

Cc: robert_barta@bond.edu.au

Subject: Re: proposal for Special topics in Networking / Network Administration

In-reply-to: Your message of "Fri, 28 Jan 2000 11:30:56 +1000."

<000901bf692f$5414ec60$3c00a8c0@crippsy>

Reply-To: rho@bond.edu.au

Precedence: normal

From: Robert Barta <rho@bond.edu.au>

Mime-Version: 1.0

Date: Mon, 31 Jan 2000 21:52:54 +1000

Sender: rho@bond.edu.au

that's the text in the body of the email

post office protocol

local store

user maildrop

user agent

user

POP server

Post Office Protocol
  • Retrieve mail from a mail drop
    • Default port: 110 (POP3)

client

server

TCP connection

client POP

interface

pop sample session
POP sample session
  • +OK POP3 kirk.bond.edu.au v7.59 server ready
  • USER rho
  • +OK User name accepted, password please
  • PASS ratzfatz
  • +OK Mailbox open, 2 messages
  • LIST
  • +OK Mailbox scan listing follows
  • 1 1485
  • 2 2281
  • .
  • RETR 1
  • +OK 1485 octets
  • Received: from kirk.bond.edu.au (....
  • the mail
  • .
  • DELE 1
  • +OK Message deleted
  • DELE 3
  • -ERR No such message
  • QUIT
  • +OK Sayonara
  • Connection closed by foreign host.
pop commands and replies
POP commands and replies
  • Main commands (RFC 1939):
    • USER specify user name (APOP name digest)
    • PASS user’s password (cleartext!)
    • QUIT end session
    • STAT number of messages, size of mailbox
    • LIST list mailbox/message, size & number of message
    • RETR retrieve a message
    • DELE mark message for deletion
    • NOOP do nothing
    • RSET unmark message for deletion
  • Replies (RFC 1939)
    • +OK [<text>]
    • -ERR [<text>]
internet message access protocol
Internet Message Access Protocol
  • POP’s shortcomings
    • password in the clear (if APOP not supported)
    • transfers mail to local system
      • network access ? Mail scattered on several computers.
    • leave mail on POP server
      • unstructured
  • IMAP
    • supports access and management of email on a mail server (RFC 2060)
imap goals
IMAP goals
  • Keep mail on the mail server:
    • mail needs not be transferred back and forth
    • Manipulation of remote mailboxes as if they were local
  • Access & management from > 1 computer
    • full access to mail while travelling
    • consistent access from home, work, etc.
    • Concurrent access to shared mailboxes
  • Access modes:
    • on-/offline, disconnected
imap access modes
IMAP access modes
  • Offline: similar to POP
  • Online: access, manage and manipulate mail on a server (mail is left on the server)
  • Disconnected (mail is left on the server)
    • make a cache copy of selected messages and disconnect
    • manipulate cache copy
    • reconnect to the server and resynchronize
imap can do more than pop
IMAP can do more than POP
  • List/create/delete/rename remote folders
  • Support for folder hierarchies
  • Manipulate remote folders != INBOX
  • Append messages to remote folder
  • Standard and user-defined status flags (seen, answered, draft, ...)
  • Simultaneous update and update recovery in shared folders
  • New mail notification
  • Determine message structure without downloading
  • Selective fetching of individual MIME body parts
  • Server-based searching and selection to minimize data transfer
  • Negotiated extensions => extend capabilities
imap problems
IMAP problems
  • Online mode: no IMAP server => no access to "old" mail
  • Complex protocol => harder to implement, more security problems, less stable?
  • elder Mail clients support POP rather than IMAP
  • Password and data in the clear
    • various extensions support MD (message digest auth.) or CRAM (challenge-response authentication methods)
    • with MD,CRAM at least the password not sent in clear
multipurpose internet mail extension
Multipurpose Internet Mail Extension
  • "old-style" Mail body according to RFC 2822:
    • only 7 bit ASCII text allowed
    • max line length: 1000 (SMTP DATA command)
  • how to transport non-text content?
  • MIME (RFC 2045-2049)
    • overcome RFC 822 limitations
    • requires no change to MTAs
    • structured mail content
mime header fields 1 3
MIME header fields (1/3)
  • MIME-Version
    • version of the Internet message body format standard in use
    • MIME-version: 1.0
  • Content-Type
    • describe the data contained in the body => user agent can pick an appropriate agent to present the data to the user
