Protocols Supported

In Chapter 13, the discussion of the TCP/IP suite focused mainly on the network-layer protocols (such as IP) and transport-layer protocols (such as TCP and UDP) and how they work. The only application-layer protocols considered were the rather specialized ones called DHCP and DNS, which provide addressing and name resolution functions on TCP/IP internetworks like the Internet.

In addition, TCP/IP includes a whole series of application-layer protocols whose function is to allow users to interface with client/server applications and distributed applications on an internetwork. Examples of these protocols include Telnet, HTTP, FTP, Gopher, SMTP, NNTP, and so on. Other protocols, such as Simple Network Management Protocol (SNMP) and remote network monitoring, provide network management functions to simplify management of hosts on an internetwork. Because TCP/IP is constantly evolving, protocols are being enhanced and newer ones are emerging as older ones become obsolete.

As outlined in the next four sections, Microsoft has chosen to implement four of these application-layer protocols within the framework of IIS 5 on Windows 2000.


As you probably already know, HTTP is the application-layer protocol of TCP/IP that makes the World Wide Web (the Web) possible. This protocol handles the publishing of static and dynamic Web content on Windows 2000 Server. This publishing occurs when you create Web sites, as you'll learn later in this chapter.

The name of the underlying Windows 2000 service that supports HTTP is World Wide Web Publishing Service (WWW Publishing Service), which uses the associated executable System32\Inetsrv\Inetinfo.exe. In Event Viewer, the service goes by the short name W3SVC.

You can display and configure Windows 2000 services using the Computer Management snap-in, one of the default shortcuts in the Administrative Tools program group. When you open the Computer Management console, expand the Services And Applications node and select the desired service underneath it to display the various entries. Then double-click an item in the right pane to open its configuration dialog box and display or configure its various settings.

HTTP defines a client/server protocol that describes how communications occur between HTTP servers (called Web servers) and HTTP clients (called Web browsers). The following is a typical HTTP session between a Windows 2000 Server running IIS 5 (a Web server) and a client machine running Microsoft Internet Explorer 5 (a Web browser). An HTTP session is essentially made up of a connection, a request, and a response:

  1. The client machine uses TCP to establish a connection to the server, typically using port 80, which is the default or well-known port number for HTTP connections. You can specify other port numbers on the server if you want, but the client then needs to know the port number to connect to the server. The connection is formed using a standard TCP three-way handshake.
  2. Once connected to the server, the client machine requests a Web page or some other file from the server. The page could be specified by entering its URL into the Address box in Microsoft Internet Explorer, or the user might simply click a hyperlink on another page to request the new one. Either way, the client sends a packet to the server containing an HTTP Get Request message. A typical client's Get Request message might look like the following:
     GET /samples/sampsite/sampsite.htm HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
    Accept-Language: en-us
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (Compatible; MSIE 5.0; Windows NT 5.0)
    Host: ws1
    Connection: Keep-Alive

    The various lines of this request are called headers, and these headers allow the client to communicate information to the server such as this:

    • The particular Web page or other file that is being requested (in this example, the Web page Sampsite.htm)
    • The fact that the client supports version 1.1 of HTTP
    • The Multipurpose Internet Mail Extensions (MIME) types, languages, and encoding methods that the client understands
    • The type of client being used, which here is Internet Explorer 5
    • The Web server from which the page is requested (in this example, the Windows 2000 server called WS1)
    • Various other information, such as the fact that HTTP Keep-Alives are enabled on the client
  3. The server responds to the request by sending a series of packets containing the Web page or other file requested by the client. The first of these returned packets contains header information, which the server communicates to the client. For example, in response to the Get Request message sent by the client in step 2, the first packet sent by server WS1 starts with the following information:
     HTTP/1.1 200 OK
    Server: Microsoft-IIS/5.0
    Date: Mon, 26 Jul 1999 20:09:59 GMT
    Content-Type: text/html
    Accept-Ranges: bytes
    Last-Modified: Mon, 14 Oct 1996 01:38:00 GMT
    ETag: "08c375570b9bb1:968"
    Content-Length: 1066
    <TITLE>Sample Web Site</TITLE>
    <BODY BACKGROUND="/samples/images/backgrnd.gif" BGCOLOR="FFFFFF">

    The first few lines here are headers, and what the server is basically saying to the client is this:

    • HTTP 1.1 requests are acceptable to the server.
    • Error code 200 means the server accepts the client's request as valid and is returning the page that the client requested.
    • The type of server, date and time, and various other information follows.

    After the headers comes the beginning of the actual Web page requested by the client, showing the HTML that formats the information for the client so that it can be displayed as a Web page.

