What are Application-Layer Protocols?
Bit of a mouthful, isn’t it? If you read the blog last week, you’ll see that I talked about SSH and that it’s a type of protocol. I also briefly explained that a protocol is a “sort of language that allows machines to talk to each other.” Of course, there’s much more to it than that.
An application-layer protocol, again, is how machines message each other. Each different application-layer protocol has many things that define the protocol itself, such as the type of message that is being sent, the kind of information it’s sending, how the messages themselves get processed, etc. Take a look at how many of them there are below.
That ain’t even all of them, either! Notice how the protocols I mentioned in the last blog are there, which are SSH, HTTP, and FTP. Since I already covered SSH, I’ll only be going over FTP, SMTP, and HTTP as well as its variants like HTTPS.
FTP
File Transfer Protocol. This is the protocol used for actually transferring files over the Internet. I don’t need to go into just how important it is to be able to send files over the Internet. FTP utilizes two communication channels between the client and the host. One channel, called the command channel, is used for actually reading the requests like getting the file. The other channel, called the data channel, is used for actually sending the file. These two are separated so commands don’t have to wait for a file to finish transferring.
There are actually two different connection modes for FTP: active and passive. These connections are simply a way for both the client and server to agree on how they should communicate. Active connection is when the client sends a port number to the server via the command channel so the server can connect to that port and establish the data channel that way. Passive is when the client requests a port number from the server and then established the data channel that way. Passive connection is what is widely used today, but why? The issue is firewalls. In an active connection, the firewall on the client will see the server trying to connect to it and say “Whoa there pal, I don’t know what you are. No entry”. To circumvent this, passive connection was made so that the client has to be the one to outreach.
SMTP
Simple Mail Transfer Protocol. E-mails! It’s a simple communication protocol. E-mails have been around since the ’60s (I recommend reading up on what ARPANET is to get an idea of how these messages were sent before the Internet), and with technology starting to really take off, standards had to be created in order to ensure that these machines would be able to talk to one another. There were a slew of standards created during that time and SMTP would be the one to take over all of them under its umbrella. Mail is sent from the client to the Mail Transfer Agent, which is a software that reads and transfers mail, of another computer. Your mail may even go through multiple MTAs using SMTP before it reaches its destination as it goes through multiple authentication and storage processes.
HTTP
Hypertext Transfer Protocol. If there’s any protocol you’re familiar with, it’s this one. This protocol is responsible for transmitting hypermedia. Hypermedia is pretty much a form of information that can contain text, sound, graphics, video, etc. all in one hypertext format. It is important to note that when talking about a client in the context of HTTP that we mean web browsers specifically. The client sends a request to the server, which is usually a computer hosting a website, and the server responds by proving HTML documents for the web browser to display. HTTPS, which just has Secure at the end, encrypts HTTP using authentications to prevent anyone from hijacking any information being sent between the client and the server.
HTTP/2 and HTTP/3
But of course, technology is ever expanding, and with it, the guidelines must change as well. HTTP/2, which was developed by the IETF (Internet Engineering Task Force), was created to increase security and transmission efficiency of HTTP and was officially published on May 14, 2015. In just 4 years, we’re going to have a new iteration called HTTP/3, of which you can read the internet draft made by the IETF here, which seeks to improve on HTTP/2.