    • Content-Type: text/plain
mime header fields 2 3
MIME header fields (2/3)
  • Content-Transfer-Encoding
    • describe encoding of binary data (non-7-bit) into a 7 bit short line format (SMTP, RFC 2821)
    • Content-Transfer-Encoding: base64
  • Content-ID
    • one body may want to reference another
      • => unique id required
    • Content-ID: <id42@ocean-xterm4.it.bond...>
mime header fields 3 3
MIME header fields (3/3)
  • Content-Description
    • associate some descriptive information with a given message body
    • Content-Description: Mail message body
mime example raw content
MIME example (raw content)
  • Subject: test
  • Content-Type: multipart/mixed; boundary="border_1"
  • This is a multi-part message in MIME format.
  • --border_1
  • Content-Type: multipart/alternative; boundary="border_2"
  • --border_2
  • Content-Type: text/plain; charset=us-ascii
  • Content-Transfer-Encoding: 7bit
  • Content-Description: Mail message body
  • Just a nice test mail
  • --border_2
  • Content-Type: text/html; charset=us-ascii
  • Content-Transfer-Encoding: 7bit
  • <HTML> Just a nice test mail </HTML>
  • --border_2--
  • --border_1
  • Content-Type: image/gif; name="test.gif"
  • Content-Transfer-Encoding: base64
  • R0lGODlhIQHRAPcAAAAAAIAAAACA....
  • --border_1--
email issues non technical
eMail issues, non-technical
  • Be conservative in what you send and liberal in what you receive.
  • HTML is for the web, email is to be TEXT ONLY.
  • Quoting
    • don't fullquote or topquote, ever.
    • snip irrelevant stuff
    • make ">" your quote character or switch clients.
  • McQ limit for mail signatures
    • (from Usenet regular McQuary, alt.fan.warlord)
    • up to 4 lines, 80 characters each
email issues cont d
eMail issues (cont'd)
  • don't waste bandwidth
  • Meta viruses
    • "There is a dangerous mail going round. Do not open it, it will format your harddisk. Send this to all your friends."
  • Attachments
      • proprietary formats are evil.
      • size does matter
slide47
Spam
  • Spam (UBE/UCE)
    • commercials via email, "make money fast"
    • mass marketing, 30+ million email addresses on CDs
    • illegal in many countries
    • bandwidth consumption, consumer pays
spam personal behaviour
Spam, personal behaviour
  • DO NOT EVER reply to spam
    • address is forged or defunct or a trap:
    • you validate your address to the spammer
    • your spam intake will multiply
  • use "snake skin" addresses
    • gmx.net, hotmail.com, ....
  • always complain to sender's ISP
    • with COMPLETE mail including ALL headers
    • ferreting the right info out is tedious work
usenet news
Usenet News
  • "A global distributed blackboard on top of other networks."
  • "A World-wide discussion forum which is divided into hierarchical newsgroups dedicated to defined topics."
news basics
News basics
  • Over 60000 newsgroups (~ topics), many DOA
  • Newsgroups are hierarchically structured
    • e.g. comp.lang.java, sci.math.research
  • Users can subscribe to a set of newsgroups
  • Users can write new articles (or postings)
  • Users can post them to a (set of) newsgroup(s)
    • all subscribers see the postings
  • Users can reply to existing postings
    • thread (discussion)
newsgroup hierarchies
Newsgroup hierarchies
  • "big 8": comp, hum, misc, news, rec, sci, soc, talk
  • the unregulated arena: alt
  • regional groups
    • prefixed with ccTLD
    • au.rec.cars
  • other, more locali groups
types of newsgroups
Types of Newsgroups
  • Reading and posting allowed
    • everybody can read and post articles
  • Moderated
    • everybody can read articles
    • articles to be posted are mailed to the moderator who decides whether they are being posted
  • Read-only
    • everybody can read articles
    • posting requires special authorization
  • Restricted circulation groups
articles
Articles
  • very similar to email format
  • standardized in RFC 1036, changes proposed in "son-of-1036", ongoing discussions since years
  • Articles can be posted to one or more newsgroups (crossposting)
    • use with extreme care!
    • usual rule: there's exactly ONE group where article is on topic.
  • If an article is crossposted, it should name a "Follow-Up" newsgroup to direct responses
anatomy of an article
Anatomy of an Article

