ptg
344
HOUR 19: Streaming and Casting
Stream Control Transmission Protocol (SCTP), which is described in RFC 2000 and
later documents, is a connection-oriented transport protocol (and thus more similar
to TCP), but, like UDP, SCTP is more message-oriented. SCTP also offers the capabil-
ity to maintain several message streams in parallel through a single connection.
Datagram Congestion Control Protocol (DCCP), which is described in RFC 4340, also
borrows features from both TCP and UDP. DCCP is connection-oriented (like TCP),
with fast but unreliable delivery (like UDP).
Both SCTP and DCCP perform something called congestion control. As you can see
by the name, DCCP is especially interested in providing a congestion control mecha-
nism. Congestion control is a means for reducing the kinds of retransmission issues
associated with TCP and providing more efficient use of the bandwidth. Algorithms
used by the protocol adjust the characteristics of the data flow to optimize through-
put and reduce the number of retransmitted packets.
Implementations of SCTP and DCCP are available now. SCTP has been around for a
little longer, and is perhaps better known to developers, but DCCP shows promise.
Multimedia Links
You don’t have to surf far to find video and audio images embedded in web pages.
Click a link to hear a sound, watch video, or listen to a vocal track. You might be
wondering what is actually happening with you click that link.
The answer, of course, depends on where the link goes. Many multimedia links are
simply files. As you learned earlier in Hour 17, “HTTP, HTML, and the World Wide
Web,” an
<a> tag with an HREF attribute is a reference to another resource. In previ-
ous examples, that resource was a web page. However, the reference can point to
any type of file as long as the browser knows how to interpret the file’s contents.
Modern browsers can handle many different types of file formats. On Windows sys-
tems, the file extension (the part of the filename after the period, such as
.doc,

extension(s) that the computer should use to open the application. In some cases, if
the correct application or plugin isn’t available to play the file, the user is directed
to a download site and the file is installed automatically.
Of course, there is much more to the process of recording, encoding, and viewing a
multimedia file. However, the details are not actually the business of HTTP or
TCP/IP. As far as the network is concerned, the browser simply downloads a file
when a user clicks on the link.
The fact that the browser sometimes uses other applications to open and execute
files demonstrates that the whole HTTP ecosystem (HTTP, HTML, the web server,
the web browser) is essentially a delivery method, much like the TCP/IP layers
below.
Sometime the link offers the option of connecting to an actual multimedia stream,
as described earlier in this hour. Streaming servers located on the Internet stream
audio and video content on demand to a user who clicks the link.
A common means for initiating a stream through a web browser is with the RTSP
protocol, which you learned about earlier in this hour. As this hour has already
described, RTSP does not actually participate in the streaming, but it provides a con-
trol system for starting and stopping the stream. A URL such as
rtsp://greatmovies.com/casablanca.mp4
might deliver a Bogart classic to your desktop—if your browser is configured with
the correct software to process the connection.
By the
Way
From the Library of Athicom Parinayakosol
ptg
346
HOUR 19: Streaming and Casting
To complicate matters, streams are sometimes obscured by web scripts or intention-
ally hidden from view. Sometimes the URL for a multimedia stream is actually
enclosed in a small text file called a metafile. The resource referenced in the address

media files over
an RSS service.
From the Library of Athicom Parinayakosol
ptg
Voice Over IP (VoIP)
347
The goal of the podcast phenomenon is to deliver multimedia files to the viewer
directly using the tools of RSS. As it turns out, RSS provides a means of attaching a
file to the news message. That attachment feature became the vehicle for podcasting.
Podcast client applications manage the podcast files and provide notice of updates.
iTunes users can easily receive podcasts, and other music players also offer the fea-
ture. iPodder is an open source podcast client that works with Windows, MacOS,
Linux, and BSD systems.
The whole purpose of the podcast is to receive periodic updates, which means that
whoever is producing the podcasts on the server side needs to provide some kind of
ongoing programming. Grassroots podcasts have become popular around the world,
with regular interviews, how-to sessions, music videos, and comedy acts beaming
out to subscribers through the miracle of RSS.
Voice Over IP (VoIP)
Internet telephony is now quite common in many areas. TCP/IP phone service is
often less expensive, and more versatile, than conventional phone service. In many
ways, Internet phone calls are just another form of streaming audio, so it should be
no surprise that RTP is the most popular protocol for transmitting voice over IP
(VoIP) communications. But the act of talking is only one piece of the puzzle. The
business of finding a user, placing a call, setting up a session, and gracefully ending
the session requires new tools and protocols.
If you expect your IP phone service to connect with the conventional phone net-
work, you also face the problem of providing a control system that is compatible (or
at least interfacable) with equivalent controls used on conventional phone systems.
IP telephony can occur through an actual hardware phone device (which is similar

