The Application Layer

The final layer of a network is the application layer. When a Web browser gets a Web site to display for you, when your email program checks for new email messages, or when you print, your computer uses the communications layer to get the information to and from the destination. The application layer is responsible for coordinating communications.

It is possible for a computer to be a Web server and an email server at the same time using the same IP address. But how does your browser know to download a Web page, and your email program know to download your new email? It turns out that each IP address is broken down into something called ports. These ports are numbered 1 through 65,535. Only one service can use a port at a time. For example, Web servers use port 80 by default. Technically, when you type in the address for Apple’s Web site, you should have to specify not only the IP address but the port as well. So, Apple’s Web server is at 172.112.152.32 port 80. The shorthand for specifying the full IP address would be 172.112.152.32:80. Web browsers, however, know that most Web sites are on port 80. So, unless you specify otherwise, they will assume that you mean port 80.

Every service you use on a network has at least one port associated with it. When your email software checks for email, it checks a POP email server using port 110. Sending email is usually done using an SMTP server on port 25. When you log into an FTP server and browse the contents, your FTP software connects to the server using port 21. Downloading files from an FTP server is usually done using port 20, however.

A firewall is a protective gateway for network traffic, preventing and allowing traffic based on a set of rules. Firewalls are typically in one of two places: they are either installed on your computer as software to protect your computer or they are hardware devices on your network that protect your whole network from outside attacks.

In this sense, a NAT-enabled router is a kind of firewall by default: it only allows certain packets back through to the inside. But NAT-enabled devices are not very good firewalls. A good firewall analyzes each packet as it comes or goes and either accepts or rejects it based on a set of rules that you define.

For example, if you had a Web server on your network and a firewall protecting your network, you would want to set up a rule that allowed any traffic going to your Web server on port 80 to pass through while traffic to any other address and any other port is denied. Managing a firewall can be tricky, however. Depending on the services you need to use, you may find that a firewall will prevent certain services from working through it. When in doubt, check the documentation for the service in question. If you are trying to use Timbuktu through a firewall for example, check the Timbuktu Web site for help on configuring a firewall for use with Timbuktu, for example. There are usually detailed instructions about which ports the service uses. Another good references is the Internet Assigned Numbers Authority (IANA). The IANA keeps a list of well known ports for reference at www.iana.org/assignments/port-numbers.