Network Security Introduction Although the term e-commerce is fairly new, many large companies have been conducting

a form of e-commerce for decades, by networking systems together with those of their business partners and clients. For example the banking industry uses Electronic Funds Transfer EFT! to transfer money between accounts. "any companies also use Electronic #ata $nterchange E#$! in which business forms , such as purchase orders and invoices are standardised so that companies can share information with customers, vendors and business partners electronically. EFT, E#$ and e-mail have been around for a long time. The $nternet has made it possible for even small businesses to compete because until recently e-commerce was only feasible for large companies. The infrastructure for e-commerce is networked computing, which is emerging as the standard computing environment in business, home and government. %etworked computing connects several computers and other electronic devices using telecommunications networks. This allows users to access information stored in several places and to communicate and collaborate with others from a desktop computer. &omputers connected to a global environment the $nternet! or its counterpart within an organisation is called an intranet. An intranet is a corporate network that functions with $nternet technologies, such as browsers, using $nternet protocols. Another computer environment is an extranet ' a network that links the intranets of business partners over the $nternet.

Brief History of Electronic Commerce

E-commerce applications first appeared in the early ()*+,s with EFT. -imited to large corporations and financial institutions. Then came E#$, which expanded from financial transactions to other transaction processing, and enabled manufacturers, retailers and services to participate. .ther applications soon followed ' travel reservation systems, AT"s ()/+,s!. 0ith commercialisation of the $nternet in the early ())+,s and its rapid growth millions of potential customers!, the term electronic commerce was coined and E& applications expanded rapidly. .ne reason for this rapid expansion was the development of networks, protocols and software. Definition The term commerce is often defined as a transaction conducted between business partners. Electronic commerce is the process of buying and selling or exchanging products, services and information via computer networks, including the $nternet. 1ome statistics /23 of 41 e-businesses do not deliver internationally. 5roblems include6- order tracking7 customs7 different prices need to be charged for deliveries overseas. )83 of online revenue comes from their own national market only 93 of E4 countries export outside Europe within Europe 9+3 of foreign competition comes from the 41 Applications of e-commerce are divided into three categories6(. :uying and selling goods and services ' often referred to as electronic markets 9. Facilitating inter- and intra-organisation flow of information, communication and collaboration. 8. 5roviding customer service.

What is E-Commence?
Electronic Markets A market is a network of interactions and relationships where information, products, services and payments are exchanged. 0hen a marketplace is electronic, the business centre is not a physical building, but rather a network-based location where business interactions occur. $t is place where

shoppers and sellers meet. The market handles all the necessary transactions, including the transfer of money between banks. $n electronic markets, the principle participants ' transaction handlers, buyers, brokers and sellers are not only at different locations, but seldom know one another. The means of interconnection varies. y!es of ransactions found :usiness to business :9:! ' most E& is of this type. $ncludes $.1 and electronic market transactions. :usiness to consumer :9&! ' mainly retailing transactions with individual shoppers ' e.g. Ama;on.com &onsumer to consumer &9&! ' consumer sells directly to consumers ' e.g. classified ads, selling cars or property etc www.classified9+++.com!. This also includes e-auctions. &onsumer to business &9:! ' individuals who sell products or services to organisations. %onbusiness E& ' nonbusiness organisations include academic institutions, charities, religious organisations, government agencies etc are using E& to reduce their expenses e.g. improve purchasing or customer services! $ntrabusiness organisational! E& ' includes internal organisational activities, usually performed on intranets that involve exchange of goods, services or information. Interor"anisational Information Systems An interorganisational information system is a unified systems encompassing several business partners. Typically it will include a company and its suppliers and<or customers. Through the $.1 buyers and sellers arrange routine transactions. $nformation is exchanged over communication networks using prearranged formats, so there will be no need for telephone calls, paper documents or business correspondence. This includes a variety of business activities, but the most common are as follows6 Electronic data exchange E#$! ' which provides secured :9: connection over value-addednetworks Extranets, which provide secured :9: connection over the $nternet Electronic funds transfer EFT! Electronic forms $ntegrated messaging ' delivery of e-mail and fax documents through a single electronic transmission system that can combine E#$, e-mail and electronic forms 1hared databases ' information stored in repositories is shared between trading partners and is accessible to all. .ften used to reduce elapsed time in communicating information between parties. 1upply chain management ' co-operation between a company and its suppliers

These systems all involve information flow between two or more organisations. The ma=or ob=ective is efficient transaction processing, such as transmitting orders, bills or payments using E#$ or extranets. All relationships are predetermined and there is no negotiation, only execution. There also exists a trust relationship between partners, as each shares databases, software and network links with the other.

