1

TABLE OF CONTENTS
1. APPLICATION LAYER
1.1. Introduction to application layer
1.2. HTTP
1.3. SMTP
2. SECURITY PROBLEMS
2.1. Security Threats
2.2. Session Hijacking
3. DESIGN ISSUE WITH APPLICATION LAYER
3.1 . Pattern Language
3.2. Service Design Patterns
4. APPLICATION PROTOCOLS
4.1. Telnet
4.2. FTP
4.3. TFTP
4.4. NFS
5. FUNCTIONS OF APPLICATION LAYER
5.1. Functions of Application Layer
5.2. Designing Issues
5.3. Services of Application Layer
5.3. Network Application Architecture
6. CLIENT AND SERVER MODEL
6.1. Client
6.2. Server
6.3. Advantages of Client Server Network
6.3. Disadvantages of Client Server Network
7. SUMMARY

2
 ABSTRACT

A majority of the internet uses a protocol suite called the Internet Protocol
Suite also known as the TCP/IP protocol suite. This suite is a
combination of protocols which encompasses a number of different
protocols for different purpose and need. Because the two major
protocols in this suites are TCP (Transmission Control Protocol) and IP
(Internet Protocol), this is commonly termed as TCP/IP Protocol suite.

3
1.1.Introduction to application Web Server and Internet Information Server
(IIS), while on client sideFirefox, Internet
layer Explorer, Mozilla and Google Chrome are
The application layer is the uppermost layer most common.
of the four-layer TCP/IP model and it merges
the three most significant layers of the OSI
model: application,
presentation and
session. This layer is
primarily concerned
with human
interaction and how
software applications
are implemented.
The application layer consists of interface
methods and underlying communication
protocols that can be applied in process-to-
process communications. It standardizes
communication and does not define specific
rules or data formats that applications need
to consider when connecting; the original
description does depend on and recommend
the general design guideline for software [2].
The application layer is concerned with
providing network services to applications. It
provides a mechanism to the next level,
transport services, for interfacing with host
programs for efficient use of network. At this
layer each application’s path and session
can be distinguished by the use of specific
sockets and port numbers.

1.2 Hypertext Transfer

Protocol (HTTP)
HTTP protocol enables the connection
between a web server and a client and also
distributes information on the World Wide
Web (WWW). It uses port number 80.On
server side, the main examples are Apache

4
 Errors on the Internet can be quite
frustrating — especially if you do not
know the difference between a 404
error and a 502 error. These error
messages, also called HTTP status
codes are response codes given by
Web servers and help identify the
requested. This means the webpage or
other document you tried to load in
your Web browser has either been
moved or deleted, or you entered the
wrong URL or document name.of type
and scrambled it to make a type specimen.
SMTP provides a set of codes that
simplify the communication of email
messages.between.emailserversessenti
ally SMTP is able to transfer only text—
it isn't able to handle fonts, graphics,
attachments .

1.3 Simple Mail Transfer

Protocol (SMTP)
SMTP is part of the application layer of
the TCP/IP protocol. Using a process
called "store and forward," SMTP
moves your email on and across
networks. It works closely with
something called the Mail Transfer
cause of the problem.. For example, Agent (MTA) to send your
"404 File Not Found" is a common communication to the right computer
HTTP status code. It means the Web and email inbox.
server cannot find the file you SMTP spells out and directs how your
email moves from your computer's
MTA to an MTA on another computer,
and even several computers. Using
that "store and forward" feature
mentioned before, the message can
move in steps from your computer to
its destinatio

2.1. Security Threats

The Open System Interconnection (OSI)
model defines a networking framework for
implementing protocols in seven layers.

5
Every layer of communication has its own unique security challenges. The
application layer communication is a very weak link in terms of security because
that the application layer application layer security is a growing area of concern for
developers, designers, quality assurance specialist and programmers. In this paper,
the authors discuss about various security aspects at application layer and its
solution.
6

Series 1
3
Series 2
Series 3
2

0
Category 1 Category 2 Category 3 Category 4

6
2.2. Session Hijacking
1. Network Level 
2. Application Level
Network Level hijacking includes TCP and UDP sessions.
Application Level hijacking occurs with HTTP Sessions.
Application Level Hijacking:
Here the valid session token is stolen or predicted to take over the session. Various
attacks involved here are-
Man in the middle attack: 
By using automated tools/spoofing methods the attacker splits the connection
between the targets into two. One connection between the client and attacker and
another one between attacker and server. Since the attacker becomes the man in
the middle, all the traffic goes through him, hence he can capture the session Id.
Cross-site scripting:
Client-side vulnerabilities like XSS attacks allow an attacker to craft a malicious
script to get the session Id from the application.
Using Proxy:
By setting up a proxy and causing the traffic to flow through the proxy, one can
capture the session Id details.
Man-in the–Browser:
By installing a Trojan in the victim’s browser will notify the attacker the session Id.