gateway are often much higher than calling a user through end-to-end Internet
telephony. End-to-end calls across the Internet are often free (or nearly free) to any-
where in the world for users who pay the monthly subscription rate.
VoIP
Gateway
FIGURE 19.5
A VoIP gateway
services as an
interface to the
conventional
phone network.
Summary
This hour looked at some of the technologies that provide multimedia streaming on
the Internet. You learned about RTP, RTSP, and RTCP. This hour also looked at the
SCTP and DCCP transport protocols and discussed how multimedia links play music
and video with a mouse click. You also learned about podcasting, and the hour
ended with a look at voice over IP.
From the Library of Athicom Parinayakosol
ptg
Key Terms
349
Q&A
Q. Why are the primary Transport layer protocols ill-suited for streaming?
A. UDP is fast but unreliable, and TCP is reliable, but the controls used to ensure
delivery make it slow and prone to retransmission.
Q. What is the purpose of RTP’s two sister protocols, RTCP and RTSP?
A. While RTP provides the streaming, RTCP monitors and reports on quality of
service. RTSP is used for control commands to start or stop the stream.
Q. Why does YouTube convert the videos submitted to Flash format?
A. Flash is an efficient and reliable video format, and the Flash player is readily

From the Library of Athicom Parinayakosol
ptg
PART VI
Advanced Topics
HOUR 20 Web Services 353
HOUR 21
The New Web 363
HOUR 22
Network Intrusion 375
HOUR 23
TCP/IP Security 391
HOUR 24
Implementing a TCP/IP Network—Seven Days 413
in the Life of a Sys Admin
From the Library of Athicom Parinayakosol
ptg
This page intentionally left blank
From the Library of Athicom Parinayakosol
ptg
HOUR 20
Web Services
What you’ll learn in this hour:
.
Web services
.
XML
.
SOAP
.
WSDL

An easier solution that emerged over time is to use the existing tools, technologies,
and protocols of the Web as a basis for creating custom network applications. This
approach, which is supported by big companies such as IBM and Microsoft, as well
as open source advocates and development tool vendors around the world, is known
as the web services architecture.
The idea behind the web services architecture is that the web browser, web server,
and TCP/IP protocol stack handle the details of networking so the programmer can
concentrate of the details of the application. In recent years, this technology has
outgrown the original vision of the Web as a manifestation of the global Internet.
This web services architecture is regarded now as an approach to building any sort
of network application, whether that application is actually connected to the
Internet. Large and powerful vendors such as Sun, Microsoft, and IBM have invested
enormous resources in building component infrastructures to support this web
services vision.
The HTTP delivery system is only part of what we know as web services. Also signifi-
cant is the arrival of component architectures that provide ready-made classes, func-
tions, and programming interfaces for working within a web-based environment.
Web service applications are often used in situations that require a simple client
connection to a server that maintains inventory or processes orders. For instance, a
manufacturing company might use a web services program to place orders, track
deliveries, and maintain up-to-date information on the contents of the warehouse.
Almost any big company has a need for software that tracks appointments, orders,
and inventory. A web service framework is good for gluing together disparate ser-
vices and transactions into a single, unified environment.
Figure 20.1 shows a complete web services scenario. On the front end (the left side of
Figure 20.1), the programmer can take advantage of the preexisting web infrastruc-
ture, which handles data transmission and also provides a user interface through
the web browser application on the client computer. On the back end, the program-
mer relies on the preexisting data storage system provided by an SQL database. The
programmer is left to concentrate on the center section of Figure 20.1, where the

Application
Database
Web
Infrastructure
Custom
Application
Database
Infrastructure
FIGURE 20.1
The web
services
programming
model.
From the Library of Athicom Parinayakosol
ptg
356
HOUR 20: Web Services
enclosed in <H1> tags, it is interpreted as a heading. If the data is enclosed in <A>
tags, it is interpreted as a link. XML, on the other hand, lets users define their own
elements. The data can signify whatever you want it to signify, and you can invent
the tag you will use to mark the data. For instance, if you follow horse racing, you
could create an XML file with information on your favorite horses. That file might
contain entries such as:
<horses>
<horse_name=”winky” breed=”Thoroughbred”>
<sex=”male” />
<age=”3” />
</horse>
<horse_name=”Goddess” breed=”Arabian”>
<sex=”female” />