Network Infrastructure for E-Commerce

The .1$ reference model stands for .pen 1ystems $nterconnection and is a model based on a proposal developed by the $1.. $t is also known as the seven layer model and the sub=ect of much standardisation. $t consists of seven separate but related layers, each of which defines part of the process of moving information across a network.

The problems of communicating between different computers can be split up into a series of smaller problems, hence there is a need to define the interfaces between layers. The aim is to use manufacturer independent specifications so that components from a range of suppliers can be mixed and matched freely. This allows greater range of choice when extending an installation. $t also avoids organisations becoming locked into the product range of one manufacturer.

.1$ "odel

Each layer adds it,s own header, before passing it down to the layer below.

?eaders added at each layer

Interfaces Between #ayers The passing of data and network information down through the layers of the sending machine and back up through the layers of the receiving machine is made possible by an interface between each pair of ad=acent layers. Each interface defines what information and services a layer must provide for the layer above. $t also defines the 5#4 protocol data unit! that is passed between layers. After appending the header the upper layer passes the 5#4 to the layer immediately below. 0ell-defined interfaces and layer functions provide modularity to a network. As long as a layer provides the expected services to the layer above it, the specific implementation of its functions can be modified or replaced without re>uiring changes to the surrounding layers. &ommunications between two different devices at the same level involves a logical peer-to-peer relationship. Application messages are only sent to the other application layer, although the actual route is through all the other layers. The higher layers are concerned with end-to-end communication. $n a communication that involves a source node, an intermediate node and a destination node, all

seven layers are used at the source and destination nodes. At the intermediate nodes only the bottom three layers physical<datalink<network! that are necessary for routing and link layer functions, are used to transfer data between nodes on a network.

$SI %eference Model

&!!lication #ayer - This is the highest layer and provides services directly to users. Allows the user to access the network. 5rovides user interfaces and support for services such as electronic mail, remote file access and transfer, shared database management, etc. $t handles sign-on procedures, checks passwords, controls >ueries and updates databases and the actual application programs. Another function is file transfer, where different file systems have different naming conventions, different ways of representing text lines, etc. To transfer files between two different systems re>uires handling these and other incompatibilities. $t also identifies the addresses re>uired, for example if you want to access a package on a computer in &alifornia, or log onto the 000. 'resentation #ayer ' ensures interoperability between communicating devices. @esolves differences in formats among the various computers, terminals, databases and languages used in a network. The functions of this layer make it possible for two computers to communicate even if their internal representations of data differ e.g. when one device uses one type of code and the other uses another!. $t provides code conversion as well as data formatting, data compression and encryption. &onverts from the representation used inside the computer to the network standard representation and back. This layer is not concerned with the informational content of the data. Session #ayer ' establishes connections between users. 5rovides the means for co-operating presentation entities to organise and synchronise their dialogue and manage their data exchange. .ne of the services is to handle dialogue control. $t co-ordinates the interaction between the end-user and the application program. ?andles recovery from a communications problem without losing data, as well as procedures needed to start and stop a task. For example a session may be created to transfer a file or allow a user to log onto a remote time-sharing service. rans!ort #ayer - provides for the transfer of messages between users. This means that the users need not be concerned with the manner in which reliable and cost-effective data transfers are achieved. $solates the upper layers from changes in the hardware technology. $t provides for end-to-end integrity and >uality of data. Network #ayer ' responsible for source to destination delivery of a packet. 0hile the data link layer oversees node-to-node delivery, the network layer ensures that each packet gets from its point of origin to its final destination successfully and efficiently. $t also breaks the messages from the higher layers into packets, to pass to the data link layer, and reassembles the packets received from the data link layer. 1witches and routes information between nodes on the network. $t is the highest layer involved in point-to-point communications between ad=acent nodes. $t sets up routes for messages to travel, based on the networkAs current status. @outes can be based on static tables that rarely change or they can be highly dynamic, and reflect the current network load. The network layer sends control messages to the other nodes on the network to maintain a knowledge of the status of the rest of the network. $t also informs the network of itAs own status. %etwork addresses are matched to the actual devices accessed by the end-users. $t also handles end-toend error detection and recovery. The transport layer creates a distinct network connection for each transport connection re>uired by the session layer. The most popular type of transport connection is an error-free point-to-point channel that delivers messages in the order in which they are sent. $t is a true

