Chapter 5: Key Networking Protocols

Understanding the fundamental protocols that power internet communication, including HTTP, FTP, SMTP, DNS, TCP, and UDP.

Key Networking Protocols | Computer Networks: From Scratch to Mastery | IndinTechnoEra

Introduction

In this chapter, we'll explore the essential networking protocols that enable communication across the internet. Building on our understanding of network models (Chapter 2) and IP addressing (Chapter 4), we'll examine how these protocols work together to facilitate data exchange.

By the end of this chapter, you will understand:

The operation of key application layer protocols (HTTP, FTP, SMTP, DNS)
The differences between TCP and UDP transport protocols
How ports identify network services
TCP connection establishment and termination
Protocol stack interactions and encapsulation
ICMP's role in network diagnostics

Application Layer Protocols

HTTP/HTTPS

The Hypertext Transfer Protocol (HTTP) is the foundation of web communication. It follows a client-server model where:

Clients (browsers) send HTTP requests
Servers respond with HTTP responses

HTTP Request Example:

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html

HTTP Response Example:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1234

<!DOCTYPE html>
<html>...</html>

Common HTTP status codes include:

200 OK: Successful request
301 Moved Permanently: Resource has moved
404 Not Found: Resource doesn't exist
500 Internal Server Error: Server failed to fulfill request

HTTPS adds security to HTTP using SSL/TLS encryption. Key differences:

Uses port 443 instead of HTTP's port 80
Encrypts all communication
Provides authentication of the website
Protects against eavesdropping and tampering

FTP (File Transfer Protocol)

FTP is used for transferring files between computers. It operates on two channels:

Control channel (port 21): For commands and responses
Data channel: For actual file transfer

FTP has two modes of operation:

Active mode: Client listens for server's data connection (problematic with firewalls)
Passive mode: Server listens for client's data connection (more firewall-friendly)

Security concerns with FTP:

Transmits credentials and data in clear text
Vulnerable to eavesdropping
Modern alternatives: SFTP (SSH File Transfer Protocol) or FTPS (FTP over SSL)

SMTP (Simple Mail Transfer Protocol)

SMTP is the standard protocol for sending email between servers. Key characteristics:

Uses port 25 (unencrypted) or 587 (with TLS)
Only handles sending email, not receiving
Works with other protocols (POP3/IMAP) for complete email functionality

SMTP Communication Example:

 S: 220 smtp.example.com ESMTP
C: HELO client.example.com
S: 250 Hello client.example.com
C: MAIL FROM: <sender@example.com>
S: 250 OK
C: RCPT TO: <recipient@example.com>
S: 250 OK
C: DATA
S: 354 End data with <CR><LF>.<CR><LF>
C: Subject: Test message
C: From: sender@example.com
C: To: recipient@example.com
C:
C: This is a test message.
C: .
S: 250 OK: message accepted

DNS (Domain Name System)

DNS translates human-readable domain names (e.g., google.com) to IP addresses. The DNS hierarchy includes:

Root servers: Top of the hierarchy (13 sets worldwide)
Top-Level Domain (TLD) servers: Handle .com, .org, etc.
Authoritative servers: Store records for specific domains

Common DNS record types:

A: Maps hostname to IPv4 address
AAAA: Maps hostname to IPv6 address
CNAME: Canonical name (alias) for another domain
MX: Mail exchange record for email routing

DNS Query Process:

Browser checks local cache
If not found, queries operating system
OS queries configured DNS resolver (usually ISP or public DNS like 8.8.8.8)
Resolver queries root server if needed
Root directs to TLD server
TLD directs to authoritative server
Authoritative server returns the record

Transport Layer Protocols: TCP vs UDP

TCP (Transmission Control Protocol)

TCP provides reliable, connection-oriented communication with these features:

Connection establishment (three-way handshake)
Error checking and correction
Flow control (window sizing)
Congestion control
Ordered data delivery

Common TCP applications:

Web browsing (HTTP/HTTPS)
Email (SMTP)
File transfer (FTP)
Remote access (SSH)

UDP (User Datagram Protocol)

UDP provides fast, connectionless communication with these characteristics:

No connection establishment
No guaranteed delivery
No ordering of packets
No congestion control
Lower overhead than TCP

Common UDP applications:

Video streaming
Voice over IP (VoIP)
Online gaming
DNS queries

TCP vs UDP Comparison Table

Feature	TCP	UDP
Connection	Connection-oriented	Connectionless
Reliability	Reliable (retransmits lost packets)	Unreliable (no retransmission)
Ordering	Sequenced (in-order delivery)	No sequencing
Speed	Slower due to overhead	Faster due to simplicity
Use Cases	Web, email, file transfer	Video, VoIP, gaming

Protocol Ports and Services

Ports are virtual endpoints for network communication, identified by numbers (0-65535). They enable multiplexing by allowing multiple services on a single IP address.

Well-Known Ports (0-1023)

20/21: FTP
22: SSH
25: SMTP
53: DNS
80: HTTP
443: HTTPS

Registered Ports (1024-49151)

1433: MS SQL Server
3306: MySQL
3389: RDP
5432: PostgreSQL

Dynamic/Private Ports (49152-65535)

Used for temporary or private connections, typically assigned dynamically by the OS to client applications.

Common Port Commands

Check listening ports on Linux:

netstat -tuln
# Or using ss:
ss -tuln

Check open ports on Windows:

netstat -ano

TCP Handshake Mechanisms

Three-Way Handshake (Connection Establishment)

TCP establishes connections using a three-way handshake:

SYN: Client sends SYN (synchronize) packet with initial sequence number
SYN-ACK: Server responds with SYN-ACK (synchronize-acknowledge) and its own sequence number
ACK: Client sends ACK (acknowledge) to confirm the connection

TCP Three-Way Handshake Visualization

Diagram showing the three-way handshake process between client and server.

