1. Hypertext Transfer Protocol (HTTP) Part 1
We’ve already discussed the lower layers of our OSI model, presentation, datalink network and transport Layer before we talk about Http, let’s discuss first the upper layer of our OSI model and these three upper layers session, presentation and application is consolidated into just one layer for the TCP IP model and we call it just the application layer. These three layers of the OSI model consists of session and if you recall in our previous TCP discussion where the client sends Sin or TCP scene to the server and as the server receives the TCP traffic, it will reply back with TCP sync and the client completes the TCP three way handshake with Tcpac.
Now, as soon as this TCP three way handshake completed, it will create a session. And this session is responsible for continuous exchange of information between the two nodes. Session Layer it doesn’t only create a session, but it also has the ability to terminate the connection between local and remote application. Next is the presentation layer and the presentation layer. This is where the formatting data at the source device for receiving device occurs. It is more well known for enabling character encoding, compression, encryption and decryption. And lastly we have the application layer. This is where the exchange of data between programs from source to destination server occurs.
Now application Layer this is the layer that is closest to the end user. Think about it. You as a user, not the technical user guy, not the network engineer or the system administrator or any It professional. Think about it. When you access or connect to the Internet, the most important thing for you is to have this application available so that you can access it. Whether it’s a web based application, email application in your smartphone, I’m pretty sure you have plenty. You have gaming application, social media application, transport application, or even dating application. Again, it’s the user who interacts with this application.
And the most important thing is that these applications are available and you can access it. Now, all three layers use this data as their protocol data unit or the transmission.And as you recall from our previous slide, all these three layers is consolidated into just one layer the application layer for the TCP IP model. Most applications are client server base where the client is probably you and you together with your PC or laptop, desktop or even mobile devices. And this client are the one who do the application request to a service. The other end are servers. And inside the servers we have application or applications running. Most application uses unique protocol numbers.
They also have different transports. Sometimes an application uses UDP, sometimes TCP, or sometimes both. Here’s a list of applications that may run in our servers. First, we have the domain name System, or DNS. It’s listening to TCP or UDP port 53. DNS is the one who translates domain names such as fa. com Zurion. com into an IP address. Because we as humans can remember names better versus a bunch of numbers. And maybe you’re thinking I know the IP address of this website or our company’s servers. Yes, you may know some IP address of websites, but I am pretty sure your knowledge of IP address or the IP address that you remembers are very limited. We also have the bootstrap protocol.
This is superseded by our Dhcp or Dynamic Host Configuration Protocol which listens to UDP port 68 on the client side, 67 on the server side. Again, this Hcp allows us to assign IP address to the client station at startup. We also have Smtp or Simple Mail Transport protocol. This is listening to TCP port 25. And this enables clients to send email to the mail server. And we also have pop three because it’s running on version three. Post office protocol. Listening on TCP port one 10 Internet Message Access protocol or Imap. Listens to TCP nine nine, three now, these two applications is used to enable clients to receive email messages from the web, excuse me, from an email server.
Now, the Smtp sends email. It is an outbound type of application, while pop three on Imap Retrieves or it’s an email application that is designed for inbound SNMP or Simple Network Management Protocol. This listens on UDP 161 and for the top, UDP 162. Now, this application is used for collecting and organizing information about managed device on IP network. Now, our goal is also to monitor devices whether we want to track their interface, their routing, their health, or it can also be used for security related events. We have the network time protocol, or NTP. It listens on port one two three on both UDP and TCP Transport.
And this protocol is used for clock synchronization between computer Systems File Transfer Protocol or fTPM. It listens to port 21 for the command channel and then port 20 for the data channel. Now, this application is used for us to upload or download files. How it works is like this. You connect to an FTP application and you provide your username and password. Once you’re logged in, you can choose what files to be downloaded in a specific directory. Now, take note that FTP has two types. We have the Active and the Active uses the port 20 for the data channel. We also have passive. Passive is a bit different when it comes to port numbers because it doesn’t use port 20, but it uses a different port number which is random numbers.