Newsgroups: news.announce.newusersPath: snafu.priv.at!pizzaschleicher.snafu.priv.at!newsfeed.Austria.EU.net!newsfeed.kpnqwest.at!news-hub.siol.net!cyclone.bc.net!newsfeed.stanford.edu!presby.edu!nanadmin

From: nan-admin@presby.edu (news.announce.newusers moderators)

Subject: Welcome to newsgroups and Usenet!

Sender: nanadmin@presby.edu (news.announce.newusers Moderators)

Message-ID: <01-welcome.txt.1023537904@presby.edu>

Supersedes: <01-welcome.txt.1022933103@presby.edu>

Approved: nan-admin@presby.edu

Date: Sat, 8 Jun 2002 12:05:04 GMT

Organization: Presbyterian College, Clinton SC, USA

Lines: 46

Welcome to newsgroups and Usenet! The newsgroup news.announce.newusers contains a collection of articles with basic information about newsgroups and pointers to further sources of information...

news distribution

client

client

client

client

client

server

server

client

client

server

server

client

client

client

client

News distribution

Network News Transport Protocol (NNTP)

Network News Reader Protocol (NNRP)

news servers
News Servers
  • Distribute articles and admin info (new newsgroups) via NNTP
  • Store, offer and distribute a certain subset of all available newsgroups
  • Clients can only read offered newsgroups (via NNRP)
  • Index and expire articles (disk space !)
  • full newsfeed: >200GB per day!
  • Standard software: INN (InterNetNews), diablo
network news transport protocol
Network News Transport Protocol
  • Standardized in RFC 977
  • Stream-based (TCP)
  • SMTP-like commands and responses
  • Example commands
    • {ARTICLE, HEAD, BODY} [msgID|#]
    • GROUP <newsgroup>, LIST, LISTGROUP
    • POST, NEWNEWS
nntp responses
NNTP Responses
  • 3 digit code (ASCII) + optional message
  • Last line of multi-line responses: .
  • very similar to SMTP
nntp sample session
NNTP sample session

200 snafu.priv.at InterNetNews NNRP server INN 2.3.2 ready (posting ok).

group news.announce.newusers

211 6 133 139 news.announce.newusers

xover 139

224 139 fields follow

139 Welcome to newsgroups and Usenet! nan-admin@presby.edu (news.announce.newusers moderators) Sat, 8 Jun 2002 12:05:04 GMT <01-welcome.txt.1023537904@presby.edu> 2715 46 Xref: snafu.priv.at news.announce.newusers:139

.

article 139

220 139 <01-welcome.txt.1023537904@presby.edu> article

Newsgroups: news.announce.newusers

From: nan-admin@presby.edu (news.announce.newusers moderators)

Subject: Welcome to newsgroups and Usenet!

...

.

quit

205 .

news problems
News Problems
  • deliver not guaranteed (best effort)
  • reply may be received before article
  • scalability
    • every article is copied to all other News servers
    • high bandwidth and disk space requirements
directory services
Directory Services
  • Highly important as the Internet grows
    • Certificates, identification
    • Resources
  • White pages (Example: X.500)
    • What is the phone number of John Smith in Austin, TX ?
  • Yellow pages (Example: X.500)
    • Who offers a certain service in a certain area ?
x 500
X.500
  • Directory services of the OSI model
  • Global, distributed database
    • Directory Information Base - DIB
  • Holds entities consisting of a set of attributes
    • object classes (inheritance)
  • Entities, attributes and their types are freely definable
directory information tree

