Windowing 489
Table 9-1 Reserved TCP and UDP Port Numbers
Decimal Port Number Keyword Description
0 — Reserved
1 to 4 — Unassigned
5 Rje Remote job entry
7 Echo Echo
9 Discard Discard
11 Users Active users
13 Daytime Daytime
15 Netstat Who is up, or netstat
17 Quote Quote of the day
19 Chargen Character generator
20 ftp-data File Transfer Protocol (data)
21 ftp File Transfer Protocol
23 telnet Terminal connection
25 Smtp Simple Mail Transfer Protocol
37 Time Time of day
39 Rlp Resource Location Protocol
42 Nameserver Host name server
43 nickname Who is
53 Domain Domain Name Server
67 Bootps Bootstrap protocol server
68 Bootpc Bootstrap protocol client
69 Tftp Trivial File Transfer Protocol
75 — Any private dial-out service
77 — Any private RJE service
continues
1102.book Page 489 Tuesday, May 20, 2003 2:53 PM
490 Chapter 9: TCP/IP Transport and Application Layer
As shown in Figure 9-12, end systems use port numbers to select the proper application.

Originating source port numbers are assigned dynamically by the source host, with
some number greater than 1023. As an example, a host attempting to connect to
another using FTP sends a packet with a destination TCP port number of 21 (FTP) and
a dynamically generated source port number such as 1028. This pair of port numbers
(destination and source) defines the unique “conversation” between these hosts. If
the same host initiates another FTP session to a second host, the destination port still
is 21, but the source port generated is different (for example, 1030), to keep the two
sessions separate.
Figure 9-12 Port Numbers Dictate Application Used
79 Finger Finger
80 HTTP Hypertext Transfer Protocol
123 Ntp Network Time Protocol
133 to 159 — Unassigned
160 to 223 — Reserved
224 to 241 — Unassigned
242 to 255 — Unassigned
Numbers below 1024 are considered well-known port numbers.
Numbers above 1024 are assigned port numbers dynamically.
Registered port numbers are those registered for vendor-specific applications. Most are
above 1024.
Table 9-1 Reserved TCP and UDP Port Numbers (Continued)
Decimal Port Number Keyword Description
Source
Port

Destination
Port
Source
Port
1028


Destination
Port
Telnet Z
Destination port = 23.
Send packets to my
Telnet application.
Host A
Host Z
23
1102.book Page 490 Tuesday, May 20, 2003 2:53 PM
TCP/IP Application Layer 491
TCP/IP Application Layer
The last layer of both the OSI and the TCP/IP model is referred to as the application
layer. The application layer is the closest to the end user when interacting with soft-
ware applications such as sending and receiving e-mail over a network. You see how
the application layer deals with data packets from client/server applications, domain
name services, and network applications by examining the following elements:
■ Client/server
■ Redirectors
■ Domain Name System
■ E-mail
■ Telnet
■ FTP
■ HTTP
Introduction to the Application Layer
In the context of the OSI reference model, the application layer (Layer 7) supports the
communicating component of an application, as shown in Figure 9-13. The applica-
tion layer is responsible for the following:
■ Identifying and establishing the availability of intended communication partners

■ Synchronizing cooperating applications
■ Establishing agreement on procedures for error recovery
■ Controlling data integrity
Figure 9-13 Application Layer
1102.book Page 491 Tuesday, May 20, 2003 2:53 PM
492 Chapter 9: TCP/IP Transport and Application Layer
The application layer is the layer closest to the end user. This determines whether suffi-
cient resources exist for communication between systems. Without the application layer,
there would be no network communication support. The application layer does not
provide services to any other layer, but it does provide services to application processes
lying outside the scope of the TCP/IP model, such as spreadsheet programs, word
processing programs, and banking terminal programs. Additionally, the application
layer provides a direct interface to the rest of the model for network applications (such
as browser or e-mail program) or an indirect interface for standalone applications
(such as word processors, spreadsheets, and presentation managers) with a network
redirector.
Direct Network Applications
Most applications that work in a networked environment are classified as client/server
applications. These applications, such as FTP clients (not protocols), web browsers,
and e-mail programs, all have two components that allow them to function—the client
side and the server side. The client side is located on the local computer and is the
requestor of the services. The server side is located on a remote computer and provides
services in response to the client’s requests.
A client/server application works by constantly repeating the following looped routine:
client request, server response; client request, server response. For example, a web
browser accesses a web page by requesting a uniform resource locator (URL), which is
resolved to an IP address on a remote web server. After it locates the URL, the web
server that is identified by that URL responds to the request. Then, based on the infor-
mation received from the web server, the client can request more information from the
same web server or can access another web page from a different web server.