Sequence Numbers in Action

Each TCP segment contains:

Sequence number (seq): Byte position in the stream
Acknowledgment number (ack): Next expected byte

Initial sequence numbers are randomly chosen for security.

Four-Way Handshake (Connection Termination)

TCP terminates connections using a four-way handshake:

FIN: One host sends FIN (finish) to close its side
ACK: Other host acknowledges the FIN
FIN: Other host sends its own FIN
ACK: Original host acknowledges the FIN

Each side closes independently, allowing for half-closed connections where one side can continue sending data after receiving FIN.

Protocol Stack Interactions

Network protocols work together in layers, with each layer adding its own header (encapsulation) to the data:

Protocol Stack Example: HTTP over TCP over IP

Application Layer (HTTP)

Transport Layer (TCP)

Network Layer (IP)

Data Link Layer (Ethernet)

Physical Layer (Cabling)

Each layer adds its header to the payload from the layer above.

Data encapsulation process:

Application creates HTTP message
Transport layer adds TCP header (source/dest ports, sequence numbers)
Network layer adds IP header (source/dest IP addresses)
Data link layer adds frame header (MAC addresses) and trailer (FCS)
Physical layer converts to signals for transmission

Protocol Dependencies

HTTP relies on TCP for reliable delivery
TCP relies on IP for routing
IP relies on Ethernet/WiFi for local delivery
DNS typically uses UDP but falls back to TCP for large responses

ICMP (Internet Control Message Protocol)

ICMP is a network layer protocol used for diagnostics and error reporting. Common uses:

Ping: Tests host reachability (ICMP Echo Request/Reply)
Traceroute: Maps path to destination
Error reporting (Destination Unreachable, Time Exceeded)

Common ICMP Message Types

0: Echo Reply (ping response)
3: Destination Unreachable
8: Echo Request (ping)
11: Time Exceeded (used in traceroute)

ICMP in Action

Ping Example

$ ping google.com
PING google.com (142.250.190.78): 56 data bytes
64 bytes from 142.250.190.78: icmp_seq=0 ttl=117 time=12.345 ms
64 bytes from 142.250.190.78: icmp_seq=1 ttl=117 time=11.987 ms

Real-World Protocol Use Cases

Online Banking

HTTPS secures all communication:

Client establishes TLS handshake with server
All HTTP traffic encrypted
TCP ensures reliable delivery of transactions
DNS resolves bank's domain name to IP

Video Streaming

UDP preferred for real-time video:

Lower latency than TCP
No retransmission of lost packets (better to drop than delay)
Adaptive bitrate streaming adjusts quality based on network conditions

Email Delivery

SMTP transfers email between servers:

Sender's email client submits to SMTP server
SMTP server looks up recipient's MX record via DNS
SMTP server connects to recipient's SMTP server
Recipient's server delivers to mailbox (accessed via POP3/IMAP)

Online Gaming

UDP preferred for fast-paced games:

Lower latency crucial for real-time interaction
Game engines handle packet loss with prediction algorithms
TCP may be used for non-time-critical data (chat, updates)

Practical Examples

Example 1: Analyzing HTTP Traffic with Wireshark

Wireshark is a powerful network protocol analyzer. Let's examine HTTP traffic:

Steps:

Install Wireshark (https://www.wireshark.org/)
Start capture on your network interface
Filter for HTTP traffic: http
Open a website in your browser
Examine the captured packets:
- TCP handshake (SYN, SYN-ACK, ACK)
- HTTP GET request
- HTTP response with status code

Sample Wireshark Output

No. Time        Source          Destination     Protocol Info
1   0.000000    192.168.1.100   93.184.216.34   TCP      59834 → 80 [SYN] Seq=0
2   0.025123    93.184.216.34   192.168.1.100   TCP      80 → 59834 [SYN, ACK] Seq=0 Ack=1
3   0.025234    192.168.1.100   93.184.216.34   TCP      59834 → 80 [ACK] Seq=1 Ack=1
4   0.025456    192.168.1.100   93.184.216.34   HTTP     GET / HTTP/1.1
5   0.048765    93.184.216.34   192.168.1.100   HTTP     HTTP/1.1 200 OK (text/html)

Example 2: Visualizing DNS Query Process

This interactive diagram shows how DNS resolves a domain name:

DNS Query Visualization Loading...

Interactive diagram showing the DNS resolution process from client to root, TLD, and authoritative servers.

DNS Query Steps:

User enters URL in browser
OS checks local DNS cache
If not found, queries configured DNS resolver
Resolver queries root server for TLD information
Root directs to appropriate TLD server (.com, .org, etc.)
TLD server directs to domain's authoritative nameserver
Authoritative server returns the IP address
Resolver caches the result and returns to client

Summary

In this chapter, we've explored the fundamental protocols that power internet communication:

Application Layer Protocols: HTTP/HTTPS for web, FTP for file transfer, SMTP for email, and DNS for name resolution
Transport Protocols: TCP for reliable communication and UDP for fast, connectionless transmission
Ports: Identify services and enable multiplexing (well-known ports 0-1023)
TCP Handshakes: Three-way for connection establishment, four-way for termination
Protocol Stack: Layers work together with encapsulation (HTTP → TCP → IP → Ethernet)
ICMP: Network diagnostics (ping, traceroute) and error reporting

Key Takeaways

Choose TCP when reliability is critical (web, email, file transfer)
Choose UDP when speed is priority (video, VoIP, gaming)
Always use HTTPS instead of HTTP for secure web communication
DNS is a critical infrastructure that translates names to IPs
Understanding protocols helps troubleshoot network issues

Key Networking Protocols | Computer Networks: From Scratch to Mastery