end-to-end layer, from source to destination. $n the lower layers the protocols are between each machine and its immediate neighbours. The source and destination may be separated by many routers. Data #ink #ayer - The unit of transport here is a frame and the function is to control the manipulation of data frames. $t handles addressing of outgoing frames "A& address! and the decoding of incoming frames. -arge packets received from the %etwork -ayer are broken into a number of frames and sent out. 5roduces acknowledgement frames that tell the sender that it has arrived correctly. 5rovides error control and detection for data which has been corrupted. %oise on a line can destroy a packet completely. Also deals with errors resulting from lost frames, duplication or loss of se>uencing. &ontrols the rate of flow of data frames between nodes. 1tops a fast transmitter from drowning a slow receiver, called flow control. A header and a trailer is added to each frame sent, which includes the physical address of the destination node, called addressing. Access control is re>uired when two or more devices are connected to the same link. The data link layer protocol is used to determine which device has control over the line at any given moment. 'hysical #ayer ( co-ordinates the functions re>uired to transmit a bit stream over a physical medium. #eals with the mechanical and electrical specifications of the connections, i.e. cables, connectors and signalling options that physically link two nodes. $t is also the actual physical link between two locations. &oncerned with transmitting raw bits over a communications channel - making sure that when one side sends a ( bit, the other side receives a ( bit.

C')I'
The $nternet is a collection of networks running the T&5<$5 Transmission &ontrol 5rotocol<$nternet 5rotocol! protocol suite. The protocols used in this network are simple, open and easy to use. The networking protocol architecture consists of various components6 5rotocol stack ' this comprises various layers that communicate among themselves efficiently to transmit a packet. Addressing ' the capacity to uni>uely identify a destination. @outing ' the capacity to efficiently determine the path a particular packet is to traverse to reach the destination.

The T&5<$5 protocol stack consists of four layers, as shown below. Each layer has clearly defined functions and capabilities. Each layer has a well defined interface to the layer above and below it, and so each can be designed independently. &ontrol information is added by each layer header! to the data it receives and it treats all the information received from the layer above header B data! as data, called encapsulation. Each row in the protocol stack is a different protocol layer Application -ayer consists of applications and Transport -ayer $nternet -ayer %etwork Access -ayer
processes that use the network provides end-to-end data delivery services defines the datagram and handles the routing of data consists of routines for accessing physical networks

user data! CT&5 header B user data!D E$5 header B CT&5 header B user data!DF
%<0 header E$5 header B CT&5 header B user data!DF

he &!!lication layer provides services for an application to send and receive data over the network. There are many application layer protocols and most provide user services, such as name resolution #%1!, telnet, FT5 file transfer protocol!, 1"T5 simple mail transfer protocol!, ?TT5 hypertext transfer protocol! and %F1 network file system!.

he rans!ort layer is responsible for providing services to the application layer as follows6(. &onnection-oriented or connectionless transport. For connection-oriented, once a connection is established between two applications, the connection remains until one of the applications terminates it. $n connectionless each packet contains the destination address. 9. @eliable or unreliable transport. $n reliable transport, the transport layer is responsible for ensuring lost packets are retransmitted, i.e. guarantees reliable delivery. $n an unreliable connection, the transport layer is not involved and it is up to the applications to handle packets lost or dropped by the network. 8. 1ecurity. This is a relatively new service offered by the transport layer. 1ervices such as authenticity, integrity and confidentiality are not widely supported, but will be in the future as part of the protocol stack. An application has to select the services it wants from the transport layer. 1ome combinations are not allowed, e.g. connectionless and reliable transport are not available together. The protocols used here are T&5 and 4#5. T&5 Transmission &ontrol 5rotocol! provides the connection-oriented reliable data delivery service with end-to-end error detection and correction. A logical end-to-end connection is established by means of a three-way handshake, between the two endpoints. Also re>uires a three way handshake to disconnect. 4#5 4ser #atagram 5rotocol! provides a low overhead, unreliable, connectionless datagram delivery service. There is no error-correction, retransmission, or lost, duplicate or re-ordered packet detection and error detection is optional. Internet #ayer concerned with routing data from source to destination. 4ses the $nternet 5rotocol $5!, which provides the basic packet delivery service on which T&5<$5 networks are built. All T&5<4#5 data flows through $5. $5 is a connectionless protocol, which means that $5 does not exchange control information handshaking! to establish an end-to-end connection before transmitting data. $5 relies on the protocols in the other layers to establish a connection if they re>uire connectionoriented service inc. error detection and recovery!. he Network &ccess #ayer is concerned with the logical interface between an end system and a network and must know the details of the underlying network, to correctly format data. Encompasses the two lowest layers of the .1$ model #atalink and 5hysical layers! and depending on which book you read! part of the %etwork layer. There are a number of access protocols used ' one for each physical network standard.