Distinguished Name (DN): path in DIT

    • C=US;O=Wollongong;OU=Engineering;CN=“Marshall Rose”
  • Aliases, Referrals
  • Roles
Directory Information Tree

root

C=AU

C=US

O=Wollongong

O=DEC

O=Bond

OU=Engineering

OU=Legal

OU=Its

OU=It

CN=Chris Moore

CN=Marshall Rose

CN=Anita Paque

OU=Unix Guerilla

directory system agent
Directory System Agent
  • Directory: set of interacting DSAs
  • DSA: holds a set of naming contexts (NCs)

NC 2

NC 1

DSA

NC 3

directory access

1

2

4

3

Directory Access
  • (Lightweight) Directory Access Protocol ([L]DAP)
    • ldap://ldap.umich.edu/o=University%20of%20Michigan,c=US
  • Directory System Protocol (DSP)

DSA

Directory User

Agent (DUA)

[L]DAP

DSP

DSA

DSA

DSP

DSA

slide67
LDAP
  • Leight-weight Directory Access Protocol
    • single-client/single-server
    • atop TCP/IP
  • Database
    • object-oriented
    • hierarchical
    • distributed
ldap employments
LDAP Employments
  • Organizational Address Book
    • phone, email, services
  • Intranet White/Yellow Pages
    • NIS, yp, ldapd
    • Mail Routing (address masqerading)
  • Internet White/Yellow Pages
ldap basics
LDAP Basics
  • Objects
    • attribute/value pairs (AVAs)
      • cn=Robert Barta
      • rfc822=rho@bond.edu.au
      • description=Lecturer
    • syntaxes (mail, photo, URL)
    • objectClasses
      • person
      • organisationalRole
ldap basics cont d
LDAP Basics (cont’d)
  • relative distinguished name (RDN)
    • cn=Robert Barta, desc=Consultant
    • set of AVAs
  • distinguished name (DN)
    • c=AU, o=Bond University, cn=Robert Barta
    • path from DIT root
  • aliases
    • c=AU, o=Bond University, cn=Lecturer for INFT130
ldap basics cont d71
LDAP Basics (cont’d)
  • directory information tree (DIT)
    • distributed over various servers (contexts)
    • countries
      • organizations
        • organizational units
          • persons
      • localities
        • .....
www conceptually
WWW Conceptually
  • The WWW is a synchronous, distributed, multiple client, multiple server hyper-media system.
    • HyperText Transfer Protocol (HTTP)
    • HyperText Markup Language (HTML)

hypertext link

hypertext link

Web server

Web server

Web server

TCP port 80

TCP port 80

TCP port 80

HTTP connections

Web client

(browser)

uris urls urns
URIs, URLs & URNs
  • URI:
    • Naming scheme and syntax
  • URL:
    • URIs for objects accessed with existing protocols
  • URN:
    • persistent object names (resolution protocols)
  • Hyperlinks on the WWW
    • are represented as URLs
uniform resource locator
Uniform Resource Locator
  • <scheme>:<scheme-specific-part>
  • Schemes
    • ftp, http, mailto, news, telnet, file, ....
  • Common Internet Scheme Syntax
    • //[<user>[:<password>]@]<host>[:<port>]/[<path>[#<fragment>]]
url examples
URL Examples
  • http://james.bond.edu.au/courses/inft11135@021/index.mc
  • ftp://ftp.bond.edu.au/
  • ftp://anonymous@ftp.gnu.org/gnu/
  • ftp://anonymous:@ftp.gnu.org/gnu/
  • ftp://hugo:magumba@ftp.gnu.org/gnu/
  • mailto:rho@bond.edu.au
  • telnet://hugo@shell.it.bond.edu.au
  • file:///home/users/hugo/file1.txt
http interaction pattern
HTTP Interaction Pattern

Web server

Web client (browser)

Open TCP connection

Request

Send HTTP request

Check request

- Syntax OK ?

- Document exists ?

- Authentication required ?

