SlideShare a Scribd company logo

BITM3730 Networking.pdf

M
MattMarino13

The document discusses various aspects of networks, servers, and websockets. It defines clients and servers, explaining that clients request pages from servers. It distinguishes between web servers, which deliver static content, and application servers, which deliver dynamic content by connecting to databases. Common free and open source web and application servers are also listed. The document then focuses on web servers, defining them as software and hardware that uses HTTP and other protocols to respond to client requests over the web. Potential errors servers may return are categorized into classes based on their numeric codes.

Education
1 of 56
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
Networks, Servers, and Websockets BITM 3730 Developing Web Applications
Client • Client is “served” pages from a webserver • Client can be Internet Explorer, Chrome, Firefox and Safari • A web browser is considered a client • Client performs some processing of the output of the server
Server • Server returns HTML along with other content such as images and small applications (flash, applets) • Servers are often found on the web • This is “interpreted” by the browser and displayed to the end user • Application servers typically provide dynamic content while the webserver is responsible for the delivery
Basics • A web server delivers static content • An application server delivers dynamic content • The relationship between application servers and a database is that it transforms data with business logic • Web servers and application servers which are free and readily available are open source • FTP stands for File Transfer Protocol
Web Server Defined • A web server is software and hardware that uses HTTP (Hypertext Transfer Protocol) and other protocols to respond to client requests made over the World Wide Web. • The main job of a web server is to display website content through storing, processing and delivering webpages to users.
Web Server Visual
Web Server Possibilities • A static web server: We call it "static" because the server sends its hosted files as-is to your browser. • A dynamic web server: We call it "dynamic" because the application server updates the hosted files before sending content to your browser via the HTTP server. • An error message
Potential Errors – 5 Levels • 1xx informational response – the request was received, continuing process • 2xx successful – the request was successfully received, understood, and accepted • 3xx redirection – further action needs to be taken in order to complete the request • 4xx client error – the request contains bad syntax or cannot be fulfilled • 5xx server error – the server failed to fulfil an apparently valid request
1xx Level Errors • 100 Continue: The server has received the request headers and the client should proceed to send the request body (in the case of a request for which a body needs to be sent; for example, a POST request). Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient. To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request and receive a 100 Continue status code in response before sending the body. If the client receives an error code such as 403 (Forbidden) or 405 (Method Not Allowed) then it shouldn't send the request's body. The response 417 Expectation Failed indicates that the request should be repeated without the Expect header as it indicates that the server doesn't support expectations (this is the case, for example, of HTTP/1.0 servers). • 101 Switching Protocols: The requester has asked the server to switch protocols and the server has agreed to do so. • 102 Processing: A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request. This code indicates that the server has received and is processing the request, but no response is available yet. This prevents the client from timing out and assuming the request was lost. • 103 Early Hints: Used to return some response headers before final HTTP message
2xx Level Errors • 200 OK: Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action. • 201 Created: The request has been fulfilled, resulting in the creation of a new resource. • 202 Accepted: The request has been accepted for processing, but the processing has not been completed. The request might or might not be eventually acted upon and may be disallowed when processing occurs. • 203 Non-Authoritative Information: The server is a transforming proxy (e.g. a Web accelerator) that received a 200 OK from its origin but is returning a modified version of the origin's response. • 204 No Content: The server successfully processed the request and is not returning any content. • 205 Reset Content: The server successfully processed the request, asks that the requester reset its document view, and is not returning any content. • 206 Partial Content: The server is delivering only part of the resource (byte serving) due to a range header sent by the client. The range header is used by HTTP clients to enable resuming of interrupted downloads or split a download into multiple simultaneous streams. • 207 Multi-Status: The message body that follows is by default an XML message and can contain a number of separate response codes, depending on how many sub-requests were made. • 208 Already Reported: The members of a DAV binding have already been enumerated in a preceding part of the (multistatus) response and are not being included again. • 226 IM Used: The server has fulfilled a request for the resource, and the response is a representation of the result of one or more instance- manipulations applied to the current instance.
3xx Level Errors • 300 Multiple Choices: Indicates multiple options for the resource from which the client may choose (via agent-driven content negotiation). For example, this code could be used to present multiple video format options, to list files with different filename extensions, or to suggest word-sense disambiguation. • 301 Moved Permanently: This and all future requests should be directed to the given URI. • 302 Found (Previously "Moved temporarily"): Tells the client to look at (browse to) another URL. 302 has been superseded by 303 and 307. This is an example of industry practice contradicting the standard. The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302 with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to distinguish between the two behaviours. However, some Web applications and frameworks use the 302 status code as if it were the 303. • 303 See Other : The response to the request can be found under another URI using the GET method. When received in response to a POST (or PUT/DELETE), the client should presume that the server has received the data and should issue a new GET request to the given URI. • 304 Not Modified: Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None- Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy. • 305 Use Proxy: The requested resource is available only through a proxy, the address for which is provided in the response. For security reasons, many HTTP clients (such as Mozilla Firefox and Internet Explorer) do not obey this status code. • 306 Switch Proxy: No longer used. Originally meant "Subsequent requests should use the specified proxy." • 307 Temporary Redirect: In this case, the request should be repeated with another URI; however, future requests should still use the original URI. In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request. For example, a POST request should be repeated using another POST request. • 308 Permanent Redirect: The request and all future requests should be repeated using another URI. 307 and 308 parallel the behaviors of 302 and 301, but do not allow the HTTP method to change. So, for example, submitting a form to a permanently redirected resource may continue smoothly
4xx Level Errors • 400 Bad Request: The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing). • 401 Unauthorized: Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication. 401 semantically means "unauthorised", the user does not have valid authentication credentials for the target resource. • 402 Payment Required: Reserved for future use. The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, as proposed, for example, by GNU Taler, but that has not yet happened, and this code is not widely used. Google Developers API uses this status if a particular developer has exceeded the daily limit on requests. Sipgate uses this code if an account does not have sufficient funds to start a call. Shopify uses this code when the store has not paid their fees and is temporarily disabled. Stripe uses this code for failed payments where parameters were correct, for example blocked fraudulent payments. • 403 Forbidden: The request contained valid data and was understood by the server, but the server is refusing action. This may be due to the user not having the necessary permissions for a resource or needing an account of some sort or attempting a prohibited action (e.g. creating a duplicate record where only one is allowed). This code is also typically used if the request provided authentication by answering the WWW- Authenticate header field challenge, but the server did not accept that authentication. The request should not be repeated.
