Network Protocols: Electronic Mail, HTTP, TCP, UDP, and ARP

Posted on Oct 15, 2025 in Contemporary Music Composition

Application Layer: Electronic Mail

Electronic mail is a core application within internet networks.

SMTP (Simple Mail Transfer Protocol)

• TCP/IP based for simple text message delivery.
• Independent of message/data format.
• Utilizes information in the message header.
• Message body content is not inspected.

MIME (Multi-Purpose Internet Mail Extension)

• Enables delivery of various data types (images, video, etc.).

Basic Operation:

• Messages are created using a user agent program (mail client) containing:
• Header: Recipient address and other information.
• Body: User data.
• Messages are queued and sent upon input to the SMTP sender program (typically a server process).

SMTP Sender:

• Retrieves messages from the queue.
• Transmits to the destination (via SMTP Transaction over one or more TCP connections to port 25).
• The destination may receive multiple messages from different sources.
• Upon successful transmission, the sender removes the destination from its message list.
• After all transmissions are complete, the message is deleted.

SMTP Receiver:

• Receives incoming messages.
• Places them in the user mailbox or copies them to an outgoing queue for forwarding.
• The receiver must verify the local mail destination and handle errors.
• The sender is responsible for the message until the receiver confirms complete transfer.

HTTP

• Client/server protocol.
• Typically used between a web browser (client) and a web server (server).
• Uses TCP connections.
• Stateless:
  • Each transaction is treated independently.
  • A new TCP connection is used for each transaction.
  • The connection is terminated after the transaction is complete.
• Port 80 is commonly used.

Web Documents:

• Static: User cannot directly modify the website content using a browser.
• Dynamic: User can modify specific page content directly using a browser.
• Active: User can update information without refreshing the webpage.

Transport Layer

Tasks of the Transport Layer:

• Packetizing: Dividing Protocol Data Units (PDUs) into packets for the network layer.
• Connection Control: Establishing a link from source to destination using a three-way handshake.
• Addressing: Port addressing.
• Providing Reliability: Attempting to ensure reliability during data transmission.

TCP

• Uses source and destination port numbers to uniquely identify communication processes on a host.
• Connection-oriented (RFC 793).

UDP

• Connectionless protocol, unreliable, lacking flow and error control.
• Uses port numbers to multiplex data from the application layer.
• Data delivery and duplication are not guaranteed.
• Reduced overhead.

ARP (Address Resolution Protocol)

In scenarios where multiple machines share the same IP address, multiple responses may occur. The entry placed in the ARP table depends on the networking implementation, host activity, and response speed. Once cached, the MAC address remains in use until the entry expires or is forcibly cleared, triggering another ARP request.

• If you have access to the system, you can find the MAC address using the ifconfig or ip addr ls commands.
• For remote scenarios with duplicate IP addresses, tcpdump is a valuable tool. Run tcpdump -lni any arp in one terminal and delete the ARP entry with arp -d [IP ADDRESS] in another. Pinging the IP address will reveal ARP packets.

Normally, ARP “is-at” replies, which cause machines to update their ARP tables, are sent in response to an ARP “who-has” request packet. However, if an IP address changes the MAC address it is at, for example if you move a service from one machine to another, other machines on that subnet will continue to cache the old value for some period of time. You can cause machines on a subnet to update their ARP tables by broadcasting an ARP reply packet which is not in response to a specific request. This is called a “Gratuitous ARP“. You can send a Gratuitous ARP using the “arping” command

• An Ethernet “learning bridge” is a device with multiple interfaces, which figures out what MAC addresses are on each of its segments. It will forward packets onto segments that they are destined for. A network switch is a bridge with many ports.
• Proxy ARP can produce similar results, by manually publishing ARP entries on one interface for machines on another interface. In this way, machines on one network segment know that they can reach machines on the other segment via this intermediary machine.

This does require that the IP addresses be in the same subnet, of course. Ethernet (at layer 2) doesn’t understand routing at all. When a packet is sent to an IP that isn’t in a local subnet, the routing table is consulted to find a machine on the local network that can reach the destination network, and packets are sent using the MAC of the router.

To do this, you need to use the “-i” option to “arp” which specifies the interface to publish it on. So you can take an IP address for a machine that is on eth0 interface, and publish it on eth1 using the eth1 MAC address.

Common TCP and UDP Ports:

• 20, 21 TCP File Transport Protocol (FTP)
• 22 TCP and UDP Secure Shell (SSH)
• 23 TCP TelNet
• 25 TCP Simple Mail Transfer Protocol (SMTP)
• 53 TCP and UDP DNS (Domain Name Server)
• 67, 68 UDP Dynamic Host Configuration Protocol (DHCP)
• 69 UDP Trivial File Transfer Protocol (TFTP)
• 80 TCP Hyper Text Transfer Protocol (HTTP)
• 110 TCP Post Office Protocol (POP3)
• 119 TCP Network News Transfer Protocol (NNTP)
• 123 UDP Network Time Protocol (NTP)
• 135 – 139 TCP and UDP NetBios
• 143 TCP and UDP Internet Message Access Control (IMAP4)
• 161, 162 TCP and UDP Simple Network Management Protocol (SNMP)
• 179 TCP Border Gateway Protocol (BGP)
• 389 TCP and UDP Lightweight Directory Access Control
• 443 TCP and UDP HTTP with SSL (Secure Socket Layer)
• 500 UDP Internet Key Management
• 636 TCP and UDP Lightweight Directory Access Control over SSL / TLS
• 989 or 990 TCP FTP over SSL / TLS