Application Layer Protocols
Duration: 3 days

Back to course list Home
Synopsis This course discusses the main application protocols of the Internet: DNS (Domain Name Service), FTP (File Transfer Protocol), E-Mail protocols, HTTP (HyperText Transfer Protocol) and SSL (Secure Socket Layer). In-depth detail is provided down to the packet level with live captures using the WireShark sniffer. Each protocol is examined from both its perfomance and security aspects. Meant as a followup to the "Network Protocols" course, this further explores the OSI model, moving from the network and transport layers - to the application layer.
Target Audience Network administrators, and/or developers of network-related software who wish to gain insight as to the inner workings of these important protocols.
  • Explain in detail the inner workings of DNS
  • Deploy and maintain a DNS server
  • Understand the dynamic nature of FTP
  • Deploy and maintain an FTP server
  • Understand SMTP and MIME at the 7-bit level
  • Explain and debug HTTP transactions
  • Explain the security offered by SSL/TLS, and how it is met
Exercises This course includes plenty of hands-on, as students get first hand experience in the traffic behind the applications, using Ethereal and command line tools such as NetCat.
Day 1
1. DNS
4 hours
The Domain Name System (RFC1034, 1035) has been the invisible backbone of the Internet. Even in today's age of search engine, most users still memorize DNS names - and most are oblivious to IP addresses altogether. We discuss all aspects of DNS, including:
  • Name resolution mechanisms
    • The DNS domain hierarchy
      • Root nameservers
        • DNS Resolvers
          • DNS at the packet level

            Exercises include:
            • Debug live DNS queries using Ethereal
            2. DNS Security
            3 hours
            Despite its important role, DNS is woefully insecure. We focus on its weaknesses, as well as explore the improvements offered by DNS-Sec (RFC4033-4035). The latter has recently gained widespread adoptance, with the upgrade of the root name servers to support it.
            • DNS Weaknesses: Denial-of-Service attacks and Anycast
              • DNS Weaknesses: DNS Spoofing
                • DNS Weaknesses: Cache Poisoning and the birthday attack
                  • DNS Weaknesses: Fixing randomness
                    • Enter: DNSSec - DNS-Sec protocol modifications
                      • DNS Resolvers
                        • DNS at the packet level
                          Day 2
                          3. FTP
                          2 hours
                          FTP (RFC959) is an outdated, yet still unique protocol - in that it is one of the few protocols to dynamically determine port allocation at the application level.
                          • Sample FTP session, explained
                            • FTP weaknesses
                              • The classic FTP "Bounce" attack

                                Exercises include:
                                • Simulate an FTP file transfer using NetCat or telnet
                                • Demonstrate the FTP bounce attack
                                4. Email - SMTP
                                3 hours
                                The aptly named Simple Mail Transfer Protocol (SMTP - RFC 822/2822) is the driving force behind Email. Its simplicity, however, makes it easy to send unauthenticated email - and opening the door to spam. We discuss:
                                • Sample SMTP session, explained
                                  • ESMTP enhancements
                                    • 7-bit compatibility: QPrint
                                      • 7-bit compatibility: Base64
                                        • Sending attachments
                                          • Spam:
                                            • Spammer Techniques
                                              • Various spam countermeasures and DomainKeys
                                              5. Email - POP and IMAP
                                              2 hours
                                              The very basic Post Office Protocol (POP3) and the more advanced Internet Message Access Protocol (IMAPv4, RFC3501) make up the receiving end of email. Most webmails are merely HTML front-ends to a back-end IMAP transaction. In this module, we explain in detail both these protocols:
                                              • POP2 and POP3
                                                • IMAPv4:
                                                  • IMAP Sessions
                                                    • Server Side searches
                                                      • Server Side mailbox (=folder) management
                                                      Day 3
                                                      6. HTTP
                                                      2 hours
                                                      The HyperText Transfer Protocol (v1.1 - RFC2616) has transformed the Internet, and given birth to the World Wide Web. Undoubtedly the most important protocol of our time, it now enables web pages and applications alike. We focus in great detail on the protocol, discussing:
                                                      • HTTP versions (0.9-1.1) and variants (WebDAV, etc)
                                                        • HTTP Requests and Responses
                                                          • Request methods
                                                            • Request headers
                                                              • Response codes
                                                                • Response headers
                                                                7. HTTP and applications
                                                                2 hours
                                                                This module covers HTTP application transactions - covering such aspects as:
                                                                • HTTP as a generic medium
                                                                  • HTTP input methods
                                                                    • HTTP Authentication - Basic and Digest (RFC2617) and NTLM
                                                                      • Cookies and their inherent dangers

                                                                        Exercises include:
                                                                        • Simulate HTTP requests using Telnet
                                                                        • HTTP Partial Gets
                                                                        • HTTP Authentication using Basic and Digest
                                                                        • Note HTTP/1.0 and HTTP/1.1 differences
                                                                        8. SSL/TLS
                                                                        2-3 hours
                                                                        The Secure Socket Layer (or, by another name, Transport Layer Security - RFC2246) is the basic security framework for HTTP, as well as many other protocols (IMAP, FTP, LDAP and others with "s" variants). Unique in its modular and robust design, we explain it in great depth, including:
                                                                        • SSL Versions - 1-3, and TLS/TLSv1.1
                                                                          • Building blocks:
                                                                            • Symmetric Encryption algorithms
                                                                              • Asymmetric Encryption (PKI) algorithms
                                                                                • Hash functions
                                                                                • SSL and TLS at the packet level - sample transactions
                                                                                  • Known issues and past attacks on SSL implementations