Send reply

Reply

Receive reply

Close TCP connection

Interpret reply

Display document

time

http requests 1 2
HTTP requests (1/2)
  • HTTP 0.9
    • GET /this/and/that/ <CRLF>
  • HTTP 1.0
    • GET /this/and/that/ HTTP/1.0 <CRLF>
    • Date: Sun, 12 Dec 2001 18:26:28 GMT<CRLF>
    • From: client@somewhere.com<CRLF>
    • Referrer: http://www.gnu.org/index.html<CRLF>
    • <CRLF>
    • <CRLF>
http requests 2 2
HTTP requests (2/2)
  • HTTP 1.1
    • GET /this/and/that/ HTTP/1.1 <CRLF>
    • Host: www.gnu.org <CRLF>
    • Date: Sun, 12 Dec 2001 18:26:28 GMT<CRLF>
    • From: client@somewhere.com<CRLF>
    • Referrer: http://www.gnu.org/index.html<CRLF>
    • If-Modified-Since: Sun, 8 Dec 2001 14:00:00 GMT<CRLF>
    • User-Agent: Mozilla/4.5<CRLF>
    • <CRLF>

Host:header allows the server to differentiate between ambiguous URLs, such as the "/" or root URL for multiple hostnames on a single IP address (soft virtual servers)

content type negotiation

text/html;level=1 = 1

text/html = 0.7

text/html;level=3 = 0.7

image/jpeg = 0.5

text/html;level=2 = 0.4

text/plain = 0.3

default value of q: 1

  • Server selects document to return according to this list (based on availability)
  • Content types ~ MIME types
Content Type Negotiation
  • Client sends list of media types acceptable for the response
    • Accept: text/*;q=0.3, text/html;q=0.7, text/html;level=1,
    • text/html;level=2;q=0.4, */*;q=0.5
server side processing 1 4

Location: http://host/somewhere/else

Server-side Processing (1/4)
  • Is the requested document available ?
    • 404 Not Found
    • 302 Found
    • 303 See Other
    • 307 Temporary Redirect
  • Check file system access restrictions
    • 403 Forbidden
  • Check access restrictions (username, password, etc.)
    • 401 Unauthorized
server side processing 2 4
Server-side Processing (2/4)
  • Is the requested URL a directory ?
    • yes => does "index.html” exist ?
      • yes => read "index.html”
      • no => generate directory listing on the fly
    • no => read file
  • Determine MIME type for response (consult "mime.types”)
server side processing 3 4
Server-side Processing (3/4)
  • Is it an executable program ?
    • yes => start it (output of the program is the reply to the original request)
    • no => return file contents (+ admin headers, such as content-type, length, etc.)
mime types
mime.types

This file controls what Internet media types are sent to the client for given file extension(s). Sending the correct media type to the client is important so they know how to handle the content of the file.

  • application/postscript ai eps ps
  • application/x-dvi dvi
  • application/x-javascript js
  • audio/basic au snd
  • audio/mpeg mpga mp2 mp3
  • image/gif gif
  • image/jpeg jpeg jpg jpe
  • text/html html htm
  • text/plain asc txt
  • text/xml xml
  • text/x-server-parsed-html shtml
a typical reply

Status line

unique id for efficient update of cached info

Header fields

server accepts range requests

A typical Reply
  • HTTP/1.1 200 OK
  • Date: Mon, 13 Dec 2001 10:03:29 GMT
  • Server: Apache/1.3.6 (Unix) mod_ssl/2.2.7 SSLeay/0.9.0b
  • Last-Modified: Mon, 06 Dec 2001 10:07:33 GMT
  • ETag: "9f807-3291-384b8ae5”
  • Accept-Ranges: bytes
  • Content-Length: 12945
  • Content-Type: text/html
  • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
  • <HTML>
  • <HEAD><TITLE>Pooh's Asylum</TITLE></HEAD>
  • <H1>Welcome to Pooh's Asylum</H1>
  • ....
client side processing 1 2
Client-side Processing (1/2)
  • 200 OK => display document
    • Browser can display document
    • Helper application
    • Plug-in
  • 302 Found => Fetch again
    • 303 See Other, 307 Temporary Redirect
  • 4xx or 5xx => Ooops
    • error message
    • 401 => Authorization: Basic QWxfhUdasksIqexaQ==
helper applications

