Internet Protocol Analysis/Application Layer

This lesson introduces the Application layer and looks at a variety of application-layer protocols. Activities include using Wireshark to examine Hyper Text Transfer Protocol (HTTP), HTTP Secure (HTTPS), and Simple Mail Transfer Protocol (SMTP) network traffic.

Readings

 * 1)  Application layer
 * 2)  Hypertext Transfer Protocol
 * 3)  HTTP Secure
 * 4)  Transport Layer Security
 * 5)  Simple Mail Transfer Protocol

Multimedia

 * 1) YouTube: Common TCP and UDP Ports - CompTIA Network+ N10-005: 1.5
 * 2) YouTube: Application Protocols - CompTIA Network+ N10-005: 1.6
 * 3) YouTube: Telnet Client and Server Demonstration in Windows Vista and XP

Activities

 * 1) Review Wireshark: Hyper Text Transfer Protocol (HTTP).
 * 2) Use Wireshark to  capture and analyze Hypertext Transfer Protocol (HTTP) traffic.
 * 3) Review Wireshark: SSL.
 * 4) Use Wireshark to  capture and analyze HTTP Secure (HTTPS) traffic.
 * 5) Review Wireshark: Simple Mail Transfer Protocol (SMTP).
 * 6) Use Wireshark to  capture and analyze Simple Mail Transfer Protocol (SMTP) traffic.
 * 7) Consider situations in which a packet analyzer might be used to troubleshoot application layer traffic.
 * 8) Use Mozilla Thunderbird as local email client.

Lesson Summary

 * The application layer is an abstraction layer reserved for communications protocols and methods designed for process-to-process communications across an Internet Protocol (IP) computer network.
 * Application layer protocols use the underlying transport layer protocols to establish host-to-host connections.
 * The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.
 * HTTP functions as a request-response protocol in the client-server computing model.
 * HTTP uses TCP as its transport protocol and servers listen on port 80 by default.
 * HTTP defines methods that may be performed on the desired resource. Methods include GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, CONNECT, and PATCH.
 * HTTP requests include a request line, headers, an empty line, and an optional message body.
 * HTTP responses include a status line, header, an empty line, and an optional message body.
 * Hypertext Transfer Protocol Secure (HTTPS) is a widely used communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the Secure Sockets Layer / Transport Layer Security (SSL/TLS) protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.
 * HTTPS uses TCP as its transport protocol and servers listen on port 443 by default.
 * Web servers supporting HTTPS connections must have a public key certificate signed by a certificate authority the web browser trusts in order to connect without a client warning.
 * TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity.
 * TLS handshaking includes the exchange of settings, server authentication, optional client authentication, and public key encryption of a symmetric session key.
 * Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks.
 * Client applications use SMTP for sending messages to a mail server, but usually use either the Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP) or a proprietary system to access their mail box accounts on a mail server.
 * Client applications should use TCP port 587 to submit SMTP messages to a server. Servers use TCP port 25 to transfer SMTP messages to destination servers.
 * SMTP transactions include commands for MAIL, RCPT, and DATA.

Key Terms

 * abstraction layer
 * A way of hiding the implementation details of a particular set of functionality.


 * authentication
 * The act of confirming the identity of a person, software program, or computer system.


 * eavesdropping
 * The act of secretly listening to the private conversation of others without their consent.


 * hypermedia
 * A logical extension of the term hypertext in which graphics, audio, video, plain text and hyperlinks intertwine to create a generally non-linear medium of information.


 * HyperText Markup Language (HTML)
 * The main markup language for displaying web pages and other information that can be displayed in a web browser.


 * Internet Message Access Protocol (IMAP)
 * An Application Layer Internet protocol that allows an e-mail client to access e-mail on a remote mail server.


 * man-in-the-middle attack
 * A form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection.


 * Post Office Protocol (POP)
 * An application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.


 * public-key cryptography
 * A cryptographic system requiring two separate keys, one of which is secret and one of which is public.


 * stateless protocol
 * A communications protocol that treats each request as an independent transaction that is unrelated to any previous request so that the communication consists of independent pairs of requests and responses.


 * symmetric-key algorithms
 * A class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext.


 * tampering
 * The deliberate altering or adulteration of information, a product, a package, or system.


 * web cache
 * A mechanism for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag.


 * web crawler
 * A computer program that browses the World Wide Web in a methodical, automated manner or in an orderly fashion.


 * World Wide Web Consortium (W3C)
 * The main international standards organization for the World Wide Web.

Assessments

 * /Lesson Flashcards/
 * /Terms Flashcards/
 * /Quiz/