Lesson 6: Web Protocols & Data Transmission

HSC Software Engineering | High-Memorization Content

Jump to: Protocols Data Transmission Security Email Real Scenarios Flashcards

⚠️ Exam Weight: HIGH

Common questions:

Focus: Port numbers, key differences, use cases

1. Web Protocols

Core Protocol Comparison

Protocol Port Function Security Key Feature
HTTP 80 Transfer web pages ❌ Unencrypted Plain text transmission
HTTPS 443 Transfer web pages securely ✅ SSL/TLS encrypted Cipher text transmission
FTP 21 File transfer ❌ Unencrypted Basic file transfer
SFTP 22 Secure file transfer ✅ SSH encrypted Uses SSH protocol
DNS 53 Domain name resolution - Translates names → IP addresses
SMTP 25 Send email - Outgoing mail only
POP3 110 Receive email - Download & delete from server
IMAP 143 Receive email - Sync across devices, keeps on server

🧠 Port Number Mnemonics

HTTP (80): "HTTP ate (8-0) the plain cookie"

HTTPS (443): "HTTPS is 4-4-3 times more secure"

DNS (53): "Domain Names Serve at 53"

SMTP (25): "Send Mail Through Port 25"

POP3 (110): "POP it down 1-1-0"

IMAP (143): "I Multi-Access Port 143"

SFTP (22): "Same as SSH (22)"

🎯Real-World Scenario: Online Shopping

Step 1: Bodhi visits http://fakeshop.com to buy a game
Problem: HTTP sends password in plain text. Anyone intercepting the connection (hacker on public WiFi) can read: username: bodhi, password: gaming123
Step 2: Bodhi notices no lock icon 🔓 in browser - WARNING!
Better Choice: Use https://secureshop.com
Result: HTTPS encrypts password with TLS. Hacker sees: X7k#mP9@qL2... (cipher text - useless!)
Visual Clue: Lock icon 🔒 in browser = HTTPS = Safe to enter passwords/credit cards

⚠️Common Mistakes

  • ❌ WRONG: "HTTP is faster, so I'll use it for my banking app"
    ✅ RIGHT: "HTTPS is essential for ANY sensitive data (passwords, personal info, payments)"
  • ❌ WRONG: "Port 80 is for HTTPS"
    ✅ RIGHT: "Port 80 = HTTP (unsecure), Port 443 = HTTPS (secure)"
  • ❌ WRONG: "SSL and TLS are different things"
    ✅ RIGHT: "TLS is the modern version of SSL - they both encrypt data"

⚠️ High-Value Exam Question (5 marks)

Q: "A student is creating an online booking system for a school event. Explain why HTTPS should be used instead of HTTP. In your answer, refer to encryption and data security."

Perfect Answer:

  • (1 mark) HTTPS uses SSL/TLS encryption to secure data transmission
  • (1 mark) HTTP sends data in plain text, which can be intercepted and read by attackers
  • (1 mark) HTTPS converts sensitive information like passwords and personal details into cipher text
  • (1 mark) This protects student privacy and prevents unauthorized access to booking information
  • (1 mark) The browser's lock icon confirms the connection is secure, building user trust

TCP/IP

Critical Concepts

  • TCP: Transmission Control Protocol - guarantees delivery (connection-oriented)
  • UDP: User Datagram Protocol - fast but no guarantee (connectionless)
  • IP: Internet Protocol - addressing system for devices
  • IPv4: 32-bit addresses (e.g., 192.168.1.1), ~4.3 billion addresses
  • IPv6: 128-bit addresses, 340 undecillion addresses (solves IPv4 shortage)

⚠️ Common Exam Question (4 marks)

Q: "Compare TCP and UDP protocols. Provide an example use case for each."

Perfect Answer:

  • (1 mark) TCP is connection-oriented and guarantees data delivery in correct order
  • (1 mark) UDP is connectionless and does not guarantee delivery, prioritizing speed
  • (1 mark) TCP is used for web browsing, email, file transfers - where accuracy matters
  • (1 mark) UDP is used for video streaming, online gaming, VoIP - where speed matters more than perfect accuracy

DNS Process

User types
domain name
DNS server
looks up IP
Returns
IP address
Browser
connects

🌐Real-World Scenario: What Happens When You Type a URL?

Step 1: Bodhi types youtube.com in browser
Step 2: Computer asks DNS server: "What's the IP address for youtube.com?"
Step 3: DNS server responds: "It's 172.217.14.206"
Step 4: Browser connects to 172.217.14.206 using HTTPS (port 443)
Step 5: YouTube server sends webpage data in packets
Why DNS? Humans remember names (youtube.com) better than numbers (172.217.14.206). DNS is like a phonebook for the internet!