audio/*; play %s

application/pdf; acroread %s

image/tiff; xv %s

Helper Applications
  • New process
  • Handles content unknown to browser
  • .mailcap
client side processing 2 2
Client-side Processing (2/2)
  • HTML document ?
  • Inline images ?
    • get inline image via a new TCP connection
  • External Javascript file ?
    • get it via a new TCP connection
    • run it
  • Applet ?
    • load applet
    • start local Java and run applet
  • Frames ?
    • analyze frame structure
    • get dependent documents / frames
basic authentication rfc2617
Basic Authentication (RFC2617)

Web server

Web client (browser)

GET /auth/doc.html HTTP/1.1

Send HTTP request

Check request

=> Authentication required

Send challenge

Receive reply

HTTP/1.1 401 Authorization Required

WWW-Authenticate: Basic Realm=®ProveIt”

Send credentials

(user-id, passwd

in Base 64))

Check credentials

if OK, send document

GET /auth/doc.html HTTP/1.1

Authorization: Basic QWxhzGBRpbjpvc==

Send document

Display document

time

basic authentication config

AuthUserFile /confidential/.htpasswd

AuthGroupFile /confidential/.htgroup

AuthName ProveIt

AuthType Basic

<Limit GET>

require group FullAccess

</Limit>

/confidential/.htpasswd

hugo:HDhe91401290

rho:koqewiue10JH

/confidential/.htgroup

FullAccess: rho pooh

LimitedAccess: hugo

Basic Authentication Config

.htaccess

http requests syntax

GET /this/and/that/ HTTP/1.1

Host: www.gnu.org

Date: Sun, 12 Dec 2001 18:26:28 GMT

Referrer: http://www.gnu.org/index.html

If-Modified-Since: Sun, 8 Dec 2001 14:00:00 GMT

User-Agent: Mozilla/4.5

HTTP Requests (Syntax)

Request = Request-Line

*(( general-header

| request-header

| entity-header ) <CRLF>)

<CRLF>

[ message-body ]

Request-Line = Method <SP> Request-URI <SP> HTTP-Version <CRLF>

methods 1 5
Methods (1/5)
  • GET
    • retrieve document
    • parameters can be encoded in URL
    • http://james.bond.edu.au/robot.mc?codel=whatever
  • HEAD
    • like GET but only returns the meta-information contained in the HTTP headers
    • does not return the document itself !
methods 2 5
Methods (2/5)
  • POST
    • add entity enclosed in the request as a new subordinate of the resource identified by the URL, i.e., URL identifies the resource that will handle the enclosed entity
      • annotation of existing resources
      • posting a message to a newsgroup, mailing list, etc.
      • a block of data (as a result of submitting a form)
    • Parameters come as message body in request
      • (application/x-www-form-urlencoded)
methods 3 5

OPTIONS /ExamResults/ResultFiles/RetrieveMarks.pl HTTP/1.1

Host: www.infosys.tuwien.ac.at

HTTP/1.1 200 OK

Date: Mon, 13 Dec 1999 18:13:28 GMT

Server: Apache/1.3.6 (Unix) mod_ssl/2.2.7 SSLeay/0.9.0b

Content-Length: 0

Allow: GET, HEAD, POST, OPTIONS, TRACE

OPTIONS /index.html HTTP/1.1

OPTIONS * HTTP/1.1

Host: www.infosys.tuwien.ac.at

HTTP/1.1 200 OK

Date: Mon, 13 Dec 1999 18:15:26 GMT

Server: Apache/1.3.6 (Unix) mod_ssl/2.2.7 SSLeay/0.9.0b

Content-Length: 0

Allow: GET, HEAD, OPTIONS, TRACE

Methods (3/5)
  • OPTION: communication options available for URL
methods 4 5
Methods (4/5)
  • PUT
    • store enclosed entity under the given URL
    • create entity if necessary
  • DELETE
    • delete the entity given by URL
  • CONNECT
    • reserved (proxy => tunnel)
methods 5 5

tcsh ~ > telnet bondproxy.bond.edu.au 8080

Trying 131.244.3.45...