C' In Detail T&5 is connection oriented, which means it establishes an end-to-end connection between the two communicating hosts. &ontrol information is exchanged between the two end points using a threeway-handshake, to establish a dialogue before data is transmitted. After the data transfer, another three-way handshake is re>uired to close the connection. The data unit transmitted with a T&5 header! is called a segment. %ormally T&5 decides when a new segment is transmitted. At the destination, the receiving T&5 buffers the data in a segment in a memory buffer associated with the application and delivers it when the buffer is full. A segment may consist of multiple user messages if short message units are being exchanged, or part of a single larger message. The max. length of each segment is a function of T&5 which simply endeavours to ensure that the total submitted octet stream associated with each direction is delivered to the other side in a reliable way. T&5 ?eader

The T&5 segment structure is shown above ' E@ef Fig 8.9) from Gurose H @oss, p98(F 1ource and destination ports - 9 octets each - indicate the end points of the logical connection

1e>uence number - I octets ?eader length field - I bits - number of 89-bit words used can change because of the options! @eserved - for future use

&ode bits - J bits - set bits to indicate the validity of selected fields 4@K, A&G, 51?, @1T, 1L%, F$%! 0indow - sliding window flow control - number of octets relative to the current number that the source is willing to accept relates to buffer space at destination! &hecksum - verifies complete segment

4rgent pointer - indicates the amount of expedited data in the segment .ptions - max. number of octets in the user data field it is prepared to accept 4ser data - default max. is 28J - chosen on the assumption that 0A% will be in the route. $f a
-A% only is used then a larger segment si;e can be used see .ptions field! C' Connection Esta*lishment A connection starts in the &-.1E# state, and goes to either a passive open -$1TE%! or an active open &.%%E&T!. $f a connection is established then both ends will become E1TA:-$1?E#.

A client initiates a connection using the three-way handshake. A segment is sent with the Msynchronise se>uence numbersM 1L%! bit set. This tells the receiving host that there is an incoming connection and the se>uence number N! that will be used as the starting number of the segments. 1tarting se>uence numbers are a random number between + and 9 89 - ( and are used to maintain the data in the correct order.

T&5 8-way handshake

The receiver responds with a segment that has the Ack N B (! and 1L% bits set and contains the se>uence number L!, which is a different random number, that will be used by the destination host. The sender acknowledges the receipt of the receivers segment Ack L B (! and begins to transfer the data. C' Connection %elease This can be initiated by either side, and both return to the &-.1E# state. This is caused by an application executing a &-.1E primitive, which causes the local T&5 entity to send a T&5 segment with the F$% bit set and wait for an acknowledgement. 0hen the acknowledgement arrives a transition is made to the F$% 0A$T 9 state and one direction of the connection is now closed. 0hen the other side closes a F$% is also sent, which must be acknowledged. :oth sides are now closed, but T&5 waits a time e>ual to the max. packet lifetime to guarantee that all packets from the connection have died off. 0hen the timer expires T&5 deletes the connection record. 'ort &ddresses A remote computer may be running several server programs at the same time. 1imilarly, a local computer may have one or more client programs running. For a communication we must define6 local host local $5 address! local client program local port number! remote host remote $5 address! remote client program remote port number!