⚠️ Common Exam Question (3 marks)

Q: "Explain the role of DNS in accessing a website."

Perfect Answer:

  • (1 mark) DNS (Domain Name System) translates human-readable domain names into IP addresses
  • (1 mark) When a user types a URL, the DNS server looks up the corresponding IP address
  • (1 mark) The browser then uses this IP address to connect to the web server and retrieve the webpage

2. Data Transmission

Data Packets

Packet Structure (3 Parts)

  • Header: Source IP, destination IP, protocol info, packet number
  • Payload: The actual data being transmitted
  • Trailer: Error-checking information (checksum)

Why packets? Data is broken into small chunks that travel independently and are reassembled at destination. If one packet is lost, only that part needs resending.

📦Real-World Scenario: Streaming a YouTube Video

The Problem: A 10MB video file needs to travel from YouTube's server to Bodhi's phone
Solution: Break it into 10,000 tiny packets (each ~1KB)
Packet 1 Header:
• Source IP: 172.217.14.206 (YouTube)
• Destination IP: 192.168.1.50 (Bodhi's phone)
• Packet number: 1/10000
• Protocol: TCP
Packet 1 Payload: First 1KB of video data (actual video bytes)
Packet 1 Trailer: Checksum a7f3e2 (error-check value)
Journey: Packets take different routes through the internet. Packet 1 might go Sydney→Tokyo→Bodhi. Packet 2 might go Sydney→LA→Bodhi. They arrive out of order!
Reassembly: Bodhi's phone uses packet numbers to put them in correct order (1, 2, 3...). If packet 547 is corrupted (checksum fails), request only that packet again.
Why This Works: Only resend broken packets, not the whole 10MB file. Efficient and fast!

⚠️Common Mistakes

  • ❌ WRONG: "Packets always take the same route"
    ✅ RIGHT: "Packets can take different routes and arrive out of order - they're reassembled using packet numbers"
  • ❌ WRONG: "The payload contains the IP addresses"
    ✅ RIGHT: "The HEADER contains IP addresses. The PAYLOAD is the actual data. The TRAILER checks for errors."
  • ❌ WRONG: "If one packet fails, you resend everything"
    ✅ RIGHT: "Only the corrupted packet needs resending - this is why packets are efficient"

⚠️ High-Value Exam Question (4 marks)

Q: "Describe the structure of a data packet and explain why data is transmitted in packets rather than as a single unit."

Perfect Answer:

  • (1 mark) A packet has three parts: Header (source/destination IP, packet number, protocol), Payload (actual data), and Trailer (checksum for error checking)
  • (1 mark) Packets allow data to take multiple routes through the network simultaneously, improving speed
  • (1 mark) If a packet is lost or corrupted, only that specific packet needs to be resent, not the entire transmission
  • (1 mark) Packets can be reassembled in the correct order using their packet numbers, even if they arrive out of sequence

IP Addressing

Aspect IPv4 IPv6
Format 192.168.1.1 (dotted decimal) 2001:0db8:85a3::8a2e (hexadecimal)
Bits 32-bit 128-bit
Total Addresses ~4.3 billion 340 undecillion
Status Running out Future-proof

Common Exam Question

Q: "Explain why IPv6 was developed. (2 marks)"

A: IPv4 provides only ~4.3 billion addresses, insufficient for growing internet-connected devices (1 mark). IPv6 provides 340 undecillion addresses, ensuring every device can have a unique IP (1 mark).

3. Web Security

SSL/TLS

Key Concepts

  • SSL: Secure Sockets Layer (older, mostly deprecated)
  • TLS: Transport Layer Security (modern replacement for SSL)
  • Function: Encrypts data between client and server
  • Port: HTTPS uses port 443 with TLS
  • Certificate Authority (CA): Trusted organization that issues SSL certificates