7
 Factors for Successful Session Hijacking

● Weak session ID generation algorithm: Most websites are using linear

algorithms based on easily predictable values such as time or IP address for
generation of session ID.
● Indefinite session expiration time: The session ID's that have an indefinite
expiration time provides an attacker ample time to guess a legitimate session
ID.
● Clear text transmission: The session ID is often sniffed across a network
easily if the SSL is not being employed while the cookie is transmitted to and
from the browser.
● Small Session ID: Although cryptographically a robust algorithm is used, a
legitimate session ID may be determined easily if the length of the string is
small.
In-Process Caching
In-process caching enables objects to be stored in the same instance as the
application, i.e. the cache is locally available to the applic.ation and shares the same
memory space.
Here are some important points for considering in-process caching:

● If the application is deployed only in one node, i.e. has a single instance, then
in-process caching is the right candidate to store frequently accessed data
with fast data access.
● If the in-process cache will be deployed in multiple instances of the
application, then keeping data in sync across all instances could be a
challenge and cause data inconsistency.
● If server configurations are limited, then this type of cache can degrade the
performance of any application since it shares the same memory and CPU. A
garbage collector will be invoked often to clean up objects that may lead to
performance overhead

8
Application Cache
An application cache is a local cache that an application uses to keep frequently accessed
data in memory. An application cache evicts entries automatically to maintain its memory
footprint.
Hybrid Cache
A hybrid cache is a combination of a cache provided by standard ORM framework
and open-source/custom/JDBC API implementations. An application can use a
hybrid cache to leverage cache capability that's limited to standard ORM framework.
This kind of cache is used in mission-critical applications where response time is
significant.
Caching Design Considerations
Caching design considerations include data loading/updating, performance/memory
size, eviction policy, concurrency, and cache statistics.
Various Cache Solutions
There are various Java caching solutions available — the right choice for you
depends on your use case. Here are some questions and comparisons that can
assist in identifying the most cost-effective and feasible caching solution for you.

● Do you need a light-weighted or full-fledged cache solution?

● Do you need an open-source, commercial, or framework-provided cache
solution?
● Do you need in-process or distributed caching?

9
2.1. Mail Service
This layer provides the basis for E-mail forwarding and A mail server (sometimes also
referred to an e-mail server) is a server that handles and delivers e-mail over a network, usually
over the Internet. A mail server can receive e-mails from client computers and deliver them to other
mail servers. A mail server can also deliver e-mails to client computers. A client computer is normally
the computer where you read your e-mails, for example your computer at home or in your office.
Also an advanced mobile phone or Smartphone, with e-mail capabilities, can be regarded as a client
computer .

Simple Mail Transfer Protocol(SMTP) - TCP Port 25 Post Office

Protocol(POP) - UDP Port 110
As shown in the figure, E-mail service works with protocols Post Office
Protocol(POP) and Simple Mail Transfer Protocol(SMTP). The Mail User
Agent(MUA) allows messages to be sent and places received messages into the
client’s mailbox.

The e-mail server operates two separate processes:

● Mail Transer Agent(MTA) - used to forward e-mail

● Mail

2.2 . Network Virtual Terminal

10
In computing, a virtual terminal (VT) is a program that emulates the functionality of
a classic terminal used during the early days of computing for accessing a server or
a corporate mainframe.
In e-commerce, a virtual terminal is a Web-based solution that allows merchants to
process credit card transactions. It is an alternative to a swipe machine.
A virtual terminal is also known as a terminal emulator.
A virtual terminal allows a PC to connect to a remote server, usually to perform a
file transfer or run an application. In the past, this functionality used to be
performed by a physical terminal, but is now emulated in software. The PC and the
server may be running different operating systems, but can communicate using
well-known network protocols such as Telnet, SSH, FTP, etc. A virtual terminal
normally has a command-line interface, which requires typing cryptic commands to
communicate with a server.

11
2.3 . Directory Services
Directory services are software systems that store, organize and provide access to
directory information in order to unify network resources. Directory services map
the network names of network resources to network addresses and define a naming
structure for networks.
The directory service provides transparency to protocols and network topology,
permitting users to access resources without having to be aware of the physical
location of the devices. It’s an important component of the network operating
system and is a central information repository for a service delivery platform.