We have also the trivial FTP and the Tftp is listening to port 69, UDP, which is someone’s favorite number. And the goal for Tftp is to download and upload file faster than FTP. It is unreliable, but it is faster because it’s using UDP. Both FTP and Tftp is unsecured because they are using plain text as it sends traffic over the network. We have also Telnet and it listens to TCP port 23. Telnet is an application that allows us to access devices and execute commands in a command line like FTP and Tftp. Telnet is also unsecured because it’s using also plain text. We have the Secure Shell, or Ssh. It’s using TCP port 22, and it works like Telnet. The difference is Ssh is secure because we are encrypting traffic as it sends over the network.
Now, Ssh is not just one application that listens to TCP port 22. It has a suite of applications under Ssh protocol suite. We also have Ssh file transfer applications and Ssh file transfer protocol. Or Sftp. Works like FTP, but the difference is it is secured. Alan is listening to TCP port 22. We also have scp or secure. Copy. This allows us to copy, upload or download a file using one command in a command line. But unlike Tftp, this is connection oriented, reliable, and secured. We have hypertext transfer protocol. Http and the secure version. Https hypertext transfer protocol secure. Okay, one listens to port 80, which is the default for all web browsers. The other is using TCP port 443. We’re going to talk about Http and Https in detail later, etcetera.
2. Hypertext Transfer Protocol (HTTP) Part 2
Let’s talk about Http in more detail. First, Http is a Tcpbased application that is listening on port 80. It also allows Webbased application to communicate and exchange data. And when you use Http, you will receive web pages, right? And the web pages deliver different kinds of content. This content can be images, videos, audios or document files such as PDF. So the more commons are text plus the colors, the more text. But again, you also have many different contents. Also Http or on the web pages can be static, dynamic or interactive. Now let’s talk about Http attributes. First of all, Http is a client and server based type of application. And when I say client server based, you will have here a client.
Let me redraw it. You have here a client and you have here a server. Now let’s talk first about the client. Now the client must run a software applications that may communicate to the server and take note client, server, Http. They must pick both Http. So on the client side, we can use or run a software application called the Web browser. Now, web browser is you can also use Cli based communication or Http communication and the more popular would be Curl. Now let’s first use the web browser. So on the client again, I am going to open a web browser. And there are many different web browsers. You have the Microsoft Ie. We also have the Mozilla Firefox or Google Chrome.
Now, in a web browser you can specify the destination of the web servers through what we called address bar. So it is located on the top of the web browser, not the most stuff, but around the top. And this is what we call the address bar. And inside the address bar you specify Http and the URL. Now, what is the URL? This is the Uniform Resource locator. And this is where you specify the destination of the web browser or excuse me, the web server. It can be IP based, it can be name, or it can be the most common one, especially in the Internet fully qualified domain name. Now, fully qualified domain name examples are f five or I can add www. zurion. com or many others.
Okay, now the way it works in the Internet that we use name for the web destination, but this will be translated to an IP address. It also looks for the top level domain and this domain. Now, we’re going to talk about more on DNS later. But assuming that these names are already translated to an IP address, this is where the time that the client will start initiating Http request.Okay? Now also take note in the web browser that by default it is using an application called Http. And this is requesting to port 80. So this is TCP port 80. Maybe you’re thinking, can this be changed to non TCP port 18? Yes, as a matter of fact, you can just add S after P and it will use Https listening on or sending requests to a server listening on port four four three, but by default is already Http and it is not mandatory to add it manually.
You can just type f five zurion. com or your destination website. Now, another attribute of Http application is it is a connection list protocol or connectionless application. When I say connectionless, this is not related to UDP because UDP is connectionless on the layer for transport. We already know that Http is using a connection oriented transport which is TCP. When I say connectionless application, it’s like this I have a client and we have a server. Now, first thing it will do is the client do the TCP three way hanging, right and it will start sending a request. Let’s add a connection here and let’s just summarize ECP three way handshake. The first thing it will do is send a request.