🔒Interactive: TLS Handshake Process

Click "Next Step" to see how your browser establishes a secure HTTPS connection

🖥️
Your Browser
Ready to connect...
🔐
Bank Server
Starting Point: You want to visit https://mybank.com. Your browser needs to establish a secure, encrypted connection before sending your password.
🖥️
Your Browser
→ Client Hello
"I want to connect securely!"
🔐
Bank Server
Step 1: Client Hello
Your browser says: "Hello! I support these encryption methods: AES-256, RSA-2048. Let's use TLS 1.3"
🖥️
Your Browser
← Server Hello + Certificate
"Here's my ID!"
🔐
Bank Server
Step 2: Server Hello + Certificate
Server responds: "I choose AES-256 encryption. Here's my SSL certificate signed by DigiCert (Certificate Authority) proving I'm really mybank.com, not a fake!"
🖥️
Your Browser
✅ Certificate Valid
Verifying with DigiCert...
🔐
Bank Server
Step 3: Certificate Verification
Your browser checks: "Is this certificate signed by a trusted Certificate Authority (CA)? Is it still valid (not expired)? Does it match mybank.com?"
Result: ✅ Verified! The lock icon 🔒 appears in your browser.
🖥️
Your Browser
→ Encrypted Session Key
"Use this key: K7x#..."
🔐
Bank Server
Step 4: Key Exchange
Browser generates a random session key (like K7x#mP9qL2...) and encrypts it using the server's public key from the certificate. Only the bank's server can decrypt this because it has the matching private key.
🖥️
Your Browser
🔒 Encrypted
← → Secure Connection
All data encrypted!
🔐
Bank Server
🔒 Encrypted
Step 5: Secure Connection Established!
Both sides now have the same session key. All data is encrypted before sending:
• You type password: myPassword123
• Browser encrypts: X7k#mP9@qL2nF8... (cipher text)
• Bank receives and decrypts back to: myPassword123
Even if a hacker intercepts, they only see gibberish!

⚠️ High-Value Exam Question (6 marks)

Q: "Explain how SSL/TLS provides security for online transactions. In your answer, describe the role of Certificate Authorities and encryption."

Perfect Answer:

  • (1 mark) SSL/TLS establishes an encrypted connection between client and server through a handshake process
  • (1 mark) The server provides an SSL certificate to prove its identity
  • (1 mark) Certificate Authorities (CAs) are trusted organizations that verify and digitally sign these certificates
  • (1 mark) The client verifies the certificate's authenticity by checking the CA's digital signature
  • (1 mark) Once verified, both parties exchange encryption keys to create a secure session
  • (1 mark) All transmitted data is encrypted into cipher text, preventing interception and protecting sensitive information like passwords and credit card details

Encryption Concepts

Critical Vocabulary

Plain Text: Original, readable data

Cipher Text: Encrypted, unreadable data

Encryption Key: Secret code used to encrypt/decrypt data

Hash Value: One-way transformation, cannot be reversed (used for passwords)

Digital Signature: Encrypted hash proving authenticity and integrity

Plain Text
Encryption
+ Key
Cipher Text
Decryption
+ Key
Plain Text

Authentication vs Authorization

Concept Question Purpose Example
Authentication "Who are you?" Verify identity Username & password login
Authorization "What can you do?" Determine permissions Admin vs regular user access

Common Exam Trap

Don't confuse these!

Authentication = Proving identity (login)

Authorization = Permission level (what you can access)

4. Email Protocols

Critical Differences

Protocol Direction Server Storage Multi-Device Use Case
SMTP SEND N/A N/A Sending emails out
POP3 RECEIVE Downloads & deletes ❌ Single device only One device, offline access
IMAP RECEIVE Keeps on server ✅ Syncs all devices Multiple devices, sync needed

POP3 vs IMAP: The Key Difference

POP3: "POP it off the server" (download & delete)
IMAP: "I'm Accessing it Multi-way" (keeps on server, syncs)

📧Real-World Scenario: Multi-Device Email Access

The Situation: Bodhi checks email on his phone, laptop, and tablet
Option 1: Using POP3
• Monday morning: Checks email on laptop, downloads 50 messages
• POP3 downloads emails and deletes them from server
• Monday afternoon: Opens email on phone → 0 new messages!
• Problem: All emails are only on the laptop now
Option 2: Using IMAP
• Monday morning: Checks email on laptop, sees 50 messages
• IMAP keeps emails on server, just syncs them
• Monday afternoon: Opens email on phone → All 50 messages appear!
• Marks one as read on phone → Auto-marks as read on laptop too
• Deletes spam on tablet → Spam disappears on all devices
Why IMAP Wins: Server = single source of truth. All devices stay in sync. Perfect for 2024 where everyone has multiple devices!
When to use POP3: Only if you have ONE device and want offline access (e.g., remote area with no internet)

📨Real-World Scenario: Sending an Email (SMTP)

Step 1: Bodhi writes email in Gmail: "To: teacher@school.edu"
Step 2: Clicks "Send" → Gmail uses SMTP (port 25) to send
Step 3: SMTP server at gmail.com sends email to SMTP server at school.edu
Step 4: Email sits in teacher's mailbox on school.edu server
Step 5: Teacher opens email app → Uses IMAP (port 143) to retrieve and read it
Key Point: SMTP = sending only. IMAP/POP3 = receiving only. You need BOTH to have a complete email system!