Netscape Navigator and Internet Explorer are probably the most commonly used net-
work applications. An easy way to understand a web browser is to compare it to a
television remote control. A remote control gives you the capability to directly control
a TV’s functions: volume, channels, brightness, and so on. For the remote control to
function properly, you do not need to understand how the remote control functions
electronically. The same is true of a web browser; the browser gives you the capability
to navigate through the web by clicking hyperlinks. For the web browser to function
properly, it is not necessary for you to understand how the lower-layer OSI protocols
work and interact.
Indirect Network Support
Within a LAN environment, indirect-application network support is also a client/server
function. If a client wants to save a file from a word processor to a network server, the
1102.book Page 492 Tuesday, May 20, 2003 2:53 PM
TCP/IP Application Layer 493
redirector enables the word-processing application to do so transparently. Remember
that this transparency is supplied by the session layer Remote Procedure Call (RPC)
functionality.
A redirector is an OSI model session layer function that works with computer operat-
ing systems and network clients instead of specific application programs.
Examples of protocols that use redirectors are as follows:
■ AppleTalk Filing Protocol
■ NetBIOS Extended User Interface (NetBEUI)
■ Novell IPX/SPX protocols
■ Network File System (NFS) of the TCP/IP protocol suite
A redirector enables a network administrator to assign remote resources to logical names
on the local client. When you select one of these logical names to perform an operation
such as saving a file or printing a file, the network redirector sends the selected file to
the proper remote resource on the network for processing. If the resource is on a local
computer, the redirector ignores the request and allows the local operating system to
process the request.

The advantage of using a network redirector on a local client is that the applications
on the client never have to recognize the network. In addition, the application that
requests service is located on the local computer, and the redirector reroutes the request
to the proper network resource, while the application treats it as a local request.
Redirectors expand the capabilities of non-network software. They also enable users
to share documents, templates, databases, printers, and many other resource types
without having to use special application software.
Networking has had a great influence on the development of programs such as word
processors, spreadsheets, presentation managers, database programs, graphics, and
productivity software. Many of these software packages are now network-integrated
or network-aware; they have the capabilities of launching integrated web browsers or
Internet tools and publishing their output to the Hypertext Markup Language (HTML)
for easy web integration.
Making and Breaking a Connection
It is important to note that in each of the examples mentioned in the preceding sections,
the connection to the server was maintained only long enough to complete a single
task. In the web example, the connection was maintained just long enough to download
the current web page. In the printer example, the connection was maintained just long
1102.book Page 493 Tuesday, May 20, 2003 2:53 PM
494 Chapter 9: TCP/IP Transport and Application Layer
enough to send the document to the print server. After the processing was completed,
the connection was broken and had to be re-established for the next processing request
to take place. This is one of the two ways that communication sessions take place.
Later in this chapter, you learn about the second method in which communication ses-
sions take place. This is illustrated by the Telnet and FTP examples, in which a connec-
tion to the server is established and maintained until all processing has been performed.
The client computer terminates the connection when the user determines that he or she
has finished. All communication activity falls into one of these two categories. In the
next section, you learn about the Domain Name System (DNS), which is supported by
the application layer processes.

DNS
The Internet is built on a hierarchical addressing scheme. This allows for routing that
is based on classes of addresses, as opposed to individual addresses. The problem that
this creates for the user is associating the correct address with the Internet site. The
only difference between the addresses 198.151.11.12 and 198.151.11.21 is one trans-
posed digit. It is very easy to forget an address to a particular site because there is
nothing to associate the contents of the site with its address.
To associate the contents of the site with its address, a domain-naming system was devel-
oped. DNS is a system used on the Internet for translating names of domains and their
publicly advertised network nodes into IP addresses. A domain is a group of computers
that are associated by their geographical location or their business type. A domain
name is a string of characters and/or numbers, usually a name or abbreviation that
represents the numeric address of an Internet site. More than 200 top-level domains
exist on the Internet; examples include the following:
■ .us—United States
■ .uk—United Kingdom
There are also generic names, examples of which include the following:
■ .edu—Educational sites
■ .com—Commercial sites
■ .gov—Government sites
■ .org—Nonprofit sites
■ .net—Network service
■ .mil—U.S. military sites
■ .int—International database/treaty organization sites
N
O
TE
For more information
on domain names,
visit the IANA web-