The local host and client are defined using $5 addresses. The client programs need an identifier called a port number. $n T&5<$5 port numbers are integers ranging from + to J2,282. There are a number of well-known port numbers which are pre-assigned. 'ort * (8 9( 'rotocol Echo #aytime FT5 Descri!tion Echos a received datagram back to the sender @eturns the date and time of day File Transfer 5rotocol

98 92 28 /+ II8

Telnet 1"T5 #%1 ?TT5 ?TT51

Terminal %etwork e-mail #omain %ame 1erver ?ypertext Transfer 5rotocol 1ecure ?TT5

Internet #ayer $5 is the protocol that provides the basic packet delivery service on which T&5<$5 networks are built. All protocols in the layers above use $5 to deliver data. All T&5 and 4#5 data flows through $5, regardless of final destination. The functions include6 #efining the datagram - basic unit of transmission

#efining the $nternet addressing scheme "oving data between %etwork Access -ayer and the ?ost-to-?ost transport layer @outing datagrams to remote hosts 5erforming fragmentation and reassembly of datagrams

$5 is a connectionless protocol, which means that it does not exchange control information handshake! to establish an end-to-end connection before transmitting data. $5 relies on the protocols in other layers to establish a connection if they re>uire connection-oriented service. $t also relies on the other layers to provide error detection and error recovery. I'+, Header -ormat

The datagram is the packet format defined by $5. The first five or six 89-bit words of the $5 packet header are control information.

Oersion field - allows older versions to run along side newer versions. ?eader length field - the header is not constant - need to say how long it is, in 89-bit words min 2
- i.e. no options present!. $?- is I bits in length - limits the header to I+ bytes Type of 1ervice - host can specify type of service re>uired Po1!. Three bit precedence field + -normal to * - network control packet! and three bit flags Cdelay, throughput, reliabilityD Total length - include everything in the datagram - max length J2,282 bytes belongs to

$dentification field - allows destination to determine which datagram a newly arrived fragment

 Three bits - first is unused - second is #F donAt fragment! - third is "F more fragments! Fragment offset - where in the current datagram this fragment belongs. All fragments except the
last, must be a multiple of / bytes. 1ince (8 bits are provided there is a max of /()9 bytes per datagram - giving a max datagram length of J2,28J bytes one more than the total length! Time to live - counter used to limit packet lifetimes %o. of hops!

5rotocol field - tells $5 which transport process to give it to - e.g. T&5 ?eader checksum - verifies the header only 1ource and destination address - network number and host number .ptions - currently five defined security, strict source routing, loose source routing, record route, timestamp!

I' &ddress Classes .riginally, the $5 address space was divided up into a few fixed-length address classes class A, class : and class &!. :y examining the first few bits of an address, the class can easily be determined and hence the structure of the address. I' &ddresses

%outin" To deliver data between any two $nternet hosts it is necessary to move the data across the network to the correct host, and then within that host to the correct user or process. Kateways route data between networks. Eventually the datagram finds its way to your local gateway. 4ser A 4ser :

Application Transport %etwork #atalink 5hysical

Source node

%etwork %etwork #atalink #atalink 5hysical 5hysical

Intermediate node 1ource, $ntermediate and #estination nodes E@ef6 &onverged %etwork Architectures - ..&. $beF

Application Transport %etwork #atalink 5hysical

Destination node

The $nternet -ayer makes routing decisions based on the network portion of the address. This is done

by applying a network mask to the address. $f the destination network is the local network, then the data is delivered to the local destination host. $f it is not local, the $5 module looks up the network in the local routing table. All of the gateways that appear in the routing table are on networks directly connected to the local system. A host is typically connected to a router - the default router - which is the first hop in the path across the network. The routing algorithm within a router will determine the next hop for a particular source<destination pair, generally based on some metric hop count, distance, cost, load, etc!. A collection of routers that are under the same administrative control generally run the same routing protocol and are know as an autonomous system A1!. @outing protocols are divided up according to whether they route datagrams within a single A1 $nterior Kateway 5rotocols! or between multiple A1s Exterior Kateway 5rotocols!. -ra"mentation As a datagram is routed through different networks, it may be necessary for the $5 module in a gateway to divide the datagram into smaller pieces, called fragmentation. A datagram from one network may be too large to be transmitted in a single packet on the next dissimilar! network. Each type of network has a maximum transmission unit "T4! which is the largest packet that it can transfer. The "T4 for an Ethernet is (,2++ bytes of data, while many wide area links can carry no more than 2*J bytes AT" has a payload of I/ bytes!. Each $5 datagram is encapsulated within a datalink layer packet for transportation from one router to the next, and this places a hard limit on the length of an $5 datagram. This is not a problem in itself, but the problem is that each of the links along the route may be using different datalink layer protocols, and each may have a different "T4. An $5 datagram arrives at a router. The router determines the next hop in the route by checking the destination address against its routing tables. $t also checks the "T4 for the corresponding next link. $f the current datagram is too big for the outgoing link then the solution is to fragment the data in the $5 datagram into two or more smaller $5 datagrams. Each of these smaller datagrams is referred to as a fragment. Fragments need to be re-assembled before they are passed to T&5 or 4#5, as both these protocols are expecting to receive complete, unfragmented segments from the network layer. The =ob of reassembly is done by the end systems. As each datagram is created, the sending host stamps the datagram with an identification number, plus the source and destination addresses. The identification number is then incremented for each datagram sent. 0hen a router has to fragment a datagram, each resulting datagram fragment! is stamped with the source and destination address and the identification number of the original datagram. 0hen the destination host receives a series of datagrams from the same source, it must determine if the datagrams are fragments of a larger datagram. The format of each fragment is the same as any normal datagram, except the fragmentation field in the $5 header indicates that this datagram has been fragmented and the offset field indicates where, in the original datagram, the fragment should be placed. There is also a flag which indicates that this is the last fragment of this datagram, that allows a host to determine if a fragment is missing. $f one or more fragments does not arrive at the destination then the datagram is discarded. T&5 will then recover this loss by having the source retransmit the original data. Fragmentation and reassembly put an additional burden on routers and destination hosts. ?ence it is desirable to keep fragmentation to a minimum. This is often done by limiting 4#5 and T&5 segments to a relatively small si;e, so that fragmentation is unlikely to occur. %ext time you surf the 0eb see if data arrives in approx. 2++ byte blocks.!