⚠️Common Mistakes

  • ❌ WRONG: "SMTP receives emails"
    ✅ RIGHT: "SMTP only SENDS emails. POP3/IMAP are for RECEIVING."
  • ❌ WRONG: "POP3 and IMAP are the same, just different names"
    ✅ RIGHT: "POP3 downloads & deletes (single device). IMAP syncs & keeps on server (multi-device)."
  • ❌ WRONG: "Port 110 is for IMAP"
    ✅ RIGHT: "Port 110 = POP3. Port 143 = IMAP. Port 25 = SMTP."
  • ❌ WRONG: "I can use IMAP to send an email"
    ✅ RIGHT: "IMAP is receive-only. You must use SMTP to send."

⚠️ High-Value Question (4 marks)

Q: "A user wants to access emails on phone, laptop, and tablet. Recommend which protocol and justify."

Perfect Answer:

  • (1 mark) Recommendation: IMAP (Internet Message Access Protocol)
  • (1 mark) IMAP keeps emails stored on the server rather than downloading and deleting them
  • (1 mark) This allows synchronization across all devices - reading/deleting on one device updates all others
  • (1 mark) POP3 would download emails to only one device, making them unavailable on other devices

⚠️ Common Exam Question (5 marks)

Q: "Compare SMTP, POP3, and IMAP email protocols. Include port numbers and describe the function of each."

Perfect Answer:

  • (1 mark) SMTP (Simple Mail Transfer Protocol) uses port 25 and is used exclusively for sending emails
  • (1 mark) POP3 (Post Office Protocol v3) uses port 110 and retrieves emails by downloading them to a device and deleting from the server
  • (1 mark) IMAP (Internet Message Access Protocol) uses port 143 and retrieves emails while keeping them on the server
  • (1 mark) POP3 is suitable for single-device access with offline reading capabilities
  • (1 mark) IMAP is suitable for multi-device access as it synchronizes email status (read/unread, deleted) across all devices

5. Complete Real-World Scenarios

Follow these full journeys from start to finish - these demonstrate how multiple protocols work together.

🌍Complete Journey: From Typing URL to Viewing Webpage

Step 1: DNS Resolution
Bodhi types https://github.com in browser
→ Browser asks DNS server (port 53): "What's the IP for github.com?"
→ DNS responds: 140.82.121.4
Step 2: TCP Connection
Browser initiates TCP connection to 140.82.121.4:443 (HTTPS port)
→ Three-way handshake: SYN → SYN-ACK → ACK
→ Connection established ✅
Step 3: TLS Handshake
→ Client Hello: "Let's use TLS 1.3 with AES-256"
→ Server Hello + Certificate: "Here's my GitHub certificate signed by DigiCert"
→ Browser verifies certificate with CA
→ Key exchange: Both sides now have shared encryption key
→ Secure channel established 🔒
Step 4: HTTP Request (over TLS)
Browser sends encrypted HTTP request:
GET / HTTP/1.1
Host: github.com

→ Encrypted with session key before transmission
Step 5: Data Transmission
GitHub server responds with HTML (100KB)
→ Broken into ~100 packets (each 1KB)
→ Each packet: Header (IPs, packet #) + Payload (HTML chunk) + Trailer (checksum)
→ Packets travel different routes through internet
→ Arrive at Bodhi's computer out of order
Step 6: Packet Reassembly
Browser receives packets, checks checksums
→ Reorders using packet numbers (1, 2, 3...100)
→ Decrypts using session key
→ Reassembles HTML
Step 7: Page Rendering
Browser renders HTML → GitHub homepage appears!
🔒 Lock icon shows secure connection
Total time: ~200ms

🎮Scenario: Online Gaming - Why UDP Beats TCP

The Situation: Bodhi plays Fortnite online. He presses "Jump" button.
If using TCP:
• Jump command sent in packet #547
• Packet lost in transmission
• TCP says: "Wait! Resend packet #547!"
• Server waits for retransmission...
Result: 500ms delay - Bodhi's character jumps AFTER getting shot. Dead. 💀
If using UDP:
• Jump command sent
• Packet lost in transmission
• UDP says: "Whatever, keep going!"
• Server uses next packet (maybe "shoot" command)
Result: Character might stutter slightly, but responds instantly. Still alive! ✅
Why UDP for Gaming: Speed > Accuracy. Better to have 1 frame glitch than 500ms lag. Your brain fills in missing frames.
Why TCP for Downloads: Accuracy > Speed. You want EVERY byte of that game installer, even if it takes 2 seconds longer.