4xx Level Errors Cont. • 404 Not Found: The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible. • 405 Method Not Allowed: A request method is not supported for the requested resource; for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource. • 406 Not Acceptable: The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request. • 407 Proxy Authentication Required: The client must first authenticate itself with the proxy. • 408 Request Timeout: The server timed out waiting for the request. According to HTTP specifications: "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time." • 409 Conflict: Indicates that the request could not be processed because of conflict in the current state of the resource, such as an edit conflict between multiple simultaneous updates. • 410 Gone: Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.
4xx Level Errors Cont. • 411 Length Required: The request did not specify the length of its content, which is required by the requested resource. • 412 Precondition Failed: The server does not meet one of the preconditions that the requester put on the request header fields. • 413 Payload Too Large: The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large". • 414 URI Too Long: The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request, in which case it should be converted to a POST request. Called "Request-URI Too Long" previously. • 415 Unsupported Media Type: The request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format. • 416 Range Not Satisfiable: The client has asked for a portion of the file (byte serving), but the server cannot supply that portion. For example, if the client asked for a part of the file that lies beyond the end of the file. Called "Requested Range Not Satisfiable" previously. • 417 Expectation Failed: The server cannot meet the requirements of the Expect request-header field.
4xx Level Errors Cont. • 421 Misdirected Request: The request was directed at a server that is not able to produce a response. • 422 Unprocessable Entity: The request was well-formed but was unable to be followed due to semantic errors. • 423 Locked: The resource that is being accessed is locked. • 424 Failed Dependency: The request failed because it depended on another request and that request failed (e.g., a PROPPATCH). • 425 Too Early: Indicates that the server is unwilling to risk processing a request that might be replayed. • 426 Upgrade Required: The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field. • 428 Precondition Required: The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.
Last 4xx Level Errors • 429 Too Many Requests: The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes. • 431 Request Header Fields Too Large: The server is unwilling to process the request because either an individual header field, or all the header fields collectively, are too large. • 451 Unavailable For Legal Reasons: A server operator has received a legal demand to deny access to a resource or to a set of resources that includes the requested resource. The code 451 was chosen as a reference to the novel Fahrenheit 451
5xx Level Errors • 500 Internal Server Error: A generic error message, given when an unexpected condition was encountered and no more specific message is suitable. • 501 Not Implemented: The server either does not recognize the request method, or it lacks the ability to fulfil the request. Usually this implies future availability (e.g., a new feature of a web-service API). • 502 Bad Gateway: The server was acting as a gateway or proxy and received an invalid response from the upstream server. • 503 Service Unavailable: The server cannot handle the request (because it is overloaded or down for maintenance). Generally, this is a temporary state. • 504 Gateway Timeout: The server was acting as a gateway or proxy and did not receive a timely response from the upstream server. • 505 HTTP Version Not Supported: The server does not support the HTTP protocol version used in the request.
5xx Level Errors Cont. • 506 Variant Also Negotiates: Transparent content negotiation for the request results in a circular reference. • 507 Insufficient Storage: The server is unable to store the representation needed to complete the request. • 508 Loop Detected: The server detected an infinite loop while processing the request (sent instead of 208 Already Reported). • 510 Not Extended: Further extensions to the request are required for the server to fulfil it. • 511 Network Authentication Required: The client needs to authenticate to gain network access. Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
Commonly Used Web Servers [FREE] • Apache HTTP • NGINX • Apache Tomcat • Node.js • Lighttpd
Web Servers [PAID] • GoDaddy • HostGator • OneWebHosting • Hostwinds • A2 Web Hosting • WP Engine • 1&1
Understanding the Web • Website [also referred to as a domain] • Highest level of the website [Ex. https://www.shu.edu/ ] • Web page • Individual page within the website [Ex. https://www.shu.edu/business/index.cfm ] • Sub Domain • Generally, features its own web pages in a secondary folder [Ex. https://www.shu.edu/business/ or http://pirate.shu.edu/ ]
If You Build It, They Will Come
Web Server for Chrome • https://chrome.google.com/webstore/detail/web-server-for- chrome/ofhbbkphhbklhfoeikjpcbhemlocgigb?hl=en • App from Chrome Web Store • Runs Offline • Explained in depth at https://github.com/kzahel/web-server-chrome
Application Server • Server that hosts application • Common tools • Java application servers • .NET Framework [from Microsoft] • PHP application servers • Mobile application servers
Where Can App Servers Be Deployed • On premises [your computer/network] • Cloud [public on internet] • Private Cloud [private on internet – likely requires password] • PaaS – Platform as a Service [can be cloud based]
PaaS PaaS can be delivered in three ways: • As a public cloud service from a provider, where the consumer controls software deployment with minimal configuration options, and the provider provides the networks, servers, storage, operating system (OS), middleware (e.g. Java runtime, .NET runtime, integration, etc.), database and other services to host the consumer's application. • As a private service (software or appliance) behind a firewall. • As software deployed on a public infrastructure as a service.
Web APIs • When used in the context of web development, an API is typically defined as a set of specifications, such as Hypertext Transfer Protocol (HTTP) request messages, along with a definition of the structure of response messages, usually in an Extensible Markup Language (XML) or JavaScript Object Notation (JSON) format.
You Build • You can build apps on your own using https://ibuildapp.com/ • Google also provides similar opportunities https://developers.google.com/appmaker • You can even turn your Mac into a server https://www.apple.com/macos/server/
Application Servers – Most Commonly Used • JBoss [open source] • Glassfish [Oracle] • Weblogic [Oracle] • Websphere [IBM]
App Stores [Mobile] • Google Play Store • Apple App Store • Samsung Galaxy Apps • LG SmartWorld • Huawei App Store • Sony Apps • Amazon Appstore • Aptoide • F-Droid • GetJar • ACMarket • SlideME • Uptodown Market • Itch.io • Cydia • neXva
App Store vs. Application Server • App Store is a distribution tool to promote apps for download and/or purchase • Application server is a tool for storing applications
Basics • The most common FTP port is port 21 • The main connection in FTP is either referred to as the Control or Command Connection • SFTP stands for Secure File Transfer Protocol • SFTP is secure because it runs over SSH (Secure Shell) protocol • FTP connects the server and client
FTP • FTP is a way to transfer files online. • Browsers use a protocol called HTTP. • IMAP and POP, for instance, are two protocols that email clients use to send and receive messages. • XMPP is a protocol used to send and receive instant messages. • FTP is another such protocol.
FTP Connects • An FTP server offers access to a directory, with sub-directories. • Users connect to these servers with an FTP client, a piece of software that lets you download files from the server, as well as upload files to it.