&ddress %esolution The $5 address and the routing table direct the datagram to a specific physical network, but when data travels across the network, it must obey the physical layer protocols used by that network. An $5 address can not be used to transport T&5<$5 over an local area network, as the physical networks that underlay the T&5<$5 network have their own addressing schemes. ?ence encapsulation into Ethernet frames which can use the "A& addresses to deliver the data to the correct machine is essential. .ne task of the network access protocols is to map $5 addresses to physical "A&! addresses. The most common is the Address @esolution 5rotocol A@5! which maps $5 addresses to "A& addresses. A@5 maintains a table of translations between $5 addresses and "A& addresses, which is built dynamically. 0hen A@5 receives a re>uest to translate an $5 address, it checks the table. $f the address is found then it returns the "A& address. $f the address is not found then A@5 broadcasts a packet, which contains the $5 address which needs a "A& address, to every host on the -A%. A host will identify the $5 address as its own and returns its "A& address. The response is then cached in the A@5 table.

&omparison of .1$ and T&5<$5 "odels

%eferences E(F E-:usiness H E-&ommerce "anagement pub 5rentice-?all E9F E8F EIF

by #. &haffey,

+-9*8-J2(//-) (-2222/-929-I +-*2+J-I222-2 +-+*-*+)/2*-)

%etworking Explained by ".Kallo, 0.?ancock, pub #igital 5ress 4nderstanding the $nternet - A clear guide to internet technologies by G. 1utherland pub :utterworth ?einemann E-&ommerce - &ontext, &oncepts H &onse>uences by %. :andyo-padhyay pub "cKraw-?ill

How does a com!uter send a re.uest to a We* ser+er on the other side of the world? The user is located on a 5& connected to a -A%, or a telephone line via a modem, while the web server is located on the other side of the world on a completely different -A%. 0hen the user clicks on an icon or some text that points to a page located at a 4@- the steps that occur are as follows6(. The browser verifies that the 4@- typed by the user! is syntactically correct 9. :rowser makes a re>uest to the #%1 for the $5 address that corresponds to the 4@8. #%1 replies with an $5 address or an error message I. :rowser ?TT5 client! makes the T&5 connection to port /+ at the destination $5 address 2. The ?TT5 client sends a ?TT5 re>uest e.g. KET < hypertext/WWW/index.html! to the server via the socket associated with the T&5 connection. J. The ?TT5 server receives the re>uest message via the socket associated with the connection, retrieves the ?T"- page, encapsulates it in a ?TT5 response message and sends the re>uested file index.html! via the socket *. The ?TT5 server tells T&5 to close the T&5 connection T&5 does not close the connection until it is sure that the client has received the message correctly!. /. The ?TT5 client the browser! receives the response message and displays the page. T&5 now terminates the connection. ). The browser then fetches and displays all the images in the ?T"- page, by establishing a new connection for each image ?TT5 (.+!

user (! &lient browser running on 5& 9! 8! I!

#%1 server

2! local server $nternet *!

J!

port /+

J!

/! )! ()8.J+.(98.*/

0eb server