💳Scenario: Online Shopping - Security in Action

Step 1: Bodhi visits http://cheapgames.com (no S!)
Red Flags:
🔓 No lock icon
⚠️ Browser warning: "Not Secure"
Port 80 (HTTP) visible in dev tools
What Happens if Bodhi Enters Credit Card:
• Types: 4532 1234 5678 9010
• Sent in plain text over HTTP
• Hacker on same WiFi network intercepts packet
• Header shows destination: cheapgames.com
• Payload contains: cardNumber=4532123456789010&cvv=123
• Hacker now has Bodhi's credit card! 😱
Step 2: Bodhi realizes mistake, goes to https://trustedgames.com
Green Lights:
🔒 Lock icon present
✅ Certificate verified (issued by Lets Encrypt)
Port 443 (HTTPS)
URL bar shows "Secure"
What Happens with HTTPS:
• TLS handshake establishes encryption
• Types same credit card: 4532 1234 5678 9010
• Browser encrypts: X7k#mP9@qL2nF8wR3...
• Hacker intercepts packet but sees gibberish
• Only trustedgames.com server can decrypt (has private key)
• Safe transaction! ✅
Lesson: NEVER enter passwords/credit cards on HTTP sites. HTTPS is non-negotiable for sensitive data.

⚠️ Comprehensive Exam Question (8 marks)

Q: "Describe the complete process that occurs when a user types 'https://secure-bank.com' into their browser and views the login page. In your answer, include DNS, TLS, data packets, and encryption."

Perfect Answer:

  • (1 mark) The browser queries a DNS server to resolve 'secure-bank.com' to its IP address
  • (1 mark) The browser initiates a TCP connection to the server's IP on port 443 (HTTPS)
  • (1 mark) A TLS handshake occurs: browser and server exchange encryption methods, server sends SSL certificate
  • (1 mark) The browser verifies the certificate with a Certificate Authority to ensure the server's identity
  • (1 mark) Both parties establish a shared session key for encryption
  • (1 mark) The browser sends an encrypted HTTP request for the login page
  • (1 mark) The server responds with HTML data broken into packets, each containing header (IP addresses, packet number), payload (HTML data), and trailer (checksum)
  • (1 mark) The browser receives packets (possibly out of order), verifies checksums, reassembles using packet numbers, decrypts the data, and renders the login page

6. Memory Flashcards

Click to flip. Master all 12.

HTTPS port number?
(Click to reveal)
Port 443

"4-4-3 times more secure"
DNS full name?
(Click to reveal)
Domain Name System

Port 53
Plain text vs cipher text?
(Click to reveal)
Plain = readable
Cipher = encrypted
Which protocol SENDS email?
(Click to reveal)
SMTP

Port 25
POP3 vs IMAP: Which syncs?
(Click to reveal)
IMAP syncs
POP3 downloads & deletes
3 parts of data packet?
(Click to reveal)
1. Header (IPs)
2. Payload (data)
3. Trailer (checksum)
Authentication vs Authorization?
(Click to reveal)
Authentication = Who are you?
Authorization = What can you access?
Why IPv6 created?
(Click to reveal)
IPv4 running out (4.3B)
IPv6 has 340 undecillion addresses
SSL/TLS provides what 3 things?
(Click to reveal)
1. Encryption
2. Authentication
3. Integrity
TCP vs UDP?
(Click to reveal)
TCP = Reliable, guarantees delivery
UDP = Fast, no guarantee
SFTP port?
(Click to reveal)
Port 22

(Same as SSH)
What is a digital signature?
(Click to reveal)
Encrypted hash that proves:
1. Who sent it
2. Data unchanged

Quick Reference: All Protocols

Protocol Port Function Mnemonic
HTTP 80 Web pages (unsecure) HTTP ate the plain cookie
HTTPS 443 Web pages (secure) 4-4-3 times more secure
FTP 21 File transfer -
SFTP 22 Secure file transfer Same as SSH
DNS 53 Name → IP Domain Names Serve at 53
SMTP 25 Send email Send Mail Through Port 25
POP3 110 Receive email (download) POP it down 1-1-0
IMAP 143 Receive email (sync) I Multi-Access Port 143
← Back