FTP Channels • FTP uses two basic channels to operate: • The command channel carries information about the task itself — what files are to be accessed, if commands are registering, etc. • The data channel then transfers the actual file data between devices.
Error and Status Codes – 6 Levels • 1xx - The requested action is being initiated, expect another reply before proceeding with a new command. • 2xx - The requested action has been successfully completed. • 3xx - The command has been accepted, but the requested action is on hold, pending receipt of further information. • 4xx - The command was not accepted and the requested action did not take place, but the error condition is temporary and the action may be requested again. • 5xx - The command was not accepted and the requested action did not take place. • 10xxx - Winsock error codes
1xx Codes 110 Restart marker reply. 120 Service ready in nn minutes. 125 Data Connection already open, transfer starting. 150 File status okay, about to open data connection.
2xx Codes 200 Command okay. 202 Command not implemented, superfluous at this site. 211 System status, or system help reply. 212 Directory status. 213 File status. 214 Help message. 215 NAME system type. (Where NAME is an official system name from the list in the Assigned Numbers document.) 220 Service ready for new user. 221 Service closing control connection. Logged out if appropriate. 225 Data connection open; no transfer in progress 226 Closing data connection. Requested file action successful (for example - file transfer or file abort). 227 Entering Passive Mode. 230 User logged in, proceed. 250 Requested file action okay, completed. 257 "PATHNAME" created.
3xx Codes 331 User name okay, need password. 332 Need account for login. 350 Requested file action pending further information.
4xx Codes 421 Service not available, closing control connection. This may be a reply to any command if the service knows it must shut down. 425 Can't open data connection. Try changing from PASV to PORT mode. 426 Connection closed; transfer aborted. 450 Requested file action not taken. File unavailable (e.g., file busy). 451 Requested action aborted: local error in processing. 452 Requested action not taken. Insufficient storage space in system.
5xx Codes 501 Syntax error in parameters or arguments. 502 Command not implemented. 503 Bad sequence of commands. 504 Command not implemented for that parameter. 530 Not logged in. Your password is being rejected, contact the server administrator. 532 Need account for storing files. 550 Requested action not taken. File unavailable (e.g., file not found, no access). Contact the server administrator. 552 Requested file action aborted. Exceeded storage allocation (for current directory or data set). Contact the server administrator. 553 Requested action not taken. File name not allowed. Try changing the file name, or getting rid of spaces in the file name.
10xxx Codes 10054 Connection Reset by Peer - The connection was forcibly closed by the remote host. 10060 Can't connect to remote server (Generally a time-out error). Try switching from PASV to PORT mode. 10061 Can't connect to remote server. The connection is actively refused by the server. Try switching from PASV to PORT mode. 10066 Directory not empty. The server will not delete this directory while there are files/folders in it. 10068 Too many users, server is full. Contact the server administrator.
FTP Data Types • ASCII (TYPE A): Used for text. Data is converted, if needed, from the sending host's character representation to "8-bit ASCII" before transmission, and (again, if necessary) to the receiving host's character representation. As a consequence, this mode is inappropriate for files that contain data other than plain text. • Image (TYPE I, commonly called Binary mode): The sending machine sends each file byte by byte, and the recipient stores the bytestream as it receives it. (Image mode support has been recommended for all implementations of FTP). • EBCDIC (TYPE E): Used for plain text between hosts using the EBCDIC character set. • Local (TYPE L n): Designed to support file transfer between machines which do not use 8-bit bytes
FTP File Structures • File organization is specified using the STRU command: • F or FILE structure (stream-oriented). Files are viewed as an arbitrary sequence of bytes, characters or words. • R or RECORD structure (record-oriented). Files are viewed as divided into records. • P or PAGE structure (page-oriented). Files are divided into pages.
FTP Data Transfer Modes • Data transfer can be done in any of three modes: • Stream mode (MODE S): Data is sent as a continuous stream, relieving FTP from doing any processing. Rather, all processing is left up to TCP. No End-of-file indicator is needed, unless the data is divided into records. • Block mode (MODE B): Designed primarily for transferring record-oriented files (STRU R), although can also be used to transfer stream-oriented (STRU F) text files. FTP puts each record (or line) of data into several blocks (block header, byte count, and data field) and then passes it on to TCP. • Compressed mode (MODE C): Extends MODE B with data compression using run-length encoding. • Most contemporary FTP clients and servers do not implement MODE B or MODE C
FTP Login • FTP login uses normal username and password scheme for granting access.The username is sent to the server using the USER command, and the password is sent using the PASS command. This sequence is unencrypted "on the wire", so may be vulnerable to a network sniffing attack. Anonymous FTP: • A host that provides an FTP service may provide anonymous FTP access. Users typically log into the service with an 'anonymous' (lower-case and case-sensitive in some FTP servers) account when prompted for user name. Although users are commonly asked to send their email address instead of a password, no verification is actually performed on the supplied data. Many FTP hosts whose purpose is to provide software updates will allow anonymous logins.
FTP Security Issues • Brute-force attack • FTP bounce attack • Packet capture • Port stealing (guessing the next open port and usurping a legitimate connection) • Spoofing attack • Username enumeration • DoS or DDoS
Other FTP Options • FTP over SSH is the practice of tunneling a normal FTP session over a Secure Shell connection. • Explicit FTPS is an extension to the FTP standard that allows clients to request FTP sessions to be encrypted. • The SSH file transfer protocol (chronologically the second of the two protocols abbreviated SFTP) transfers files and has a similar command set for users but uses the Secure Shell protocol (SSH) to transfer files. • Trivial File Transfer Protocol (TFTP) is a simple, lock-step FTP that allows a client to get a file from or put a file onto a remote host. • Simple File Transfer Protocol (the first protocol abbreviated SFTP), proposed as an (unsecured) file transfer protocol with a level of complexity intermediate between TFTP and FTP.
Top FTP Tools • FileZilla [now said to include viruses upon download in the form of adware and malware, so avoid] • WinSCP • Using Windows Explorer [i.e. folder on your computer]
FTP with Windows Explorer
File eXchange Protocol • File eXchange Protocol (FXP or FXSP) is a method of data transfer which uses FTP to transfer data from one remote server to another (inter-server) without routing this data through the client's connection. • Enabling FXP support can make a server vulnerable to an exploit known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default. Some sites restrict IP addresses to trusted sites to limit this risk.
File Service Protocol • File Service Protocol (FSP) is a UDP-based replacement for the File Transfer Protocol, designed for anonymous access with lower hardware and network requirements than FTP. • As the FSP protocol is not officially recognized by IANA, it has no official port number.
FTP Port Numbers • 20 FTP -- Data • 21 FTP -- Control • 22 SSH Remote Login Protocol • 23 Telnet • 25 Simple Mail Transfer Protocol (SMTP) • 69 Trivial File Transfer Protocol (TFTP) • 80 HTTP • 115 Simple File Transfer Protocol (SFTP)
Websockets
Websockets • WebSockets, allow for sending message-based data, but with the reliability of TCP. • WebSocket uses HTTP as the initial transport mechanism but keeps the TCP connection alive after the HTTP response is received so that it can be used for sending messages between client and server. • WebSockets allow us to build “real-time” applications without the use of long-polling.
Websockets • WebSockets do not use the http:// or https:// scheme (because they do not follow the HTTP protocol). • WebSocket URIs use a new scheme ws: (or wss: for a secure WebSocket). The remainder of the URI is the same as an HTTP URI: a host, port, path and any query parameters. • "ws:" "//" host [ ":" port ] path [ "?" query ] • "wss:" "//" host [ ":" port ] path [ "?" query ]

