Session, Presentation & Application Layers: HTTP, FTP, DNS & Email Protocols
---
1. HTTP (HyperText Transfer Protocol)
HTTP is the foundation of data exchange on the World Wide Web.
HTTP Request Methods
| Method | Purpose | Body? | Idempotent? |
|---|---|---|---|
| GET | Retrieve a resource | No | Yes |
| POST | Submit data (create/update) | Yes | No |
| PUT | Replace resource entirely | Yes | Yes |
| PATCH | Partial update of resource | Yes | No |
| DELETE | Remove a resource | No | Yes |
| HEAD | GET but headers only | No | Yes |
| OPTIONS | Query server capabilities | No | Yes |
HTTP Status Codes
| Code Range | Category | Common Examples |
|---|---|---|
| 1xx | Informational | 100 Continue |
| 2xx | Success | 200 OK, 201 Created, 204 No Content |
| 3xx | Redirection | 301 Moved Permanently, 302 Found, 304 Not Modified |
| 4xx | Client Error | 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found |
| 5xx | Server Error | 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable |
HTTP Versions
| Version | Transport | Key Features |
|---|---|---|
| HTTP/1.0 | TCP | New connection per request (no keep-alive) |
| HTTP/1.1 | TCP | Persistent connections, pipelining, Host header |
| HTTP/2 | TCP+TLS | Binary framing, multiplexing, header compression (HPACK) |
| HTTP/3 | QUIC (UDP) | 0-RTT, no head-of-line blocking, connection migration |
Exam Tip: HTTP is stateless — each request is independent. State (sessions, login) is maintained by cookies, session tokens, or application state. HTTP by default uses TCP port 80; HTTPS = HTTP over TLS on port 443.
---
2. FTP (File Transfer Protocol)
FTP uses two TCP connections simultaneously:
- Control connection (port 21): Commands and responses
- Data connection (port 20): Actual file data transfer
FTP Modes
| Mode | Data Connection | Firewall Friendly? |
|---|---|---|
| Active | Server initiates data connection to client (port 20) | No — firewall blocks incoming |
| Passive | Client initiates both connections to server | Yes — client initiates all |
FTP Commands
| Command | Purpose |
|---|---|
USER username | Authenticate username |
PASS password | Authenticate password |
LIST | List directory contents |
RETR filename | Download file |
STOR filename | Upload file |
QUIT | Close connection |
Security: Standard FTP transmits passwords in plaintext — use SFTP (SSH File Transfer Protocol, port 22) or FTPS (FTP over TLS/SSL) for security.
---
3. Email Protocols
SMTP (Simple Mail Transfer Protocol) — Port 25/587
SMTP is used for sending email between mail servers and from clients to servers.
| Command | Purpose |
|---|---|
HELO / EHLO | Identify sending server |
MAIL FROM: | Specify sender email |
RCPT TO: | Specify recipient email |
DATA | Begin email body |
. (single dot) | End of email body |
QUIT | Close connection |
POP3 (Post Office Protocol 3) — Port 110/995
POP3 downloads email to the local client and (by default) deletes it from the server.
- Simple and offline-focused
- Not suitable for accessing mail from multiple devices
- Port 110 (plain), Port 995 (SSL/TLS)
IMAP (Internet Message Access Protocol) — Port 143/993
IMAP keeps mail on the server and synchronises state across all clients.
- Access same mailbox from phone, laptop, webmail
- Supports folders, flags, search on server
- Port 143 (plain), Port 993 (SSL/TLS)
| Feature | POP3 | IMAP |
|---|---|---|
| Mail storage | Local (downloaded, deleted) | Server-side (persistent) |
| Multi-device | Poor | Excellent |
| Offline access | Yes (after download) | Limited (headers cached) |
| Search | Local only | Server-side search |
| Folder sync | No | Yes |
| Use case | Single-device, offline | Multi-device, always-connected |
---
4. DHCP (Dynamic Host Configuration Protocol)
DHCP automatically assigns IP configuration to hosts — uses UDP (port 67 server, port 68 client).