  4. At this point, if HTTP Keep-Alives are enabled, the TCP connection between the client and server stays open in case the client wants to request additional files from the server. If Keep-Alives are disabled, the TCP connection is terminated after the page is downloaded, and a new TCP connection must be established to download the next file (an embedded image within the page, for example). Establishing this connection can be troublesome if, for example, the Web page you are downloading has 33 embedded images, three Java applets, one ShockWave animation, and other neat stuff in it. Without Keep-Alives, the additional overhead of establishing and tearing down TCP connections for each file downloaded slows the process down a bit, so it's usually smart to leave Keep-Alives enabled (as explained in the next chapter).

That's basically all there is to HTTP. It's a simple client/server application-layer protocol based on the underlying TCP transport-layer protocol. HTTP is by far the most important of the four Internet protocols supported by IIS, and it is the basis of the Web.

More Info

Version 1.1 of Hypertext Transfer Protocol is defined in RFC 2068.

Real World

Troubleshooting HTTP Sessions

Unless Internet communications are specifically encrypted using the Secure Sockets Layer (SSL) protocol, HTTP sessions are transmitted in clear (unencrypted) text, which allows you to view the header information in HTTP packets using a tool such as Network Monitor. You can optionally install Network Monitor on Windows 2000 Server by using Add/Remove Programs in Control Panel and selecting Add/Remove Windows Components; select the Management And Monitoring Tools component, and click Details to access the Network Monitor option. This tool is often useful when trying to troubleshoot HTTP session problems.

Another useful tool for troubleshooting HTTP session problems is the telnet client program that is started from the command line. By starting telnet and opening a connection to the server using the HTTP port 80 instead of the usual telnet port 20, you can manually enter HTTP Get Request headers and view the results. Note that after typing headers, you enter a single blank line (CR/LF) to transmit the request to the server. Make sure you have Local Echo enabled on the telnet client and that you have set a large buffer size as well, to receive the response from the server.


FTP is an older TCP/IP application-layer protocol that enables users to transfer files over an internetwork like the Internet. The name of the underlying Windows 2000 service that supports FTP is called the FTP Publishing Service, and it has the same associated executable as the WWW Publishing Service: System32\Inetsrv \Inetinfo.exe. In Event Viewer, the service goes by the short name MSFTPSVC.

More Info

The File Transfer Protocol is defined in RFC 959.

FTP defines a client/server protocol that describes how communications take place between FTP servers and FTP clients. Specifically, FTP enables clients to upload files to or download files from an FTP server over an internetwork. A typical FTP session is essentially made up of a connection, a request, and a response, as the following example shows:

  1. The client forms a TCP connection with port 21 on the server. Port 21 is the standard TCP port that an FTP server continually "listens" to for FTP clients' connection attempts. Once a connection is formed, a randomly assigned port number above 1023 is given to the client. This initial TCP connection is used for transmission of FTP control information—that is, for commands sent from the client to the server—and for response codes returned from the server to the client.
  2. The client then issues an FTP command to port 21 on the server using the first TCP connection established in step 1. These commands are all issued as clear (unencrypted) text over the Internet connection, which means you can use the same tools (Network Monitor and telnet) to monitor and troubleshoot FTP sessions that you can use for HTTP. Typical FTP commands include Get (download a file), Put (upload a file), Binary (switch to binary mode), Cd (change to a different directory on the server), and so on.
  3. If the command issued by the client initiates a data transfer (upload or download) with the server, the server opens a second TCP connection with the client for performing the transfer. This second TCP connection uses port 20 on the server and a randomly assigned port number greater than 1023 on the client. (The first TCP connection—to port 21 on the server—is used only to send control information between the client and server, not for data transfer.)
  4. Once the data transfer is complete, the second TCP connection goes into a TIME_WAIT state until either another data transfer takes place or the connection times out.

You can use the Netstat utility from the command line to view information about TCP connections that FTP uses. Just open a command-prompt window on the client or server and type Netstat -p tcp to see the TCP connections.


SMTP is a popular TCP/IP application-layer protocol that forms the basis of the Internet's e-mail system. The console name of the underlying Windows 2000 service that supports SMTP is Simple Mail Transfer Protocol, and it has the same associated executable as the WWW Publishing Service: System32\Inetsrv \Inetinfo.exe. In Event Viewer, the service is referred to as SMTPSVC.