More Related Content

PPTX
BITM3730Week9(1).pptx
MattMarino13
 
PDF
HTTP Status Codes Cheat Sheet: An Exhaustive List
Mainstreethost
 
PDF
REST 101: An Overview To Representational State Transfer.
Omar Fernando Zafe
 
PPTX
HTTP Request Header and HTTP Status Code
Abhishek L.R
 
PPTX
Web technology Unit-I Part D - message format
SSN College of Engineering, Kalavakkam
 
PPT
HyperText Transfer Protocol
ponduse
 
PDF
A Simple Guide to Proxy Error and Troubleshooting Issues
X-Byte Enterprise Crawling
 
PDF
Servlets http-status-codes
Rachana Joshi
 
BITM3730Week9(1).pptx
MattMarino13
 
HTTP Status Codes Cheat Sheet: An Exhaustive List
Mainstreethost
 
REST 101: An Overview To Representational State Transfer.
Omar Fernando Zafe
 
HTTP Request Header and HTTP Status Code
Abhishek L.R
 
Web technology Unit-I Part D - message format
SSN College of Engineering, Kalavakkam
 
HyperText Transfer Protocol
ponduse
 
A Simple Guide to Proxy Error and Troubleshooting Issues
X-Byte Enterprise Crawling
 
Servlets http-status-codes
Rachana Joshi
 

Similar to BITM3730 Networking.pdf (20)

PDF
The Art of API Design - PHP Tek 2025, Chris Tankersley
Chris Tankersley
 
PPTX
Http Status Message - Pocket Guide
Santhosh Kumar
 
PDF
HTTP
MaeEstherMaguadMaralit
 
PDF
The never-ending REST API design debate
Restlet
 
PDF
Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
Chris John Riley
 
PDF
21 HTTP Protocol #burningkeyboards
Denis Ristic
 
PDF
The never-ending REST API design debate -- Devoxx France 2016
Restlet
 
PPTX
Api 101
DrSimoneDiCola
 
PDF
When RSS Fails: Web Scraping with HTTP
Matthew Turland
 
PPTX
Web technologies: HTTP
Piero Fraternali
 
PPTX
Http
NITT, KAMK
 
PPTX
Module 5.pptx HTTP protocol on optical and wireless communication
chandushivamurthy4
 
PDF
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
GeeksLab Odessa
 
PDF
Best Practice in Web Service Design
Lorna Mitchell
 
PDF
Best Practice in API Design
Lorna Mitchell
 
PPT
Servlet unit 2
Shree M.L.Kakadiya MCA mahila college, Amreli
 
PDF
Introduction to HTTP
Seble Nigussie
 
PDF
How to redirect URL with Apache web server
Panu Ausavasereelert
 
PPT
thisisahypertextbastamaonanasiyaprom.ppt
luciclaveria65
 
PDF
HTTP Request and Response Structure
BhagyashreeGajera1
 
The Art of API Design - PHP Tek 2025, Chris Tankersley
Chris Tankersley
 
Http Status Message - Pocket Guide
Santhosh Kumar
 
HTTP
MaeEstherMaguadMaralit
 
The never-ending REST API design debate
Restlet
 
Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
Chris John Riley
 
21 HTTP Protocol #burningkeyboards
Denis Ristic
 
The never-ending REST API design debate -- Devoxx France 2016
Restlet
 
Api 101
DrSimoneDiCola
 
When RSS Fails: Web Scraping with HTTP
Matthew Turland
 
Web technologies: HTTP
Piero Fraternali
 
Http
NITT, KAMK
 
Module 5.pptx HTTP protocol on optical and wireless communication
chandushivamurthy4
 
WebCamp: Developer Day: Принципы построения эффективного REST API - Георгий П...
GeeksLab Odessa
 
Best Practice in Web Service Design
Lorna Mitchell
 
Best Practice in API Design
Lorna Mitchell
 
Servlet unit 2
Shree M.L.Kakadiya MCA mahila college, Amreli
 
Introduction to HTTP
Seble Nigussie
 
How to redirect URL with Apache web server
Panu Ausavasereelert
 
thisisahypertextbastamaonanasiyaprom.ppt
luciclaveria65
 
HTTP Request and Response Structure
BhagyashreeGajera1
 
Ad

More from MattMarino13 (20)

PPTX
INFO 2106 2-17-25.pptx Course Slide Deck
MattMarino13
 
PPTX
INFO 2105 PPTs Fall 2024 ---------------
MattMarino13
 
PPTX
1-22-24 INFO 2106.pptx
MattMarino13
 
PPTX
1-24-24 INFO 3205.pptx
MattMarino13
 
PPTX
BITM3730 11-14.pptx
MattMarino13
 
PPTX
01_Felke-Morris_Lecture_ppt_ch01.pptx
MattMarino13
 
PPTX
02slide_accessible.pptx
MattMarino13
 
PPTX
Hoisington_Android_4e_PPT_CH01.pptx
MattMarino13
 
PPTX
AndroidHTP3_AppA.pptx
MattMarino13
 
PPTX
9780357132302_Langley11e_ch1_LEAP.pptx
MattMarino13
 
PPTX
krajewski_om12 _01.pptx
MattMarino13
 
PPTX
CapsimOpsIntroPPT.Marino.pptx
MattMarino13
 
PPTX
Project Presentation_castroxa_attempt_2021-12-05-18-30-10_No Cap.pptx
MattMarino13
 
PPTX
Project Presentation_mirzamad_attempt_2021-12-05-23-35-25_HTML_presentation.pptx
MattMarino13
 
PPTX
Project Presentation_padillni_attempt_2021-12-05-18-52-37_Web Application Pre...
MattMarino13
 
PPTX
Project Presentation_thomasb1_attempt_2021-12-05-17-50-13_Developing Web Apps...
MattMarino13
 
PPTX
Project Presentation_hernana1_attempt_2021-12-05-22-06-56_Miyamoto BITM 3730 ...
MattMarino13
 
PPTX
1-23-19 Agenda.pptx
MattMarino13
 
PPTX
EDF 8289 Marino PPT.pptx
MattMarino13
 
PPTX
Agenda January 20th 2016.pptx
MattMarino13
 
INFO 2106 2-17-25.pptx Course Slide Deck
MattMarino13
 
INFO 2105 PPTs Fall 2024 ---------------
MattMarino13
 
1-22-24 INFO 2106.pptx
MattMarino13
 
1-24-24 INFO 3205.pptx
MattMarino13
 
BITM3730 11-14.pptx
MattMarino13
 
01_Felke-Morris_Lecture_ppt_ch01.pptx
MattMarino13
 
02slide_accessible.pptx
MattMarino13
 
Hoisington_Android_4e_PPT_CH01.pptx
MattMarino13
 
AndroidHTP3_AppA.pptx
MattMarino13
 
9780357132302_Langley11e_ch1_LEAP.pptx
MattMarino13
 
krajewski_om12 _01.pptx
MattMarino13
 
CapsimOpsIntroPPT.Marino.pptx
MattMarino13
 
Project Presentation_castroxa_attempt_2021-12-05-18-30-10_No Cap.pptx
MattMarino13
 
Project Presentation_mirzamad_attempt_2021-12-05-23-35-25_HTML_presentation.pptx
MattMarino13
 
Project Presentation_padillni_attempt_2021-12-05-18-52-37_Web Application Pre...
MattMarino13
 
Project Presentation_thomasb1_attempt_2021-12-05-17-50-13_Developing Web Apps...
MattMarino13
 
Project Presentation_hernana1_attempt_2021-12-05-22-06-56_Miyamoto BITM 3730 ...
MattMarino13
 
1-23-19 Agenda.pptx
MattMarino13
 
EDF 8289 Marino PPT.pptx
MattMarino13
 
Agenda January 20th 2016.pptx
MattMarino13
 
Ad

Recently uploaded (20)

PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
Institutional Correction lecture only . . .
limvtheghins
 
Lesson notes of climatology university.
sgladness67
 
master seminar digital applications in india
ananyaray35
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
RMMM.pdf make it easy to upload and study
sajedul2
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 

