Application Layer Protocols

Application layer protocols are the rules and standards that define how data is exchanged between user applications and the underlying network. This layer is responsible for enabling communication between software applications and network services. These protocols ensure that programs like web browsers, email clients, and file transfer tools can communicate effectively over the Internet or other networks.

Important Note:

• Application Layer provides services like email, web browsing, file transfer.
• Transport Layer is responsible for delivering data to the right application using port numbers.

Here is the list of top using protocols at application layer

1. HTTP (HyperText Transfer Protocol)

• HTTP is a stateless application-layer protocol used for transmitting hypertext (HTML) and other types of web content over the internet.

• It follows a client-server model where the client (usually a web browser) sends requests, and the server responds with the requested resources (web pages, images, stylesheets, scripts, etc.).

• HTTP is text-based and works using methods like:

  • GET – to request data from the server,
  • POST – to send data to the server (like form submissions),
  • PUT, DELETE, etc. for other operations.

• When HTTP data is passed to the transport layer, it is assigned port 80 by default (if not using HTTPS). This helps the server know which application should handle the incoming data.

Example:

• You type https://www.wikipedia.org in your browser.
• The browser sends an HTTP GET request to Wikipedia’s server.
• The server responds with the web page content (HTML, CSS, images).

2. HTTPS (HTTP Secure)

• HTTPS is the secure version of HTTP. It uses SSL (Secure Sockets Layer) or, more commonly, TLS (Transport Layer Security) to encrypt the data exchanged between a client (like a web browser) and a web server.

• This encryption ensures that sensitive data like login credentials, banking information, and personal details cannot be read or altered by attackers (such as during a man-in-the-middle attack).

• HTTPS uses TCP as its transport protocol, and by default, it communicates over port 443, which is added by the transport layer when the secure HTTP request is formed.

• It also ensures:

  • Confidentiality (data is encrypted),

  • Integrity (data is not tampered with),

  • Authentication (verifies server identity using digital certificates).

Example:

• You visit your online bank account at https://www.bankofexample.com.
• The browser shows a lock icon 🔒, indicating that HTTPS is in use.
• You enter your username and password in the login form.
• These credentials are encrypted during transmission so that no third party (e.g., hackers or ISPs) can read them.
• The server decrypts the data and allows you access only if the credentials are correct.

3. FTP (File Transfer Protocol)

• FTP is a standard application layer protocol used to transfer files between a client and a server over a TCP/IP network.

• It enables users to upload, download, rename, delete, or list files and directories on a remote system.

• FTP uses two separate TCP connections:

  • Port 21: for control commands (like login, file list, etc.).
  • Port 20: for actual data transfer (file upload/download).

• These port numbers are added by the transport layer after the FTP request is generated at the application layer.

Note: Standard FTP does not encrypt data, which means credentials and file contents are sent in plain text. For secure transfer, FTPS or SFTP is recommended.

 Example:

• A web developer needs to upload their website files (like index.html, style.css) to a web server.
• They open FileZilla and connect to the FTP server using login credentials.
• FileZilla communicates over port 21 to send commands like login and list directory.
• When the developer uploads a file, the file data is sent via port 20 (or passive mode port).
• The files are successfully transferred and appear on the hosting server.

4. SMTP (Simple Mail Transfer Protocol)

• SMTP is an application layer protocol used for sending emails.

• It enables email clients (like Gmail, Outlook, or Thunderbird) to send messages to a mail server, and also allows mail servers to forward messages to other mail servers.

• SMTP is a push protocol, meaning it only sends (not receives) email messages.

• It uses the TCP transport layer, with the port number added at the transport layer to ensure correct delivery:

  • Port 25 – commonly used for server-to-server email delivery.

  • Port 587 – used for secure, client-to-server submission of emails.

Note: SMTP does not handle receiving or reading emails — that’s done by POP3 or IMAP.

Example:

You: Send an email using Gmail

• Gmail formats message with MIME
• Encrypts it using TLS
• Uses SMTP to send to recipient’s mail server
• Email stored in server
• Friend opens Yahoo Mail, retrieves it via IMAP

5. POP3 (Post Office Protocol v3)

• POP3 is an application layer protocol used by email clients to retrieve emails from a mail server.

• Its main function is to download emails from the server to the client (like Outlook or Thunderbird) and usually delete them from the server afterward.

• This makes POP3 suitable for offline email access, but not ideal for accessing the same email account from multiple devices.

• It uses the TCP transport layer, where the transport layer assigns port 110 by default to ensure proper communication.

• For encrypted communication, POP3S (POP3 over SSL/TLS) uses port 995.

Note: POP3 is best when you want to keep a local copy of your emails and free up space on the server.

Example:

• A user configures Outlook with POP3 settings to manage their Gmail inbox.
• Outlook connects to Gmail’s POP server on port 110 (or 995 for secure connection).
• The user receives 10 new emails — Outlook downloads them and removes them from the server (unless configured otherwise).
• The user can now read the emails offline, but they won’t be available on Gmail’s web interface or other devices.

6. IMAP (Internet Message Access Protocol)

• IMAP is an application layer protocol used by email clients to access and manage emails directly on a mail server.

• Unlike POP3, which downloads and often deletes emails, IMAP keeps the emails on the server and allows users to view and manage them from multiple devices (e.g., phone, laptop, tablet).

• IMAP enables actions like:

  • Reading messages without downloading them,

  • Organizing messages into folders,

  • Flagging or marking them as read/unread,

  • Syncing changes across all connected devices.

• It uses TCP as the transport protocol, where the transport layer adds port 143 by default.

