Please Whitelist This Site? I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :) If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads. If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK. Thanks for your understanding! Sincerely, Charles Kozierok Author and Publisher, The TCP/IP Guide

NOTE: Using software to mass-download the site degrades the server and is prohibited. If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The TCP/IP Guide  9  TCP/IP Application Layer Protocols, Services and Applications (OSI Layers 5, 6 and 7)       9  TCP/IP Key Applications and Application Protocols            9  TCP/IP Application Layer Addressing: Uniform Resource Identifiers, Locators and Names (URIs, URLs and URNs)                 9  Uniform Resource Locators (URLs)

URL Length and Complexity Issues 1 2 3 4 Uniform Resource Names (URNs)

Bogus Authentication Information

HTTP URLs theoretically support the inclusion of authentication information, by including “<user>:<password>@” before the host in the URL. Yet the vast majority of Web sites are “open” and neither require nor use it. If you specify an authentication string and it is not needed, it is ignored.

This is one of the most popular techniques at present. One way it is used is by including “authentication information” that looks like a “benign” host, to make the user think the URL is for that host. For example, if I wanted to trick you into visiting The PC Guide, I might use this URL to make it look like clicking it would go to CNN:

<http://www.cnn.com@www.PCGuide.com>

This is still too obvious, however, so this “method” is often combined with some of the techniques below.

The use of the percent sign to encode special characters such as spaces and punctuation can also be abused to obscure the name of a domain. For example, the following is another way of expressing the DNS name for The PC Guide:

<http://%57%57%57.%50%43%47%55%49%44%45.%43%4F%4D>

Try it. J

Okay, this is where things get really bizarre. Most of the time, we express an IP address as a dotted decimal number. Remember, however, that to computers, the IP address is just a 32-bit binary number. Most browsers support a rather shocking number of methods for expressing these numbers. This is unfortunate, because this flexibility is really not needed and almost never used for legitimate purposes. It can lead to some really bizarre URLs that are unrecognizable, or that look like regular IP addresses but are not.

Here are some examples, all of which are the same as the IP address form of The PC Guide (<http://209.68.14.80>):

• IP Address in Dotted Octal: A leading zero signifies an IP address where each byte is in octal:

<http://0321.0104.016.0120>

• IP Address in Dotted Hexadecimal: A leading zero followed by an “x” signifies an IP address where each byte is in hexadecimal:

<http://0xD1.0x44.0x0E.0x50>.

• IP Address As Single Number: We can even take the entire 32-bit number and express it as a single number and that will work too. In decimal:

<http://3510898256/>

In octal:

<http://032121007120/>

And, in hexadecimal:

<http://0xd1440e50/>.

URL Length and Complexity Issues 1 2 3 4 Uniform Resource Names (URNs)