site (www.iana.org/
domain-names.htm)
for domain names.
1102.book Page 494 Tuesday, May 20, 2003 2:53 PM
TCP/IP Application Layer 495
The Domain Name Server
The Domain Name System (DNS) server is a device on a network that responds to
requests from clients to translate a domain name into the associated IP address. The
DNS system is set up in a hierarchy that creates different levels of DNS servers.
If a local DNS server is capable of translating a domain name into its associated IP
address, it does so and returns the result to the client. If it cannot translate the address,
it passes the request up to the next higher-level DNS server on the system, which then
tries to translate the address. If the DNS server at this level is capable of translating the
domain name into an associated IP address, it does so and returns the result to the
client. If not, it sends the request to the next higher level. This process repeats itself
until the domain name has been translated or until the top-level DNS server has been
reached. If the domain name cannot be found on the top-level DNS server, it is con-
sidered to be an error and the corresponding error message is returned. Any type of
application that uses domain names to represent IP addresses uses the DNS server to
translate that name into its corresponding IP address.
FTP and TFTP
The File Transfer Protocol (FTP) is designed to download files (received or gotten from
the Internet) and upload files (sent or put to the Internet). The capability to upload and
download files is one of the most valuable features of the Internet. This is especially
helpful for people who rely on computers for many purposes and who might need
software drivers and upgrades immediately. Network administrators rarely can wait
even a few days to get the necessary drivers that enable their network servers to function
again. The Internet can provide these files immediately by using FTP. Like e-mail and
Telnet, FTP is a client/server application. It requires server software running on a host
that can be accessed by client software.

An FTP session is established the same way in which a Telnet session is established.
Just like Telnet, the FTP session is maintained until the client terminates it or until
there is some sort of communication error. When you establish a connection to an FTP
process or daemon, you must supply a login ID and a password. Normally, you use
Anonymous as the login ID and your e-mail address as the password. This type of con-
nection is known as anonymous FTP. After your identity is established, a command
link opens between your client machine and the FTP server. This is similar to a Telnet
session, in which commands are sent and executed on the server and the results are
returned to the client. This feature enables you to create and change folders, erase and
rename files, and execute many other functions associated with file management.
1102.book Page 495 Tuesday, May 20, 2003 2:53 PM
496 Chapter 9: TCP/IP Transport and Application Layer
The main purpose of FTP is to transfer files from one computer to another by copying
and moving files from servers to clients and from clients to servers. When you copy
files from a server, FTP establishes a second connection, a data link between the com-
puters, across which the data is transferred. Data transfer can occur in American Stan-
dard Code for Information Interchange (ASCII) mode or binary mode. These two modes
determine how the data file is to be transferred between the stations. ASCII format
returns a human-readable representation of the number in seven ASCII characters. The
first character is a space or a negation sign, followed by three digits, a decimal point,
and two more digits. If a number has less than three digits to the left of the decimal
point, then the optional sign and digits are right-justified in the seven character field,
and spaces are filled in on the left. Because binary-mode numbers take only 4 bytes
each, compared to the 7 of an ASCII representation, the binary representation takes
less time to send over the serial link to the computer. However, there are marked
advantages to using the ASCII representation. After the file transfer has ended, the
data connection terminates automatically. After you complete the entire session of
copying and moving files, you might log off, thus closing the command link and end-
ing the session.
The Trivial File Transport Protocol (TFTP) is a connectionless service that uses UDP.