[Free Harvard Research Report] Getting Workers More Comfortable With

Technology Beyond Productivity Gains

Techopedia explains Directory Services

Directory services are network services that identify every resource such as email
address, peripheral devices and computers on the network, and make these
resources accessible to users and applications.
Specific directory services called naming services map the names of resources in the
network to the respective network address. This directory service relieves users
from having to know the physical addresses of network resources. Directory
services also define namespaces for networks, which hold one or more objects as
name entries.
Directory services hold shared information infrastructure to administer, manage,
locate and organize common items and network resources. It is also a vital
component of network operating systems.
Two of the most widely used directory services are Lightweight Directory Access
Protocol, which is used for email addresses, and Netware directory service, which is
used in Novell Netware networks.

12
In computing, directory service or name service maps the names of network
resources to their respective network addresses. It is a shared information
infrastructure for locating, managing, administering and organizing everyday items
and network resources, which can include volumes, folders, files, printers, users,
groups, devices, telephone numbers and other objects. A directory service is a
critical component of a network operating system. A directory server or name
server is a server which provides such a service. Each resource on the network is
considered an object by the directory server. Information about a particular
resource is stored as a collection of attributes associated with that resource or
object.
A directory service defines a namespace for the network. The namespace is used to
assign a name (unique identifier) to each of the objects. Directories typically have a
set of rules determining how network resources are named and identified, which
usually includes a requirement that the identifiers be unique and unambiguous.
When using a directory service, a user does not have to remember the physical
address of a network resource; providing a name locates the resource. Some
directory services include access control provisions, limiting the availability of
directory information to authorized users.

13
So far, FTAM, like other OSI protocols, has not caught on as a useful system for
transferring files between different vendor systems in the LAN environment. Many of
the implementations so far have failed to interoperate with one another. FTAM has
worked well as a way to bring mainframe information systems into distributed
environments.

14
4 DESIGN ISSUE WITH APPLICATION LAYER.

4.1 Pattern Language

A pattern language is a method of describing good design practices or patterns of

useful organization within a field of expertise. The term was coined by architect
Christopher Alexander and popularized by his 1977 book A Pattern Language.
A pattern language can also be an attempt to express the deeper wisdom of what
brings aliveness within a particular field of human endeavor, through a set of
interconnected patterns. Aliveness is one placeholder term for "the quality that has
no name": a sense of wholeness, spirit, or grace, that while of varying form, is
precise and empirically verifiable. Some advocates of this design approach claim
that ordinary people can use it to successfully solve very large, complex design
problems.
When a designer designs something – whether a house, computer program, or lamp
– they must make many decisions about how to solve problems. A single problem is
documented with its typical place (the syntax), and use (the grammar) with the
most common and recognized good solution seen in the wild, like the examples
seen in dictionaries. Each such entry is a single design pattern. Each pattern has a
name, a descriptive entry, and some cross-references, much like a dictionary entry.
A documented pattern should explain why that solution is good in the pattern's
contexts.
Elemental or universal patterns such as "door" or "partnership" are versatile ideals
of design, either as found in experience or for use as components in practice,
explicitly described as holistic resolutions of the forces in recurrent contexts and
circumstances, whether in architecture, medicine, software development or
governance, etc. Patterns might be invented or found and studied, such as the
naturally occurring patterns

15
Like all languages, a pattern language has vocabulary, syntax, and grammar – but a
pattern language applies to some complex activity other than communication. In
pattern languages for design, the parts break down in this way:

● The language description – the vocabulary – is a collection of named,

described solutions to problems in a field of interest. These are called design
patterns. So, for example, the language for architecture describes items like:
settlements, buildings, rooms, windows, latches, etc.
● Each solution includes syntax, a description that shows where the solution fits
in a larger, more comprehensive or more abstract design. This automatically
links the solution into a web of other needed solutions. For example, rooms
have ways to get light, and ways to get people in and out.
● The solution includes grammar that describes how the solution solves a
problem or produces a benefit. So, if the benefit is unneeded, the solution is
not used. Perhaps that part of the design can be left empty to save money or
other resources; if people do not need to wait to enter a room, a simple
doorway can replace a waiting room.
● In the language description, grammar and syntax cross index (often with a
literal alphabetic index of pattern names) to other named solutions, so the
designer can quickly think from one solution to related, needed solutions, and
document them in a logical way. In Christopher Alexander's book A Pattern
Language, the patterns are in decreasing order by size, with a separate
alphabetic index.
● The web of relationships in the index of the language provides many paths
through the design process.

This simplifies the design work because designers can start the process from any
part of the problem they understand and work toward the unknown parts. At the
same time, if the pattern language has worked well for many projects, there is
reason to believe that even a designer who does not completely understand the
design problem at first will complete the design process, and the result will be
usable. For example, skiers coming inside must shed snow and store equipment.
The messy snow and boot cleaners should stay outside. The equipment needs care,
so the racks should be inside.

4.2 Service Pattern Designs

In computer programming, the proxy pattern is a software design pattern. A
proxy, in its most general form, is a class functioning as an interface to something
else. The proxy could interface to anything: a network connection, a large object in
memory, a file, or some other resource that is expensive or impossible to duplicate.

16
4. APPLICATION PROTOCOLS

4.1 TELNET

Telnet is a protocol that allows you to connect to remote computers (called hosts)
over a TCP/IP network (such as the internet). Using telnet client software on your
computer, you can make a connection to a telnet server (that is, the remote host).
Once your telnet client establishes a connection to the remote host, your client
becomes a virtual terminal, allowing you to communicate with the remote host from
your computer. In most cases, you'll need to log into the remote host, which
requires that you have an account on that system. Occasionally, you can log in as
guest or public without having an account.
Telnet clients are available for all major operating systems.

17
4.2 File Transfer Protocol (FTP)
The File Transfer Protocol (FTP) is a standard network protocol used for the
transfer of computer files between a client and server on a computer network.
FTP is built on a client-server model architecture using separate control and data
connections between the client and the server.[1] FTP users may authenticate
themselves with a clear-text sign-in protocol, normally in the form of a username
and password, but can connect anonymously if the server is configured to allow it.
For secure transmission that protects the username and password, and encrypts the
content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File
Transfer Protocol (SFTP).
The first FTP client applications were command-line programs developed before
operating systems had graphical user interfaces, and are still shipped with most
Windows, Unix, and Linux operating systems.[2][3] Many FTP clients and automation
utilities have since been developed for desktops, servers, mobile devices, and
hardware, and FTP has been incorporated into productivity applications, such as
HTML editors.
The original specification for the File Transfer Protocol was written by Abhay
Bhushan and published as RFC 114 on 16 April 1971. Until 1980, FTP ran on NCP,
the predecessor of TCP/IP.[2] The protocol was later replaced by a TCP/IP version,
RFC 765 (June 1980) and RFC 959 (October 1985), the current specification.
Several proposed standards amend RFC 959, for example RFC 1579 (February
1994) enables Firewall-Friendly FTP (passive mode), RFC 2228 (June 1997)
proposes security extensions, RFC 2428 (September 1998) adds support for IPv6
and defines a new type of passive mod

18
Command-line telnet clients are built into most versions of macOS, Windows, Unix,
and Linux. To use these clients, go to their respective command lines (that is, the
Terminal application in macOS, the shell in Unix or Linux, or the DOS prompt in
Windows).:
Historically, Telnet provided access to a command-line interface on a remote host.
However, because of serious security concerns when using Telnet over an open
network such as the Internet, its use for this purpose has waned significantly in
favor of SSH.
The term telnet is also used to refer to the software that implements the client part
of the protocol. Telnet client applications are available for virtually all computer
platforms. Telnet is also used as a verb. To telnet means to establish a connection
using the Telnet protocol, either with a command line client or with a graphical
interface. For example, a common directive might be: "To change your password,
telnet into the server, log in and run the passwd command." In most cases, a user
would be telnetting into a Unix-like server system or a network device (such as a
router).

19
4.3 TFTP (Trivial File Transfer Protocol)
The Trivial File Transfer Protocol (TFTP) is a protocol layered on the User Datagram transport Protocol
(UDP) used over the Internet Protocol (IPv4 or IPv6).
TFTP is a very simple file transfer protocol. It was first specified in 1980 and provides functions to copy
files across a network (a very basic form of FTP). It is defined in [RFC2347]. Since it is so simple, it is
easy to implement in a very small amount of memory, an important consideration at that time it was
defined. TFTP is therefore sometimes useful for booting or loading the configuration of systems (such as
routers, thin client, and wireless base stations) which do not have data storage devices. TFTP has no
authentication or encryption mechanisms, and generally provides the same access to all files in the tftp
directory. Due to this lack of security, use of tftp can be dangerous over the open Internet. Therefore,
TFTP is generally only used on private local area networks for applications where ftp would be too
expensive or difficult to implement (e.g. down-loading firmware, software and configuration data to
network devices).
The service uses the well-known UDP port of 69. Since TFTP utilises UDP, it has to supply its own
session support. Each file transferred via TFTP constitutes an independent exchange.
The initiating client host sends either an RRQ (read request) or WRQ (write request) packet, containing
the filename and the transfer mode.
The server responds to a received DATA packet with an ACK (acknowledgement) packet if it receives a
WRQ message and with a DATA packet if it received an RRQ message (this also indicates the ports in use
to the client).
The sending host then sends numbered DATA packets to the destination host after receiving each ACK
message. All but the last message contains a full-sized block of data. The destination host replies with
numbered ACK packets for each received DATA packet. This forms a simple ARQ protocol, providing
retransmission when a packet is lost.
The final DATA packet must contain less than a full-sized block of data (including possibly zero bytes) to
indicate that it is the last block of the transfer.
This data transfer is performed in lockstep. Only one packet (either a block of data, or an
'acknowledgement') is ever in flight on the network at any time. Due to this lack of windowing, TFTP has
a low throughput over high latency (delay) links.

20
4.4 NETWORK FILE SYSTEM (NFS)

Network File System (NFS) is a distributed file system protocol originally

developed by Sun Microsystems (Sun) in 1984,[1] allowing a user on a client
computer to access files over a computer network much like local storage is
accessed. NFS, like many other protocols, builds on the Open Network Computing
Remote Procedure Call (ONC RPC) system. The NFS is an open standard defined in a
Request for Comments (RFC), allowing anyone to implement the protocol.

21
4.5 Simple Mail Transfer Protocol (SMTP)

Email is emerging as one of the most valuable services on the internet today. Most
of the internet systems use SMTP as a method to transfer mail from one user to
another. SMTP is a push protocol and is used to send the mail whereas POP (post
office protocol) or IMAP (internet message access protocol) are used to retrieve
those mails at the receiver’s side.

SMTP Fundamentals
SMTP is an application layer protocol. The client who wants to send the mail opens a
TCP connection to the SMTP server and then sends the mail across the connection.
The SMTP server is always on listening mode. As soon as it listens for a TCP
connection from any client, the SMTP process initiates a connection on that port
(25). After successfully establishing the TCP connection the client process sends the
mail instantly.

SMTP Protocol

The SMTP model is of two type :

1. End-to- end method

2. Store-and- forward method

The end to end model is used to communicate between different organizations

whereas the store and forward method are used within an organization. A SMTP
client who wants to send the mail will contact the destination’s host SMTP directly in
order to send the mail to the destination. The SMTP server will keep the mail to
itself until it is successfully copied to the receiver’s SMTP.
The client SMTP is the one which initiates the session let us call it as the client-
SMTP and the server SMTP is the one which responds to the session request and let
us call it as receiver-SMTP. The client- SMTP will start the session and the receiver-
SMTP will respond to the request.

22
Version 2 of the protocol (defined in RFC 1094, March 1989) originally operated only
over User Datagram Protocol (UDP). Its designers meant to keep the server side
stateless, with locking (for example) implemented outside of the core protocol.
People involved in the creation of NFS version 2 include Russel Sandberg, Bob Lyon,
Bill Joy, Steve Kleiman, and others.[1][4]
The Virtual File System interface allows a modular implementation, reflected in a
simple protocol. By February 1986, implementations were demonstrated for
operating systems such as System V release 2, DOS, and VAX/VMS using Eunice.[4]
NFSv2 only allows the first 2 GB of a file to be read due to 32-bit limitations
Version 3 (RFC 1813, June 1995) added:

● support for 64-bit file sizes and offsets, to handle files larger than 2 Gigabytes
(GB);
● support for asynchronous writes on the server, to improve write performance;
● additional file attributes in many replies, to avoid the need to re-fetch them;
● a READDIRPLUS operation, to get file handles[5] and attributes along with file
names when scanning a directory;
● assorted other improvements.

Version 2 of the protocol (defined in RFC 1094, March 1989) originally operated only
over User Datagram Protocol (UDP). Its designers meant to keep the server side
stateless, with locking (for example) implemented outside of the core protocol.
People involved in the creation of NFS version 2 include Russel Sandberg, Bob Lyon,
Bill Joy, Steve Kleiman, and others.[1][4]
The Virtual File System interface allows a modular implementation, reflected in a
simple protocol. By February 1986, implementations were demonstrated for
operating systems such as System V release 2, DOS, and VAX/VMS using Eunice.[4]
NFSv2 only allows the first 2 GB of a file to be read due to 32-bit limitations
Version 3 (RFC 1813, June 1995) added:

● support for 64-bit file sizes and offsets, to handle files larger than 2 Gigabytes
(GB);
● support for asynchronous writes on the server, to improve write performance;
● additional file attributes in many replies, to avoid the need to re-fetch them;

23
5.1

24
25
26
27
6.1 . CLIENT AND SERVER MODEL

28
29
30