Now, as the client sends requests and it was successful, it will disconnect from the server. Now, the server will process and if the response is ready, it will reestablish the connection back to the client and it will send the response. So, the third step is reestablished and the fourth is the response. As you can see, the client disconnects before Http server do the response. That is the meaning of connectionless application. Now, the third attribute of Http is it is stateless when I mean stateless this client and this server, they know only each other during the transaction process during the transaction, which means request and response. Now, when the request in response entire transaction is complete, they disconnect.
Now, if they want to connect again, they should do or redo the entire process, which means another transaction, another request and response. In short, Http is not a long leave application such as Ssh, Telnet, FTP and other long leave applications. Now, just to add from the first attribute of Http’s client server application, right? So we’ve already identified what are the requirements on the client side. Now, on the server side, our server or our Http server must run a web server. Now, there are many types of or many examples of web servers. This can be Apache, which is used to be the most common, the most well known web server. We also have a Windows based like Iis and we also have the more advanced web server which is Nginx.
3. Hypertext Transfer Protocol (HTTP) Part 3
I borrowed our previous topology where we have a client and a web server. Now, how it starts is when the client starts communicating to our web server. First it will send TCP. Scene. Scene. Ack and AK. As the TCP three way handshake completes, it will form a session and the client, it will start the Http requests. Now, when the server processes it and ready to respond, it will reestablish a connection and it will provide the client, specifically the web browser, a web files. Now, there are many different web files, but the most common is HTML. What is HTML? Stands for hypertext markup Language. And this is the language that can understand by our web browser.
Okay? Now this is the web browser who provides web services and it has requirements. But first, the minimum requirements of a web server. The simplest is quite simple. You have to choose one of these web servers. Here we have Apache. If you want to have a more advanced web services, you may use NGX. Or if you are using a Windows environment, you may want to choose Iis. Okay, so it’s a web server. You can choose one of these and it should run in an operating system and that’s it. Plus you should have at least one HTML file. But by default, all of these web servers already have an index HTML for testing and index. HTML also serves as the home page.
You don’t need to create one because by default it’s already added. Now, as I mentioned, this is the basic simplest way to test your web browser. But take note, if you’re using web browser only excuse me, web server only and you’re using just HTML web files. This is just a static web page or web pages. If you want to deploy a more advanced, fullfledged and dynamic website, you may want to consider deploying or using a web development platform. And there are many web development platform out there. But Lamp spells as Lamp probably the most common. It is also recommended for starters. Okay, let’s talk about Lamp. L stands for Linux, which is the operating system. Okay? And this is running if you have one or more physical or virtual servers.
We also have the Apache, which as I mentioned, this is our web server. And this is listening to TCP port 80. It also contains or may provide many different features such as compression, caching and other security related features. Next is MySQL Now MySQL, this is the database and database.This contains information that may be used in our web pages. So I’m going to add here a separate database server. I will add DB and for those who are not familiar how a database server works, it’s just a bunch of tables. And from there you will have all of the data you may need on your web applications. So I’m going to add more tables here. There you go. And this is residing in our database servers. Now, probably the most important is the application.
This is your PHP. Now PHP is not just the application, this is also our programming language script and again the application. Now PHP is what makes our website dynamic because what you have here is a strip that can execute command syntax and you will see a lot of command syntax, such as if else for loops, switch, it has a lot of variables and many different functions. Always remember this PHP, this application or the script, it is executed on the server side. So when it’s executed here on the server side and the web browser of the client will download it, it doesn’t see the script itself, it won’t see if else, it won’t see a variable. What it will see is an HTML converted files. Now, I’m going to add here the app which is the PHP.
And PHP also the one who connects to the database. He’s the one who’s pulling this data or information. PHP can also add data into the database. For example, you have a page that is a form used for registration. So if you are a new registrant, you input your username, your first name, your last name, your password, your email address. PHP will process it and it will add it to the database. PHP also communicate to the web server because web server is the one who’s been contacted by the client. But PHP or the application provides the script or the application, the web application itself. So I’m going to add here connects to the database server. There’s another script that you may hear about and this is called JavaScript.