BITM3730 Networking.pdf

  • 1. Networks, Servers, and Websockets BITM 3730 Developing Web Applications
  • 2. Client • Client is “served” pages from a webserver • Client can be Internet Explorer, Chrome, Firefox and Safari • A web browser is considered a client • Client performs some processing of the output of the server
  • 3. Server • Server returns HTML along with other content such as images and small applications (flash, applets) • Servers are often found on the web • This is “interpreted” by the browser and displayed to the end user • Application servers typically provide dynamic content while the webserver is responsible for the delivery
  • 4. Basics • A web server delivers static content • An application server delivers dynamic content • The relationship between application servers and a database is that it transforms data with business logic • Web servers and application servers which are free and readily available are open source • FTP stands for File Transfer Protocol
  • 5. Web Server Defined • A web server is software and hardware that uses HTTP (Hypertext Transfer Protocol) and other protocols to respond to client requests made over the World Wide Web. • The main job of a web server is to display website content through storing, processing and delivering webpages to users.
  • 7. Web Server Possibilities • A static web server: We call it "static" because the server sends its hosted files as-is to your browser. • A dynamic web server: We call it "dynamic" because the application server updates the hosted files before sending content to your browser via the HTTP server. • An error message
  • 8. Potential Errors – 5 Levels • 1xx informational response – the request was received, continuing process • 2xx successful – the request was successfully received, understood, and accepted • 3xx redirection – further action needs to be taken in order to complete the request • 4xx client error – the request contains bad syntax or cannot be fulfilled • 5xx server error – the server failed to fulfil an apparently valid request
  • 9. 1xx Level Errors • 100 Continue: The server has received the request headers and the client should proceed to send the request body (in the case of a request for which a body needs to be sent; for example, a POST request). Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient. To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request and receive a 100 Continue status code in response before sending the body. If the client receives an error code such as 403 (Forbidden) or 405 (Method Not Allowed) then it shouldn't send the request's body. The response 417 Expectation Failed indicates that the request should be repeated without the Expect header as it indicates that the server doesn't support expectations (this is the case, for example, of HTTP/1.0 servers). • 101 Switching Protocols: The requester has asked the server to switch protocols and the server has agreed to do so. • 102 Processing: A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request. This code indicates that the server has received and is processing the request, but no response is available yet. This prevents the client from timing out and assuming the request was lost. • 103 Early Hints: Used to return some response headers before final HTTP message
  • 10. 2xx Level Errors • 200 OK: Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request, the response will contain an entity describing or containing the result of the action. • 201 Created: The request has been fulfilled, resulting in the creation of a new resource. • 202 Accepted: The request has been accepted for processing, but the processing has not been completed. The request might or might not be eventually acted upon and may be disallowed when processing occurs. • 203 Non-Authoritative Information: The server is a transforming proxy (e.g. a Web accelerator) that received a 200 OK from its origin but is returning a modified version of the origin's response. • 204 No Content: The server successfully processed the request and is not returning any content. • 205 Reset Content: The server successfully processed the request, asks that the requester reset its document view, and is not returning any content. • 206 Partial Content: The server is delivering only part of the resource (byte serving) due to a range header sent by the client. The range header is used by HTTP clients to enable resuming of interrupted downloads or split a download into multiple simultaneous streams. • 207 Multi-Status: The message body that follows is by default an XML message and can contain a number of separate response codes, depending on how many sub-requests were made. • 208 Already Reported: The members of a DAV binding have already been enumerated in a preceding part of the (multistatus) response and are not being included again. • 226 IM Used: The server has fulfilled a request for the resource, and the response is a representation of the result of one or more instance- manipulations applied to the current instance.
  • 11. 3xx Level Errors • 300 Multiple Choices: Indicates multiple options for the resource from which the client may choose (via agent-driven content negotiation). For example, this code could be used to present multiple video format options, to list files with different filename extensions, or to suggest word-sense disambiguation. • 301 Moved Permanently: This and all future requests should be directed to the given URI. • 302 Found (Previously "Moved temporarily"): Tells the client to look at (browse to) another URL. 302 has been superseded by 303 and 307. This is an example of industry practice contradicting the standard. The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302 with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to distinguish between the two behaviours. However, some Web applications and frameworks use the 302 status code as if it were the 303. • 303 See Other : The response to the request can be found under another URI using the GET method. When received in response to a POST (or PUT/DELETE), the client should presume that the server has received the data and should issue a new GET request to the given URI. • 304 Not Modified: Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None- Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy. • 305 Use Proxy: The requested resource is available only through a proxy, the address for which is provided in the response. For security reasons, many HTTP clients (such as Mozilla Firefox and Internet Explorer) do not obey this status code. • 306 Switch Proxy: No longer used. Originally meant "Subsequent requests should use the specified proxy." • 307 Temporary Redirect: In this case, the request should be repeated with another URI; however, future requests should still use the original URI. In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request. For example, a POST request should be repeated using another POST request. • 308 Permanent Redirect: The request and all future requests should be repeated using another URI. 307 and 308 parallel the behaviors of 302 and 301, but do not allow the HTTP method to change. So, for example, submitting a form to a permanently redirected resource may continue smoothly
  • 12. 4xx Level Errors • 400 Bad Request: The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing). • 401 Unauthorized: Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication. 401 semantically means "unauthorised", the user does not have valid authentication credentials for the target resource. • 402 Payment Required: Reserved for future use. The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, as proposed, for example, by GNU Taler, but that has not yet happened, and this code is not widely used. Google Developers API uses this status if a particular developer has exceeded the daily limit on requests. Sipgate uses this code if an account does not have sufficient funds to start a call. Shopify uses this code when the store has not paid their fees and is temporarily disabled. Stripe uses this code for failed payments where parameters were correct, for example blocked fraudulent payments. • 403 Forbidden: The request contained valid data and was understood by the server, but the server is refusing action. This may be due to the user not having the necessary permissions for a resource or needing an account of some sort or attempting a prohibited action (e.g. creating a duplicate record where only one is allowed). This code is also typically used if the request provided authentication by answering the WWW- Authenticate header field challenge, but the server did not accept that authentication. The request should not be repeated.