SMTP is both a client/server and server/server protocol, and it is used essentially for transferring e-mail from one SMTP host to another over an internetwork. A typical SMTP session begins with a connection followed by a series of commands. For example, consider the following scenario, in which the local (initiating) SMTP host wants to transfer e-mail to the remote (responding) SMTP host:

  1. An SMTP client connects to a local SMTP host to send an e-mail message addressed to a user residing in the domain of a remote SMTP host. The local host is responsible for transferring the message to the remote host so the intended recipient will be able to receive it.
  2. The local SMTP host forms a TCP connection on port 25 with the remote SMTP host using a standard TCP three-way handshake. Once the connection has been established, the remote host returns a Ready response to the local host, indicating that it's ready to initiate an SMTP session.
  3. The local host issues a Helo command, to which the remote host responds with OK. An SMTP session is now established.
  4. The local host issues a Mail From command indicating the name of the user who sent the e-mail. The remote host responds with OK.
  5. The local host issues a Rcpt To command indicating the name of the user to whom the e-mail is directed. The remote host responds with OK.
  6. The local host issues a Data command indicating that the body of the message will now be transferred. The remote host responds with OK.
  7. The message body is then transferred as a data stream of 7-bit ASCII characters. (8-bit binary data must be encoded into 7-bit ASCII data using the MIME protocol, because SMTP only understands ASCII.) The local host indicates the end of the data stream with a period (.), which is on a line by itself.
  8. If the intended recipient is running the SMTP client and is connected to the remote host, the recipient then receives the message that the sender addressed to him or her (but see the Real World sidebar entitled "SMTP Limitations").
  9. Further messages are then transferred. The local host terminates the SMTP session by issuing a Quit command, after which the TCP connection between the hosts is terminated.

More Info

The Simple Mail Transfer Protocol was originally defined in RFC 821, but various extensions to this protocol are further defined in RFCs 974, 1869, and 1870.

Real World

SMTP Limitations

The SMTP protocol is designed mainly for moving e-mail from one SMTP host to another and has no facility to store messages in folders for users so that the messages can be retrieved and read later. SMTP clients must therefore be continually connected to an SMTP host to retrieve and read their e-mail; otherwise, the e-mail bounces. As a result, other Internet e-mail protocols have been developed to enable e-mail to be temporarily stored until users can connect to retrieve their messages.

The most popular of these protocols are Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4 (IMAP4). However, IIS 5 in Windows 2000 supports neither of these protocols because the SMTP Service is primarily intended to provide e-mail-sending capability to Active Server Pages (ASP) applications running on IIS—it's not designed to function as a corporate e-mail server. If you want the full Internet capabilities of a corporate SMTP/POP3/IMAP4 e-mail server, you can use Microsoft Exchange Server for this purpose.


NNTP is a TCP/IP application-layer protocol that forms the basis of the USENET system of newsgroups used on the Internet. The console label of the underlying Windows 2000 service that supports NNTP is Network News Transfer Protocol, and it has the same associated executable as the WWW Publishing Service: System32\Inetsrv\Inetinfo.exe. In Event Viewer, the service is called NNTPSVC.

NNTP is both a client/server protocol and a server/server protocol that provides the following functionalities:

  • Allows an NNTP client (newsreader) to connect to an NNTP server (host) to download a list of available newsgroups on the server, read individual messages in the newsgroups, and reply to existing messages or post new ones to the server.
  • Allows one NNTP host to replicate its list of newsgroups and their messages with another host on an internetwork. This replication between hosts is performed using newsfeeds (or simply feeds), which can either be pushed or pulled between hosts.

Some of the commands that a newsreader can use during a session with a host include the following:

  • List Retrieves a list of newsgroups available on the host
  • Group Selects a particular newsgroup from which to retrieve messages
  • Article Retrieves a specific message from a newsgroup

More Info

The Network News Transfer Protocol is defined in RFC 977.

The commands used for communications between hosts (called NNTP control messages) include these:

  • Newgroup Indicates that a new newsgroup has been created
  • Rmgroup Indicates that a newsgroup should be deleted
  • Cancel Indicates that a specific message in a newsgroup should be deleted

More Info

A full discussion of an NNTP session is beyond the scope of this book, but you can learn more about NNTP control messages in RFC 1036.

Other Protocols

Although IIS 5 supports only the four application-layer Internet protocols just described, it does support other complementary Internet protocols that provide enhanced functionality to HTTP, FTP, SMTP, and NNTP. These additional protocols include the following:

  • Secure Sockets Layer (SSL) 3 Used to encrypt authentication and data transmission for HTTP and NNTP transmission using public-key cryptography.
  • Transport Layer Security (TLS) Used for encrypting SMTP transmissions only. A variant of SSL.
  • Lightweight Directory Access Protocol (LDAP) Used by the SMTP Service for accessing information in a directory service.
  • Multipurpose Internet Mail Extensions (MIME) Used by the HTTP service for communicating acceptable file formats to HTTP clients.

More Info

A full discussion of these four Internet protocols is beyond the scope of this book, but you can find information about them in the following RFCs:

SSL/TLS: RFCs 2246, 2487, and 2595

LDAP version 3: RFC 2251

MIME: RFCs 2045, 2046, 2047, 2048, and 2049

Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: