Additional network protocols
其他網路協定

In previous readings and videos, you learned how network protocols organize the sending and receiving of data across a network. You also learned that protocols can be divided into three categories: communication protocols, management protocols, and security protocols.
在之前的閱讀和影片中，你已經學習了網路協定如何組織數據在網路上的發送和接收。你也學到協定可以分為三類：通訊協定、管理協定和安全協定。

This reading will introduce you to a few additional concepts and protocols that will come up regularly in your work as a security analyst. Some protocols are assigned port numbers by the Internet Assigned Numbers Authority (IANA). These port numbers are included in the description of each protocol, if assigned. 
本次閱讀將向你介紹一些作為安全分析師工作中經常遇到的額外概念和協定。有些協定的埠號是由網際網路號碼分配局（IANA）分配的。如果有分配，這些埠號會包含在每個協定的描述中。

Network Address Translation
網路位址轉換

The devices on your local home or office network each have a private IP address that they use to communicate directly with each other. However, in order for the devices with private IP addresses to communicate with the public internet, they need to have a single public IP address that represents all devices on the LAN to the public. For outgoing messages, the router can replace a private source IP address with its public IP address and perform the reverse operation for responses. This process is known as Network Address Translation (NAT) and it generally requires a router or firewall to be specifically configured to perform NAT. NAT is a part of layer 2 (internet layer) and layer 3 (transport layer) of the TCP/IP model.
在您家中或辦公室的本地網路上，每個設備都有一個私有 IP 地址，用於彼此直接通信。然而，為了讓具有私有 IP 地址的設備能夠與公共互聯網通信，它們需要一個代表局域網上所有設備的公共 IP 地址。對於外發訊息，路由器可以將私有源 IP 地址替換為其公共 IP 地址，並對回應執行相反的操作。這個過程稱為網路地址轉換（NAT），通常需要專門配置路由器或防火牆來執行 NAT。NAT 是 TCP/IP 模型中第 2 層（網際層）和第 3 層（傳輸層）的一部分。

Dynamic Host Configuration Protocol
動態主機配置協議

Dynamic Host Configuration Protocol (DHCP) is in the management family of network protocols. DHCP is an application layer protocol used on a network to configure devices. It works with the router to assign a unique IP address to each device and provide the addresses of the appropriate DNS server and default gateway for each device. DHCP servers operate on UDP port 67 while DHCP clients operate on UDP port 68.
動態主機配置協議（DHCP）屬於網路協議的管理類別。DHCP 是一種應用層協議，用於在網路上配置設備。它與路由器協作，為每個設備分配一個唯一的 IP 地址，並提供適當的 DNS 伺服器和預設閘道的地址。DHCP 伺服器運行在 UDP 端口 67，而 DHCP 客戶端運行在 UDP 端口 68。

Address Resolution Protocol
地址解析協議

By now, you are familiar with IP and MAC addresses. You’ve learned that each device on a network has a public IP address, a private IP address, and a MAC address that identify it on the network. A device’s IP address may change over time, but its MAC address is permanent because it is unique to a device's network interface card. The MAC address is used to communicate with devices within the same network, but sometimes, the MAC address is unknown. This is why the Address Resolution Protocol (ARP) is needed. ARP is mainly a network access layer protocol in the TCP/IP model used to translate the IP addresses that are found in data packets into the MAC address of the hardware device. 
到目前為止，您已經熟悉了 IP 和 MAC 地址。您已經了解到網路上的每個設備都有一個公共 IP 地址、一個私有 IP 地址和一個用於識別其在網路上的 MAC 地址。設備的 IP 地址可能會隨時間變化，但其 MAC 地址是永久的，因為它對設備的網路介面卡是唯一的。MAC 地址用於與同一網路內的設備通信，但有時 MAC 地址是未知的。這就是為什麼需要地址解析協議（ARP）。ARP 主要是 TCP/IP 模型中的一種網路訪問層協議，用於將數據包中找到的 IP 地址轉換為硬體設備的 MAC 地址。

Each device on the network performs ARP and keeps track of matching IP and MAC addresses in an ARP cache. ARP does not have a specific port number since it is a layer 2 protocol and port numbers are associated with the layer 7 application layer.
每個網路上的設備都會執行 ARP，並在 ARP 快取中記錄匹配的 IP 和 MAC 地址。由於 ARP 是一個第二層協議，因此沒有特定的埠號，而埠號是與第七層應用層相關聯的。

Telnet 

Telnet is an application layer protocol that is used to connect with a remote system. Telnet sends all information in clear text. It uses command line prompts to control another device similar to secure shell (SSH), but Telnet is not as secure as SSH. Telnet can be used to connect to local or remote devices and uses TCP port 23. 
Telnet 是一種應用層協議，用於連接遠端系統。Telnet 以明文形式傳送所有資訊。它使用命令行提示來控制另一個設備，類似於安全殼層（SSH），但 Telnet 不如 SSH 安全。Telnet 可以用來連接本地或遠端設備，並使用 TCP 埠 23。

Secure shell  安全殼層

Secure shell protocol (SSH) is used to create a secure connection with a remote system. This application layer protocol provides an alternative for secure authentication and encrypted communication. SSH operates over the TCP port 22 and is a replacement for less secure protocols, such as Telnet.
安全殼協定（SSH）用於與遠端系統建立安全連接。這個應用層協定提供了一種安全驗證和加密通信的替代方案。SSH 運行在 TCP 端口 22 上，是不太安全的協定（如 Telnet）的替代品。

Post office protocol  郵局協定

Post office protocol (POP) is an application layer (layer 4 of the TCP/IP model) protocol used to manage and retrieve email from a mail server. POP3 is the most commonly used version of POP. Many organizations have a dedicated mail server on the network that handles incoming and outgoing mail for users on the network. User devices will send requests to the remote mail server and download email messages locally. If you have ever refreshed your email application and had new emails populate in your inbox, you are experiencing POP and internet message access protocol (IMAP) in action. Unencrypted, plaintext authentication uses TCP/UDP port 110 and encrypted emails use Secure Sockets Layer/Transport Layer Security (SSL/TLS) over TCP/UDP port 995.  When using POP, mail has to finish downloading on a local device before it can be read. After downloading, the mail may or may not be deleted from the mail server, so it does not guarantee that a user can sync the same email across multiple devices. 
郵局協定（Post Office Protocol，POP）是一種應用層（TCP/IP 模型的第 4 層）協定，用於管理和從郵件伺服器檢索電子郵件。POP3 是最常用的 POP 版本。許多組織在網路上有專用的郵件伺服器，負責處理網路上用戶的收發郵件。用戶設備會向遠端郵件伺服器發送請求，並在本地下載電子郵件。如果您曾經刷新過您的電子郵件應用程式並看到新郵件出現在收件匣中，您就是在體驗 POP 和網際網路訊息存取協定（IMAP）的運作。未加密的純文字驗證使用 TCP/UDP 端口 110，而加密的電子郵件則使用安全套接層/傳輸層安全性（SSL/TLS）通過 TCP/UDP 端口 995。使用 POP 時，郵件必須在本地設備上完成下載後才能閱讀。下載後，郵件可能會或可能不會從郵件伺服器中刪除，因此無法保證用戶可以在多個設備上同步相同的電子郵件。

Internet Message Access Protocol (IMAP)
網際網路郵件存取協定 (IMAP)

IMAP is used for incoming email. It downloads the headers of emails and the message content. The content also remains on the email server, which allows users to access their email from multiple devices. IMAP uses TCP port 143 for unencrypted email and TCP port 993 over the TLS protocol. Using IMAP allows users to partially read email before it is finished downloading. Since the mail is kept on the mail server, it allows a user to sync emails across multiple devices.
IMAP 用於接收電子郵件。它下載電子郵件的標頭和郵件內容。內容也會保留在電子郵件伺服器上，這使得用戶可以從多個設備訪問他們的電子郵件。IMAP 使用 TCP 埠 143 用於未加密的電子郵件，並使用 TLS 協定的 TCP 埠 993。使用 IMAP 允許用戶在郵件下載完成之前部分閱讀電子郵件。由於郵件保存在郵件伺服器上，這使得用戶可以在多個設備之間同步電子郵件。

Simple Mail Transfer Protocol
簡單郵件傳輸協定

Simple Mail Transfer Protocol (SMTP) is used to transmit and route email from the sender to the recipient’s address. SMTP works with Message Transfer Agent (MTA) software, which searches DNS servers to resolve email addresses to IP addresses, to ensure emails reach their intended destination. SMTP uses TCP/UDP port 25 for unencrypted emails and TCP/UDP port 587 using TLS for encrypted emails. The TCP port 25 is often used by high-volume spam. SMTP helps to filter out spam by regulating how many emails a source can send at a time.
簡單郵件傳輸協定 (SMTP) 用於傳輸和路由電子郵件，從發件人傳送到收件人的地址。SMTP 與郵件傳輸代理 (MTA) 軟體協作，該軟體搜尋 DNS 伺服器以將電子郵件地址解析為 IP 地址，確保電子郵件到達其預定目的地。SMTP 使用 TCP/UDP 埠 25 用於未加密的電子郵件，並使用 TLS 的 TCP/UDP 埠 587 用於加密的電子郵件。TCP 埠 25 經常被大量垃圾郵件使用。SMTP 通過調節來源一次可以發送的電子郵件數量來幫助過濾垃圾郵件。

Protocols and port numbers
協議和埠號

Remember that port numbers are used by network devices to determine what should be done with the information contained in each data packet once they reach their destination. Firewalls can filter out unwanted traffic based on port numbers. For example, an organization may configure a firewall to only allow access to TCP port 995 (POP3) by IP addresses belonging to the organization.
請記住，網路設備使用埠號來確定每個數據包到達目的地後應如何處理其中的信息。防火牆可以根據埠號過濾掉不需要的流量。例如，一個組織可能會配置防火牆，只允許組織內的 IP 地址訪問 TCP 埠 995（POP3）。

As a security analyst, you will need to know about many of the protocols and port numbers mentioned in this course. They may be used to determine your technical knowledge in interviews, so it’s a good idea to memorize them. You will also learn about new protocols on the job in a security position.
作為一名安全分析師，您需要了解本課程中提到的許多協議和埠號。它們可能會在面試中用來測試您的技術知識，因此記住它們是個好主意。在安全職位上工作時，您還會學習到新的協議。

Key takeaways  關鍵要點

As a cybersecurity analyst, you will encounter various common protocols in your everyday work. The protocols covered in this reading include NAT, DHCP, ARP, Telnet, SSH, POP3, IMAP, and SMTP. It is equally important to understand where each protocol is structured in the TCP/IP model and which ports they occupy. 
作為一名網路安全分析師，您在日常工作中會遇到各種常見的協議。本次閱讀涵蓋的協議包括 NAT、DHCP、ARP、Telnet、SSH、POP3、IMAP 和 SMTP。同樣重要的是要了解每個協議在 TCP/IP 模型中的結構位置以及它們佔用的埠。