Now JavaScript is just an additional script that you may want to implement if you want to use more complex things. And maybe you’re thinking why do you want to add more complex things? Well, it helps your website to look better and provide more information. These are 2D or 3D graphic images. You also have interactive maps, content updates and many more. Now take note that JavaScript is executed on the client side. Even though the script is residing on one of these servers, it can be on the PHP application servers. But once the client downloaded your web files, in this case it can be HTML. It can also be a PHP file. The JavaScript will be executed on the client browser and you will actually see the command syntax, the ifels, the variables from the client web browser.
4. Hypertext Transfer Protocol (HTTP) Part 4
All right, so let’s do another whiteboarding session. This time we’re going to discuss Http messages. Now, Http messages may body depends if it is an request or Http request on Http response. So I will add here may body if it is Http request and response. Now this also be identified if the message is coming from the client sent to the server or coming from the server sent back to the client. Now, since this is provided by our Http application, an Http is a protocol. It is defined by rules. Now the format of Http message is something like this. First we have the start line and we have the Heather. And down below here we have the body.
All right? Now from the start line it really depends if it’s an Http request or response. But either they will provide this information. It’s called the http version. Now for Http requests we add method. What is method? Well, method is the task given to the server. It simply tells the server a server please do this. We also have the path to the file and sometimes we call this Uri. Now if this is an Http response we’ll get the Http status code. Okay? Now for the header, this is always be a key or name value pair name and then a value name two and the value name three and the volume. Now for the body, this is the actual data. Now this is a data sent by the client to the server or a data sent by the server back to the client.
Now always take note that this Http message, the start line header and the body, all of these are plain text information, okay? So they are not encrypted. Now let’s take a closer look and provided you an example what Http request looks like. So we’re just going to copy the format, but this time it is specifically for Http request. Format is the same. We have the start line, we have the header and we have the body. Now the start line for Http requests like we mentioned, this is the method. Now the method again, this is the request or this is what the client is telling the server what to do. And most of the time maybe around 70% or maybe even more.
The method that we always use when we request to the web server is Get. Okay? And the path to the file or the Uri would look like this a directory and the file, let’s say song PHP. Then this is followed by the Http version. Let’s say this is Http version one one.Now inside the header these are the information provided by the client web browser. So the first thing that you will see is the requested host. Let’s say this is Zurion. com. We also have the accept information. Let’s say this is the accept content text HTML. We can also have the accept language and I can add here NUS. So these are the example of Http request header and we can also add more Http request header like Http cookies, the compression that this client web browser can accept the referral, and many more.
Now in the Http request body, this is the data that is sent by the client to the server. Most of the time this is black unless there are some data that needs to be set. The best example of these is using a post method. Now if we’re using a post method instead of Get and a post method, this is used by a form. If you’re going to submit an HTML form, for example, you are a new user and you need to register a new account. So you need to include or fill up the form including your username, your first name, your last name, your email address, your password and then if you click Submit, the Http request is a method of post.
Now, a common example also if you’re logging in in a web portal you provide or you supply your username and the password click Login so the username and password username and your password information will be included in the Http request body and this is the data that is sent to the server. Now for the Http response I’m all going to use the same format where we have the status code excuse me, the Start line we have the header and we have the body. Now for Http response start line we have the status code assuming that our request to Zurion. com is properly working, it’s responding correctly, their server will reply with a status code 200 okay, plus the Http version.
Http version one one okay, very easy. Now for the Http response header again, this is a name value pair, but the information that will be provided is information of the web server. This is like server information. And let’s say we are using an Apache web server with a version of two two. Now this is running by an application, PHP. And the content type that we will provide back to the client is HTML text and the body that is a respond by the server. This is the actual content. It can be an HTML, it can be an image, it can be a document file or PDF file. It can also be an HR API. Always take note, this is the content of the page and that’s how Http requests Http response works.