TFTP is used on routers and switches to transfer configuration files and Cisco IOS
Software images, and to transfer files between systems that support TFTP. It is designed
to be small and easy to implement. Therefore, it lacks most of the features of regular
FTP. The only thing it can do is read and write files (or mail) from or to a remote server.
It cannot list directories, and currently it has no provisions for user authentication. It is
useful in some LANs because it operates faster than FTP in a stable environment.
Another protocol that has the capability to download files is Hypertext Transfer Pro-
tocol (HTTP), as discussed in the next section. One limitation of HTTP is that you can
use it only to download files, not upload them.
HTTP
The Hypertext Transfer Protocol (HTTP) works with the World Wide Web, which is
the fastest-growing and most used part of the Internet. One of the main reasons for the
extraordinary growth of the web is the ease in which it allows access to information. A
web browser is a client/server application, which means that it requires both a client
and a server component to function. A web browser presents data in multimedia formats
on web pages that use text, graphics, sound, and video. The web pages are created
with a format language called the Hypertext Markup Language (HTML). HTML directs
a web browser on a particular web page to produce the appearance of the page in a
specific manner. In addition, HTML specifies locations for the placement of text, files,
and objects that are to be transferred from the web server to the web browser.
1102.book Page 496 Tuesday, May 20, 2003 2:53 PM
TCP/IP Application Layer 497
Hyperlinks make the World Wide Web easy to navigate. A hyperlink is an object (word,
phrase, or picture) on a web page that, when clicked, transfers you to a new web page.
The web page contains (often hidden within its HTML description) an address location
known as a uniform resource locator (URL).
Table 9-2 shows the components of a standard URL address (
in this case).
When you open a web browser, the first thing you usually see is a starting (or “home”)
page. The URL of the home page already has been stored in the configuration area of

your web browser and can be changed at any time. From the starting page, you can
click one of the web page hyperlinks or type a URL in the browser’s address bar. The
web browser then examines the protocol to determine whether it needs to open another
program, and it determines the IP address of the web server. After that, the transport
layer, network layer, data link layer, and physical layer initiate a session with the web
server. The data that is transferred to the HTTP server contains the folder name of
the web page location (the data also can contain a specific filename for an HTML
page). If no name is given, the server uses a default name (as specified in the server’s
configuration).
The server responds to the request by sending all of the text, audio, video, and graphic
files, as specified in the HTML instructions, to the web client. The client browser reas-
sembles all the files to create a view of the web page and then terminates the session. If
you click another page that is located on the same server or a different server, the whole
process begins again.
SMTP
E-mail servers communicate with each other using the Simple Mail Transfer Protocol
(SMTP) to send and receive mail. The SMTP protocol transports e-mail messages in
ASCII format using TCP. You can connect to an SMTP server by performing a ping
test to the SMTP port (25). This is a good way to test if a mail server is reachable.
Table 9-2 URL Components
http:// www. Cisco.com /cgi/
Identifies to
the browser
what proto-
col should be
used.
Identifies what
type of site is
being contacted
by the browser.

Represents the
domain entry of
the web site.
Identifies the folder where
the web page is located on
the server. Also, because
no name is specified, the
browser loads the default
page identified by the server.
1102.book Page 497 Tuesday, May 20, 2003 2:53 PM
498 Chapter 9: TCP/IP Transport and Application Layer
When a mail server receives a message destined for a local client, it stores that message
and waits for the client to collect the mail. Mail clients can collect their mail in several
ways: They can use programs that access the mail server files directly or can use one
of many network protocols. The most popular mail client protocols are Post Office
Protocol Version 3 (POP3) and Internet Messaging Access Protocol Version 4 (IMAP4),
which both use TCP to transport data. Even though mail clients use these special pro-
tocols to collect mail, they almost always use SMTP to send mail. Because two different
protocols, and possibly two different servers, are used to send and receive mail, it is
possible that mail clients can perform one task and not the other. Therefore, you should
troubleshoot the sending of mail and the receiving of mail separately.
When verifying the configuration of a mail client, both the mail relay server (SMTP)
and mail servers (POP or IMAP) should be verified. SMTP does not offer much in
the way of security and does not require any authentication. To prevent unauthorized
users from bouncing mail messages off their servers, administrators often don’t allow
hosts that are not part of their network to use their SMTP server to send (or relay)
mail.
SNMP
The Simple Network Management Protocol (SNMP) is an application layer protocol
that facilitates the exchange of management information between network devices.

SNMP enables network administrators to manage network performance, find and
solve network problems, and plan for network growth.
An SNMP-managed network consists of the following three key components:
■ Managed device—A network node that contains an SNMP agent and that resides
on a managed network. Managed devices collect and store management informa-
tion and make this information available to NMSs using SNMP. Managed
devices, sometimes called network elements, can be routers and access servers,
switches and bridges, hubs, computer hosts, or printers.
■ Agent—A network-management software module that resides in a managed device.
An agent has local knowledge of management information and translates that
information into a form compatible with SNMP.
■ Network-management system (NMS)—Executes applications that monitor and
control managed devices. NMSs provide the bulk of the processing and memory
resources required for network management. One or more NMSs must exist on
any managed network.
1102.book Page 498 Tuesday, May 20, 2003 2:53 PM