Lab 1 - The Application Layer

Application layer messages (data)

All messages sent in a network pass through each of the network layers. Because of this, special terms have been adopted for the "messages" of each layer. The term frame denotes an information unit whose source and destination is a data link-layer entity. The term packet denotes an information unit whose source and destination is a network-layer entity. Finally, the term message denotes an information unit whose source and destination entity exists above the network layer (i.e, application layer).

The top layer, the application layer, is responsible for managing the interface to the user and include such network applications as electronic mail (email), file transfer protocol (FTP), and Telnet. In general, messages have the following format:

Header

Data

In this exercise, you will examine the application layer language for the World Wide Web, HyperText Transfer Protocol or HTTP. An HTTP request from the Web client (i.e., the browser) is typically a request for some piece of information in Web space. For example, typing http://www.iupui.edu into the location box requests IUPUI's home page from the campus' Web server.

HTTP should not be confused with HTML (Hypertext Markup Language) which also has headers. HTTP is used by the network application (in this case, the Web browser and Web server) to synchronize communications (sent and received by both browsers and servers) and is typically not displayed. HTML is used to format the data sent from server to client and is almost always displayed. A typical HTTP message (from the server to the browser) looks as follows:

Header (HTTP)

HTTP data (HTML Head)

HTTP data (HTML Body)

In this lab, we also examine email messages. Email, the most common application on the Internet, also has its own language. Mail messages are passed through a network of mail transfer agents (MTAs) using a common language such as simple mail transfer protocol (SMTP). Mail is exchanged between the final MTA and the email client or mail user agent (MUA) using a separate set of standards (e.g., POP or IMAP).

Header (SMTP)

SMTP data (email message)

In later exercises, we will see how the lower layers "encapsulate" messages from higher level layers, treating the entire upper layer message as their own data and attaching a new header of their own. Applications, although they communicate using the OSI "stack", "perceive" that they are communicating directly with each other. This means that applications designers can create applications without having to worry about the details of the lower layers. For example, a Web browser only needs to be able to speak with names (i.e., URLs) and not the numbers of the addresses used by the lower layers. (Note: The following figure is based on the OSI model. The application layer of the Internet model used in the text includes the Application, Presentation, and Session layers of the OSI model resulting in a 5 rather than 7 layer model).

Application layer tools

HTTP is used by the Web browser but is not displayed like HTML. To view HTTP messages you will need an HTTP header viewer like the following:

Web-based
Rex Swain's HTTP Viewer	http://www.rexswain.com/httpview.html
Delorie Software's HTTP Header Viewer	http://www.delorie.com/web/headers.html
Web-Sniffer	http://web-sniffer.net
Requires Installation
Gibson Research's ID Serve	http://grc.com/id/idserve.htm
HTTPwatch	http://www.httpwatch.com/download
IE Watch	http://www.iewatch.com/downloads.aspx

Many email programs also filter a larger portion of the header (SMTP) information. The following resource details how to extract this header information most of the major email clients

Email header information for various email clients

Application layer exercise

Does the search engine Google (http://www.google.com) set a cookie (Set-Cookie:) ?
What version of HTTP does Google's server "speak"? Does it use the "highest" version or simply match the version of the request?
Complete the following table

Web Site	(Content-Type) (Content-Length:) if reported	Server software (Server:)
www.iupui.edu/graphics/nav/homePageLogo.gif
www.ua.edu
indy.kelley.iupui.edu

Use an email message from a newsletter or your personal email to answer the following questions. Be sure to include a printout of the header of this message. Alternatively you may use one of the following email headers (Header 1 , Header 2, Header 3, Header 4).

From what email server did the message originate?
What is the name of the last email server to receive this message?

Application layer thought exercise

Since the application layer has no knowledge of what communication is taking place in the layers below, the application commands and responses must contain enough information to allow for successful communication without help from the lower layers. What commands and responses do you think are included in the HTTP language? That is, pretend that you are "re-writing" the HTTP standard. What things would the Web server and Web browser need to say to each other for successful communication. [Hint: there is an RFC on the commands (i.e., "methods") and responses (i.e., "status codes") involved in HTTP communications].
Like in spoken, language, each application protocol has certain character tics that may translate to either unique strengths or unique weaknesses/vulnerabilities. For, example, many romance languages can express the thought "Do you understand?" in a single word (e.g., "¿Comprendé?"). One protocol, Telnet allows you to remotely perform any action as though you were physically in front of the computer. What would be a weakness/threat of this capability? (Hint: IU recently discontinued Telnet access for this very reason).

Application layer references

Application layer protocol reference page

A tutorial on HTTP

HTTP 1.1 RFC (the complete standard)

How to read email headers

A tutorial on email headers (longer version)

The Register - MSN deliberately breaks Opera's browser, claims company

Why doesn't MSN work with Opera

Security

Microsoft Baseline Security Analyzer (Windows download)