Way
From the Library of Athicom Parinayakosol
ptg
SOAP
357
SOAP
XML defines a universal format for exchanging application data. The universal
XML specification alone, however, is not enough to provide developers with the
infrastructure they need to create easy and elegant web services. Although XML pro-
vides an efficient format for reading and writing program data, XML alone does not
provide a standard format for structuring and interpreting that data. The SOAP
specification fills that role. SOAP is a standard protocol for exchanging XML-based
messages that pass between the web-service client and server.
SOAP is designed to support communication between so-called SOAP nodes. (A
SOAP node is basically a computer or application that supports SOAP.) The SOAP
specification defines the structure of a message that passes from the SOAP sender to
the SOAP receiver. Along the way, the message might pass through intermediate
nodes that process the information in some way (see Figure 20.2). An intermediate
node might provide logging, or it might modify the message somehow in transit to
its final destination.
Intermediate
Nodes
XML-Based
SOAP Message
SOAP Response
FIGURE 20.2
A SOAP mes-
sage passes
from the sender
to the receiver

ment specify information on the data being transmitted and the operations associ-
ated with that data, as well as other data related to the service and the service
location.
WSDL is not confined to SOAP but is also used with other web service communica-
tion protocols. In some cases, WSDL is used directly with HTTP to simplify the design
and restrict the actions to more fundamental GET and POST-style operations at the
heart of HTTP.
Web Service Stacks
Armed with XML, SOAP, WSDL, and the underlying components of TCP/IP and web
service frameworks, a developer can easily create light and simple client and server
applications that communicate through a web interface. Like TCP/IP itself, a web
service environment consists of a stack of components. Major vendors have their
own web service stacks that they provide to customers. The complete system forms a
package of server software, developer tools, and even computer hardware that is
provided to the client, along with consulting services and, sometimes, made-to-order
custom applications.
From the Library of Athicom Parinayakosol
ptg
E-Commerce
359
Linux vendors and developers often talk about the LAMP stack, a collection of open
source components that is easily tailored for web service environments. The memo-
rable acronym LAMP spells out the principal components of the stack:
.
Linux—An operating system that supports server applications running on the
server system
.
Apache—A web server that serves up XML-based SOAP messages
.
MySQL—A database system that provides access to back-end data services

1. A web server provides an online catalog accessible from the Web. A user
browses through the product offerings from a remote location across the
Internet.
2. The user decides to buy a product and clicks a Buy This Product link on the
web page.
3. The server and browser establish a secure connection. (See Hour 23, “TCP/IP
Security,” for more on SSL and other secure communication techniques.) At
this point, the browser sometimes displays a message that says something like
“You are now entering a secure area….” Different browsers have different
methods for indicating a secure connection.
4. After the connection is established, some form of authentication usually fol-
lows. On most transaction sites, the buyer establishes some form of user
account with the vendor. This is partly for security reasons and partly for con-
venience (so the user can track the status of purchases). The user account
information also lets the vendor track the behavior of the user and correlate
the user’s demographic information and purchase history. This logon step
requires the web server to contact some form of back end database server—
either to establish a new account or to check the credentials for logon to an
existing account.
5. After the user is logged in, the server (or some application working on the
server back end) must verify the credit card information and register the trans-
action with some credit card authority. Often this credit card authority is a
commercial service affiliated with the credit card company.
6. If the transaction is approved, notice of the purchase and mailing information
is transmitted to the vendor’s fulfillment department, and the transaction
application attends to the final details of confirming the purchase with the
user and updating the user’s account profile.
Operating system vendors such as Sun and Microsoft offer transaction server appli-
cations to assist with the important task of processing orders over the web. Because
web transactions are highly specialized, and because they require an interface with

6
5
Notice of
purchase
transmitted
to fulfillment
department.
3
1
2
Authentication
Server
User and web server form secure connection.
User visits website.
Web Server
Fulfillment
Server
User’s credit card information checked.
Checked
Package delivered.
:
FIGURE 20.3
A typical web
transaction
scenario.
By the
Way
From the Library of Athicom Parinayakosol
ptg
362

.
WSDL (Web Services Description Language)—An XML-based format for
describing network services.
.
XML (eXtensible Markup Language)—A markup language used for defining
and transmitting program data in a web service application.
From the Library of Athicom Parinayakosol
ptg
HOUR 21
The New Web
What You’ll Learn in This Hour:
.
New Web ideas
.
XHTML
.
Peer-to-Peer Networking
.
IRC and IM
.
The semantic web
New ideas abound on the Web, leading to a variety of new forms and formats, but what
looks new from the outside might just be the artful coordination of existing tools and ser-
vices. This hour describes the view from the new Web.
At the completion of this hour, you’ll be able to
.
Discuss blogs, wikis, and social networking sites
.
Explain the purpose of XHTML
.