Connected to iris.bond.edu.au.

Escape character is '^]'.

TRACE http://www.gnu.org/ HTTP/1.1

Host: www.gnu.org

HTTP/1.1 200 OK

Date: Mon, 13 Dec 2001 18:34:34 GMT

Server: Apache/1.3.6 (Unix) mod_ssl/2.2.7 SSLeay/0.9.0b

Connection: close

Content-Type: message/http

TRACE / HTTP/1.0

Cache-control: Max-age=259200

Host: www.gnu.org

Via: 1.1 bondproxy.bond.edu.au:8080 (Squid/1.1.22)

X-Forwarded-For: 131.244.8.139

Methods (5/5)
  • TRACE: Is there anybody out there ?
http responses syntax

HTTP/1.1 200 OK

Date: Tue, 14 Dec 1999 09:42:38 GMT

Server: Apache/1.3.6 (Unix) mod_ssl/2.2.7 SSLeay/0.9.0b

Last-Modified: Mon, 06 Dec 1999 10:20:13 GMT

ETag: "ee03b-1435-384b8ddd"

Accept-Ranges: bytes

Content-Length: 5173

Content-Type: text/html

<HTML><HEAD><TITLE>Distributed Systems Group Home ...

HTTP Responses (Syntax)

Response = Status-Line

*(( general-header

| response-header

| entity-header ) <CRLF>)

<CRLF>

[ message-body ]

Status-Line = HTTP-Version <SP> Status-Code <SP> Reason-Phrase <CRLF>

conditional get

HTTP/1.1 304 Not Modified

Date: Sun, 12 Dec 2001 18:26:32 GMT

Server: Apache/1.3.6 (Unix) mod_ssl/2.2.7 SSLeay/0.9.0b

ETag: "9f807-3291-384b8ae5"

Conditional GET
  • GET /this/and/that/ HTTP/1.1
  • Host: www.gnu.org
  • Date: Sun, 12 Dec 2001 18:26:28 GMT
  • From: client@somewhere.com
  • Referrer: http://www.gnu.org/index.html
  • If-Modified-Since: Sun, 12 Dec 1999 14:00:00 GMT
  • User-Agent: Mozilla/4.5
redirect

HTTP/1.1 302 Found

Date: Sun, 12 Dec 2001 18:30:07 GMT

Server: Apache/1.3.6 (Unix) mod_ssl/2.2.7 SSLeay/0.9.0b

Location: http://www.gnu.org/this/is/Here.html

Content-Type: text/html

Content-Length: 317

<HTML><HEAD><TITLE>Document moved</TITLE></HEAD>

<BODY><H1>Document moved</H1>

This document has moved to .....

Redirect
  • GET /this/and/that/NotHere.html HTTP/1.1
  • Host: www.gnu.org
  • Date: Sun, 12 Dec 2001 18:30:01 GMT
  • User-Agent: Mozilla/4.5
advantages of http 1 1 1 2
Advantages of HTTP 1.1 (1/2)
  • Persistent connections
    • before: 1 TCP connection per inline image
    • pipeline requests and responses over 1 TCP connection
    • default behavior, but negotiable (Connection: close)
  • Hostname identification
  • Content Negotiation
    • quality factors
    • language
  • Compression (gzip, compress, ..)
  • Multi-part messages
    • transfer encoding, content encoding
advantages of http 1 1 2 2
Advantages of HTTP 1.1 (2/2)
  • Byte ranges
  • Entity Tags
  • Request and response chains
    • Proxies (HTTP-aware)
    • Gateways (application-aware)
    • Tunnels (e.g., firewalls)
    • chain members can handle multiple clients/servers
    • chain members may cache responses
  • Elaborate support for caches and proxies