• For secure encrypted connections, port 993 is used (IMAPS – IMAP over SSL/TLS).

IMAP is ideal for users who want to access the same email account from multiple devices and keep their email synced everywhere.

Example:

• You sign in to your Gmail account on both your smartphone and laptop using IMAP.
• You read a message and move it to a folder called “Work” on your phone.
• When you later check your inbox on your laptop, the email is already marked as read and appears under the “Work” folder — thanks to real-time synchronization using IMAP.
• All changes stay synced, and the email remains stored on Gmail’s server.

IMAP vs POP3 – Key Differences:

8. DHCP (Dynamic Host Configuration Protocol)

DHCP is an application layer protocol used to automatically assign IP addresses and other network configuration settings (like subnet mask, default gateway, DNS servers) to devices on a network.

Instead of manually configuring each device with network settings, DHCP enables a central server to assign and manage them dynamically. This makes networking faster, easier, and less error-prone, especially in environments with many devices (like homes, offices, or schools).

When a device (called a DHCP client) joins a network, it follows a process known as DORA:

• Discover – The client broadcasts to find a DHCP server.
• Offer – The server responds with an available IP address offer.
• Request – The client requests to accept the offered IP.
• Acknowledge – The server confirms the assignment and finalizes the lease.

DHCP uses UDP at the transport layer, where:

• Port 67 is used by the DHCP server.
• Port 68 is used by the DHCP client.

DHCP is essential for automated, conflict-free IP assignment, especially in large or dynamic networks where devices frequently connect and disconnect.

Example:

• You bring your laptop to a café and connect to the public Wi-Fi.
• The moment your laptop joins the network, it sends out a DHCP Discover message.
• The café’s Wi-Fi router (acting as a DHCP server) responds with an available IP address and related configuration settings.
• Your laptop automatically receives and applies these settings, allowing you to access the internet without any manual input.
• The whole process happens in just a few seconds — and the IP address is typically leased for a certain time before it may be renewed or returned.

9. Telnet (Telecommunication Network)

Telnet is an application layer protocol used to remotely access and control networked devices using a command-line interface (CLI).

It allows users to establish a text-based session with another computer or network device over a TCP/IP network. Through Telnet, users can log in to the remote machine and execute commands as if they were physically present at that system.

Telnet is one of the earliest remote access protocols and supports:

• Basic remote administration
• Text-based communication over networks
• Access to routers, switches, or servers for configuration

However, Telnet does not encrypt data, meaning all information (including usernames and passwords) is transmitted in plain text. This makes it insecure and unsuitable for public or untrusted networks. Today, it’s largely replaced by SSH (Secure Shell) for secure remote access.

Telnet uses the TCP transport layer, where the transport layer assigns port 23 for communication.

Telnet is useful for basic or legacy remote device management, but should only be used in trusted, secure networks due to lack of encryption.

Example

• A network technician needs to configure a network switch in a local data center.
• They open a Telnet client on their laptop and connect to the switch’s IP address over port 23.
• Once connected, the technician sees a command-line prompt where they enter login credentials and begin configuring settings (like VLANs or IP interfaces).
• Since it’s a local and secured network, Telnet is acceptable in this case — but in modern networks, SSH is preferred for encrypted sessions.

10. SSH (Secure Shell)

SSH is an application layer protocol used to provide secure remote access to devices and systems over a network.

It is the modern and secure replacement for Telnet, offering encryption and authentication to ensure that data — including usernames, passwords, and commands — is transmitted securely between the client and server.

SSH supports:

• Remote login to servers and network devices
• Secure file transfers (via SCP or SFTP)
• Tunneling and port forwarding
• Executing remote commands securely

SSH uses the TCP protocol at the transport layer, where the transport layer adds port 22 to handle SSH communication.

SSH is widely used by system administrators and developers for secure, encrypted remote management of Linux/Unix-based systems.

Example:

A system administrator working from home needs to access a Linux server located in the company’s data center.

They open a terminal and type:

The SSH client initiates a connection to the server using TCP port 22.

After verifying the server identity and entering the password (or using a private key), the admin is logged in and can manage files, restart services, or run scripts — all securely and remotely.

Since the entire session is encrypted, sensitive data is protected even over public networks.

11. SNMP (Simple Network Management Protocol)

SNMP is an application layer protocol used for monitoring, managing, and controlling network devices such as routers, switches, firewalls, printers, and servers.

It enables network administrators to gather performance data, detect faults, and manage configurations from a central location — often through a Network Management System (NMS).

SNMP operates using a manager-agent model:

• The SNMP manager (usually a monitoring server) sends requests.

• The SNMP agent (running on the device) responds with the requested information or sends alerts (called traps).

SNMP supports:

• Polling for real-time data (e.g., CPU usage, bandwidth)

• Traps or notifications for fault alerts

• Configuration changes via management commands

SNMP typically uses UDP as the transport protocol. The transport layer assigns port 161 for general SNMP messages and port 162 for SNMP traps (alerts from devices).

 SNMP is essential for proactive network management, helping organizations maintain performance, uptime, and early detection of issues.

Example:

A company uses a network monitoring tool like Nagios, Zabbix, or SolarWinds.

The monitoring system (SNMP manager) polls all routers and switches every few minutes by sending SNMP requests to port 161.

Each device (SNMP agent) responds with data such as:

• Interface status
• Bandwidth usage
• Error rates

If a router interface goes down unexpectedly, the agent sends an SNMP trap to the manager using port 162, triggering an alert for the network team.

This allows administrators to detect problems early and take action quickly, often before users even notice.

Summary Table