  • 13. 4xx Level Errors Cont. • 404 Not Found: The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible. • 405 Method Not Allowed: A request method is not supported for the requested resource; for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource. • 406 Not Acceptable: The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request. • 407 Proxy Authentication Required: The client must first authenticate itself with the proxy. • 408 Request Timeout: The server timed out waiting for the request. According to HTTP specifications: "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time." • 409 Conflict: Indicates that the request could not be processed because of conflict in the current state of the resource, such as an edit conflict between multiple simultaneous updates. • 410 Gone: Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.
  • 14. 4xx Level Errors Cont. • 411 Length Required: The request did not specify the length of its content, which is required by the requested resource. • 412 Precondition Failed: The server does not meet one of the preconditions that the requester put on the request header fields. • 413 Payload Too Large: The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large". • 414 URI Too Long: The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request, in which case it should be converted to a POST request. Called "Request-URI Too Long" previously. • 415 Unsupported Media Type: The request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format. • 416 Range Not Satisfiable: The client has asked for a portion of the file (byte serving), but the server cannot supply that portion. For example, if the client asked for a part of the file that lies beyond the end of the file. Called "Requested Range Not Satisfiable" previously. • 417 Expectation Failed: The server cannot meet the requirements of the Expect request-header field.
  • 15. 4xx Level Errors Cont. • 421 Misdirected Request: The request was directed at a server that is not able to produce a response. • 422 Unprocessable Entity: The request was well-formed but was unable to be followed due to semantic errors. • 423 Locked: The resource that is being accessed is locked. • 424 Failed Dependency: The request failed because it depended on another request and that request failed (e.g., a PROPPATCH). • 425 Too Early: Indicates that the server is unwilling to risk processing a request that might be replayed. • 426 Upgrade Required: The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field. • 428 Precondition Required: The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.
  • 16. Last 4xx Level Errors • 429 Too Many Requests: The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes. • 431 Request Header Fields Too Large: The server is unwilling to process the request because either an individual header field, or all the header fields collectively, are too large. • 451 Unavailable For Legal Reasons: A server operator has received a legal demand to deny access to a resource or to a set of resources that includes the requested resource. The code 451 was chosen as a reference to the novel Fahrenheit 451
  • 17. 5xx Level Errors • 500 Internal Server Error: A generic error message, given when an unexpected condition was encountered and no more specific message is suitable. • 501 Not Implemented: The server either does not recognize the request method, or it lacks the ability to fulfil the request. Usually this implies future availability (e.g., a new feature of a web-service API). • 502 Bad Gateway: The server was acting as a gateway or proxy and received an invalid response from the upstream server. • 503 Service Unavailable: The server cannot handle the request (because it is overloaded or down for maintenance). Generally, this is a temporary state. • 504 Gateway Timeout: The server was acting as a gateway or proxy and did not receive a timely response from the upstream server. • 505 HTTP Version Not Supported: The server does not support the HTTP protocol version used in the request.
  • 18. 5xx Level Errors Cont. • 506 Variant Also Negotiates: Transparent content negotiation for the request results in a circular reference. • 507 Insufficient Storage: The server is unable to store the representation needed to complete the request. • 508 Loop Detected: The server detected an infinite loop while processing the request (sent instead of 208 Already Reported). • 510 Not Extended: Further extensions to the request are required for the server to fulfil it. • 511 Network Authentication Required: The client needs to authenticate to gain network access. Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
  • 19. Commonly Used Web Servers [FREE] • Apache HTTP • NGINX • Apache Tomcat • Node.js • Lighttpd
  • 20. Web Servers [PAID] • GoDaddy • HostGator • OneWebHosting • Hostwinds • A2 Web Hosting • WP Engine • 1&1
  • 21. Understanding the Web • Website [also referred to as a domain] • Highest level of the website [Ex. https://www.shu.edu/ ] • Web page • Individual page within the website [Ex. https://www.shu.edu/business/index.cfm ] • Sub Domain • Generally, features its own web pages in a secondary folder [Ex. https://www.shu.edu/business/ or http://pirate.shu.edu/ ]
  • 22. If You Build It, They Will Come
  • 23. Web Server for Chrome • https://chrome.google.com/webstore/detail/web-server-for- chrome/ofhbbkphhbklhfoeikjpcbhemlocgigb?hl=en • App from Chrome Web Store • Runs Offline • Explained in depth at https://github.com/kzahel/web-server-chrome
  • 24. Application Server • Server that hosts application • Common tools • Java application servers • .NET Framework [from Microsoft] • PHP application servers • Mobile application servers
  • 25. Where Can App Servers Be Deployed • On premises [your computer/network] • Cloud [public on internet] • Private Cloud [private on internet – likely requires password] • PaaS – Platform as a Service [can be cloud based]
  • 26. PaaS PaaS can be delivered in three ways: • As a public cloud service from a provider, where the consumer controls software deployment with minimal configuration options, and the provider provides the networks, servers, storage, operating system (OS), middleware (e.g. Java runtime, .NET runtime, integration, etc.), database and other services to host the consumer's application. • As a private service (software or appliance) behind a firewall. • As software deployed on a public infrastructure as a service.
  • 27. Web APIs • When used in the context of web development, an API is typically defined as a set of specifications, such as Hypertext Transfer Protocol (HTTP) request messages, along with a definition of the structure of response messages, usually in an Extensible Markup Language (XML) or JavaScript Object Notation (JSON) format.
  • 28. You Build • You can build apps on your own using https://ibuildapp.com/ • Google also provides similar opportunities https://developers.google.com/appmaker • You can even turn your Mac into a server https://www.apple.com/macos/server/
  • 29. Application Servers – Most Commonly Used • JBoss [open source] • Glassfish [Oracle] • Weblogic [Oracle] • Websphere [IBM]
  • 30. App Stores [Mobile] • Google Play Store • Apple App Store • Samsung Galaxy Apps • LG SmartWorld • Huawei App Store • Sony Apps • Amazon Appstore • Aptoide • F-Droid • GetJar • ACMarket • SlideME • Uptodown Market • Itch.io • Cydia • neXva
  • 31. App Store vs. Application Server • App Store is a distribution tool to promote apps for download and/or purchase • Application server is a tool for storing applications
  • 32. Basics • The most common FTP port is port 21 • The main connection in FTP is either referred to as the Control or Command Connection • SFTP stands for Secure File Transfer Protocol • SFTP is secure because it runs over SSH (Secure Shell) protocol • FTP connects the server and client
  • 33. FTP • FTP is a way to transfer files online. • Browsers use a protocol called HTTP. • IMAP and POP, for instance, are two protocols that email clients use to send and receive messages. • XMPP is a protocol used to send and receive instant messages. • FTP is another such protocol.
  • 34. FTP Connects • An FTP server offers access to a directory, with sub-directories. • Users connect to these servers with an FTP client, a piece of software that lets you download files from the server, as well as upload files to it.
  • 35. FTP Channels • FTP uses two basic channels to operate: • The command channel carries information about the task itself — what files are to be accessed, if commands are registering, etc. • The data channel then transfers the actual file data between devices.