face. This expansive acronym, which is usually pronounced wizzy-wig, stands for
What You See Is What You Get. In other words, you can manipulate text, images,
and other features in a context that appears like it will appear for the user. This con-
cept might not sound as radical as you think—it is pretty much what a word proces-
sor does, and web development tools such as Dreamweaver have offered this feature
for years. In the case of these new web tools, though, the WYSIWYG editing interface
helps blur the distinction between the web user and the web developer, creating a
context where the user can assume the role of both consumer and creator of web
content.
The following sections introduce some important tools of the new Web. As you read
these descriptions, try to imagine what is really going on behind the simple and
uncluttered view of the screen. The web client is connected to a web server, and the
web server is serving up dynamic HTML by populating the framework of the basic
layout with XML-based data associated with the page. When the user makes a
change to that page, the client browser sends an update to the database that holds
the data associated with the page.
Blogs
A blog (short for weblog) is an e-zine or online journal where new stories are added
at the top and older stories scroll down in a vertical list. The revolving, chronologi-
cal nature of a blog gives the impression that it is constantly evolving and trans-
forming, which keeps readers coming back. Some bloggers are essentially keeping
From the Library of Athicom Parinayakosol
ptg
Web 2.0
365
online diaries, but the form is also used by commentators, reporters, and corporate
spokespeople. Many blogs are news sites, such as the Slashdot.org site, which is a
favorite for high-tech news and commentary (Figure 21.1).
FIGURE 21.1
Slashdot.org is

The largest wiki in the world is the huge online encyclopedia Wikipedia (see
Figure 21.2). Wikipedia users can post their own entries, and users can edit existing
entries. (Click the Recent Changes link in the Wikipedia menu to view the changes
to an entry.)
FIGURE 21.2
Wikipedia is a
huge wiki that
anyone can
edit.
Wikis are used extensively by companies and other organizations as a means for
planning, coordinating work, and organizing documents. MediaWiki, the software
used on the Wikipedia site, is also a freely available open source application
(http://www.mediawiki.org/wiki/MediaWiki).
The design of wiki systems can vary, but you can think of a wiki page or entry (such
as an entry in Wikipedia) as a collection of values assigned to standard attributes.
An XML schema or similar data structure might define a series of values associated
with the entry, such as
From the Library of Athicom Parinayakosol
ptg
XHTML
367
.
Title—The heading that accompanies the entry
.
Category—Hierarchical classification of the entry by topic
.
Language—The language in which the entry is written
.
Contents—The complete HTML code associated with the entry
Revisions to the text could also be tracked through extensions of this structure.

368
HOUR 21: The New Web
Peer-to-Peer
A new information sharing technique that emerged through Internet music-sharing
communities such as Napster is called peer-to-peer (P2P). The term peer-to-peer is
actually borrowed from a related configuration on LAN networks, in which services
are decentralized and every computer acts as both a client and a server. The Internet
peer-to-peer form allows computers throughout the network to share data in data-
sharing communities. In other words, the data doesn’t come from a single web
server serving requests from a multitude of clients. Instead, the data resides on
ordinary PCs throughout the community.
If you have read this book carefully, you might be wondering how this peer-to-peer
scenario I’ve just described is any different from ordinary networking. All I really
said in the preceding paragraph is that each peer must be capable of acting as both
a client (requesting data) and a server (fulfilling requests). The short answer is that,
after the connection is established, peer-to-peer networking is just ordinary network-
ing. The long answer is the reason why peer-to-peer networking is considered some-
what revolutionary.
The Internet was created with diversity as a goal, and it is theoretically possible for
any Internet-ready computer to establish a connection with any other compatible,
Internet-ready computer that has the necessary services. However, consider that
ordinary PCs are not always turned on. Also consider that most computers con-
nected to the Internet do not have a permanent IP address but instead receive a
dynamic address through DHCP (see Hour 12, “Automatic Configuration”). On a
conventional TCP/IP network, it is impossible for other computers to know how to
contact a computer that has no permanent IP address or domain name.
The designers of the peer-to-peer technique knew their vision of a diverse, music-
sharing community would not work unless they solved these problems. Their
solution was to provide a central server to dispense connection information that
the clients could then use to establish connections with each other. As shown in