DHCP DORA Process
| Step | Message | Direction | Content |
|---|---|---|---|
| D — Discover | DHCPDISCOVER | Client broadcasts | "I need an IP address" |
| O — Offer | DHCPOFFER | Server unicast/broadcast | "I offer you 192.168.1.50 for 24 hours" |
| R — Request | DHCPREQUEST | Client broadcasts | "I accept the offer from that server" |
| A — Acknowledge | DHCPACK | Server unicast | "Confirmed — here are your IP, mask, gateway, DNS" |
DHCP assigns: IP address, subnet mask, default gateway, DNS server(s), lease duration.
---
5. SSH (Secure Shell) — Port 22
SSH provides encrypted remote shell access and replaces insecure Telnet (port 23).
| Feature | SSH | Telnet |
|---|---|---|
| Encryption | Full (AES, ChaCha20) | None (plaintext) |
| Authentication | Password or public key | Password only |
| Security | Secure | Highly insecure |
| Port | 22 | 23 |
| Use | All secure remote management | Legacy only (avoid) |
SSH also supports:
- SCP (Secure Copy) — file transfer
- SFTP — full FTP-like file management over SSH
- SSH tunnelling — encrypt and forward other TCP connections through SSH
---
6. SNMP (Simple Network Management Protocol) — Port 161/162
SNMP manages and monitors network devices (routers, switches, servers).
| Component | Description |
|---|---|
| SNMP Manager | Management station (queries devices) |
| SNMP Agent | Software running on managed device |
| MIB (Management Information Base) | Database of variables the agent can report |
| OID (Object Identifier) | Unique identifier for each MIB variable |
| Community String | Password-like authentication (SNMPv1/v2c — insecure) |
| SNMPv3 | Adds encryption and strong authentication |
SNMP Operations
| Operation | Direction | Purpose |
|---|---|---|
| GET | Manager → Agent | Read a variable value |
| SET | Manager → Agent | Write a variable value |
| GETNEXT | Manager → Agent | Read next variable in MIB tree |
| TRAP | Agent → Manager | Unsolicited alert (device event) |
---
7. Complete Protocol Reference
| Protocol | Port(s) | Transport | Secure Variant |
|---|---|---|---|
| HTTP | 80 | TCP | HTTPS (443) |
| FTP | 20/21 | TCP | SFTP (22), FTPS (990) |
| SSH | 22 | TCP | (itself is secure) |
| Telnet | 23 | TCP | Use SSH instead |
| SMTP | 25/587 | TCP | SMTPS (465) |
| DNS | 53 | UDP/TCP | DoH, DoT |
| DHCP | 67/68 | UDP | — |
| POP3 | 110 | TCP | POP3S (995) |
| IMAP | 143 | TCP | IMAPS (993) |
| SNMP | 161/162 | UDP | SNMPv3 |
| HTTPS | 443 | TCP | (itself is secure) |
| RDP | 3389 | TCP | VPN + RDP |
Exam Tip: Know the port numbers in the table above — they are among the most commonly tested facts in computer networks MCQs. Also remember: DNS uses UDP for queries ≤512 bytes and TCP for zone transfers or large responses. DHCP uses UDP because the client doesn't have an IP address yet.
---
Study Deep: Modern Application Layer Security
- TLS 1.3 (the latest version of TLS) drastically improved security and performance — 1-RTT handshake (vs 2-RTT in TLS 1.2), removed weak cipher suites, forward secrecy mandatory. Nearly all HTTPS today uses TLS 1.2 or 1.3.
- QUIC and HTTP/3: By running over UDP, QUIC can establish connections faster (0-RTT for known servers), avoids TCP head-of-line blocking, and can migrate connections between network interfaces (e.g., Wi-Fi to cellular) without dropping the connection.
- API security: Modern web APIs use HTTPS + JWT (JSON Web Tokens) for stateless authentication — no server-side session storage required. OAuth 2.0 is the standard for delegated authorisation.