  • 36. Error and Status Codes – 6 Levels • 1xx - The requested action is being initiated, expect another reply before proceeding with a new command. • 2xx - The requested action has been successfully completed. • 3xx - The command has been accepted, but the requested action is on hold, pending receipt of further information. • 4xx - The command was not accepted and the requested action did not take place, but the error condition is temporary and the action may be requested again. • 5xx - The command was not accepted and the requested action did not take place. • 10xxx - Winsock error codes
  • 37. 1xx Codes 110 Restart marker reply. 120 Service ready in nn minutes. 125 Data Connection already open, transfer starting. 150 File status okay, about to open data connection.
  • 38. 2xx Codes 200 Command okay. 202 Command not implemented, superfluous at this site. 211 System status, or system help reply. 212 Directory status. 213 File status. 214 Help message. 215 NAME system type. (Where NAME is an official system name from the list in the Assigned Numbers document.) 220 Service ready for new user. 221 Service closing control connection. Logged out if appropriate. 225 Data connection open; no transfer in progress 226 Closing data connection. Requested file action successful (for example - file transfer or file abort). 227 Entering Passive Mode. 230 User logged in, proceed. 250 Requested file action okay, completed. 257 "PATHNAME" created.
  • 39. 3xx Codes 331 User name okay, need password. 332 Need account for login. 350 Requested file action pending further information.
  • 40. 4xx Codes 421 Service not available, closing control connection. This may be a reply to any command if the service knows it must shut down. 425 Can't open data connection. Try changing from PASV to PORT mode. 426 Connection closed; transfer aborted. 450 Requested file action not taken. File unavailable (e.g., file busy). 451 Requested action aborted: local error in processing. 452 Requested action not taken. Insufficient storage space in system.
  • 41. 5xx Codes 501 Syntax error in parameters or arguments. 502 Command not implemented. 503 Bad sequence of commands. 504 Command not implemented for that parameter. 530 Not logged in. Your password is being rejected, contact the server administrator. 532 Need account for storing files. 550 Requested action not taken. File unavailable (e.g., file not found, no access). Contact the server administrator. 552 Requested file action aborted. Exceeded storage allocation (for current directory or data set). Contact the server administrator. 553 Requested action not taken. File name not allowed. Try changing the file name, or getting rid of spaces in the file name.
  • 42. 10xxx Codes 10054 Connection Reset by Peer - The connection was forcibly closed by the remote host. 10060 Can't connect to remote server (Generally a time-out error). Try switching from PASV to PORT mode. 10061 Can't connect to remote server. The connection is actively refused by the server. Try switching from PASV to PORT mode. 10066 Directory not empty. The server will not delete this directory while there are files/folders in it. 10068 Too many users, server is full. Contact the server administrator.
  • 43. FTP Data Types • ASCII (TYPE A): Used for text. Data is converted, if needed, from the sending host's character representation to "8-bit ASCII" before transmission, and (again, if necessary) to the receiving host's character representation. As a consequence, this mode is inappropriate for files that contain data other than plain text. • Image (TYPE I, commonly called Binary mode): The sending machine sends each file byte by byte, and the recipient stores the bytestream as it receives it. (Image mode support has been recommended for all implementations of FTP). • EBCDIC (TYPE E): Used for plain text between hosts using the EBCDIC character set. • Local (TYPE L n): Designed to support file transfer between machines which do not use 8-bit bytes
  • 44. FTP File Structures • File organization is specified using the STRU command: • F or FILE structure (stream-oriented). Files are viewed as an arbitrary sequence of bytes, characters or words. • R or RECORD structure (record-oriented). Files are viewed as divided into records. • P or PAGE structure (page-oriented). Files are divided into pages.
  • 45. FTP Data Transfer Modes • Data transfer can be done in any of three modes: • Stream mode (MODE S): Data is sent as a continuous stream, relieving FTP from doing any processing. Rather, all processing is left up to TCP. No End-of-file indicator is needed, unless the data is divided into records. • Block mode (MODE B): Designed primarily for transferring record-oriented files (STRU R), although can also be used to transfer stream-oriented (STRU F) text files. FTP puts each record (or line) of data into several blocks (block header, byte count, and data field) and then passes it on to TCP. • Compressed mode (MODE C): Extends MODE B with data compression using run-length encoding. • Most contemporary FTP clients and servers do not implement MODE B or MODE C
  • 46. FTP Login • FTP login uses normal username and password scheme for granting access.The username is sent to the server using the USER command, and the password is sent using the PASS command. This sequence is unencrypted "on the wire", so may be vulnerable to a network sniffing attack. Anonymous FTP: • A host that provides an FTP service may provide anonymous FTP access. Users typically log into the service with an 'anonymous' (lower-case and case-sensitive in some FTP servers) account when prompted for user name. Although users are commonly asked to send their email address instead of a password, no verification is actually performed on the supplied data. Many FTP hosts whose purpose is to provide software updates will allow anonymous logins.
  • 47. FTP Security Issues • Brute-force attack • FTP bounce attack • Packet capture • Port stealing (guessing the next open port and usurping a legitimate connection) • Spoofing attack • Username enumeration • DoS or DDoS
  • 48. Other FTP Options • FTP over SSH is the practice of tunneling a normal FTP session over a Secure Shell connection. • Explicit FTPS is an extension to the FTP standard that allows clients to request FTP sessions to be encrypted. • The SSH file transfer protocol (chronologically the second of the two protocols abbreviated SFTP) transfers files and has a similar command set for users but uses the Secure Shell protocol (SSH) to transfer files. • Trivial File Transfer Protocol (TFTP) is a simple, lock-step FTP that allows a client to get a file from or put a file onto a remote host. • Simple File Transfer Protocol (the first protocol abbreviated SFTP), proposed as an (unsecured) file transfer protocol with a level of complexity intermediate between TFTP and FTP.
  • 49. Top FTP Tools • FileZilla [now said to include viruses upon download in the form of adware and malware, so avoid] • WinSCP • Using Windows Explorer [i.e. folder on your computer]
  • 50. FTP with Windows Explorer
  • 51. File eXchange Protocol • File eXchange Protocol (FXP or FXSP) is a method of data transfer which uses FTP to transfer data from one remote server to another (inter-server) without routing this data through the client's connection. • Enabling FXP support can make a server vulnerable to an exploit known as FTP bounce. As a result of this, FTP server software often has FXP disabled by default. Some sites restrict IP addresses to trusted sites to limit this risk.
  • 52. File Service Protocol • File Service Protocol (FSP) is a UDP-based replacement for the File Transfer Protocol, designed for anonymous access with lower hardware and network requirements than FTP. • As the FSP protocol is not officially recognized by IANA, it has no official port number.
  • 53. FTP Port Numbers • 20 FTP -- Data • 21 FTP -- Control • 22 SSH Remote Login Protocol • 23 Telnet • 25 Simple Mail Transfer Protocol (SMTP) • 69 Trivial File Transfer Protocol (TFTP) • 80 HTTP • 115 Simple File Transfer Protocol (SFTP)
  • 55. Websockets • WebSockets, allow for sending message-based data, but with the reliability of TCP. • WebSocket uses HTTP as the initial transport mechanism but keeps the TCP connection alive after the HTTP response is received so that it can be used for sending messages between client and server. • WebSockets allow us to build “real-time” applications without the use of long-polling.
  • 56. Websockets • WebSockets do not use the http:// or https:// scheme (because they do not follow the HTTP protocol). • WebSocket URIs use a new scheme ws: (or wss: for a secure WebSocket). The remainder of the URI is the same as an HTTP URI: a host, port, path and any query parameters. • "ws:" "//" host [ ":" port ] path [ "?" query ] • "wss:" "//" host [ ":" port ] path [ "?" query ]