Common Services And Ports Used

DNS Domain Name System 53
POP3 Post Office Protocol 110
SMTP Simple Mail Transfer Protocol 25
SNMP Simple Network Management Protocol 160,161
NNTP Network News Transfer Protocol 119
FTP File Transfer Protocol 20,21
SSL Secure Sockets Layer 443
TACACS authentication 49
NetBIOS 137,138,139
IMAP 143
LDAP 389
SSH Secure Shell 22
AH, ESP ports 50 and 51
BOOTP server 67 UDP
BOOTP Client 68 UDP
NTP 123
BGP 179
MSSQL 1433
RDP 3389
VNC 5500

Category 5, 5e, 6 Cable Pinout


1 White-Green
2 Green
3 White-Orange
4 Blue
5 White-Blue
6 Orange
7 White-Brown
8 Brown

1 White-Orange
2 Orange
3 White-Green
4 Blue
5 White-Blue
6 Green
7 White-Brown
8 Brown

Crossover Cable
1 White-Orange 1 White-Green
2 Orange 2 Green
3 White-Green 3 White-Orange
4 Blue 4 Blue
5 White-Blue 5 White-Blue
6 Green 6 Orange
7 White-Brown 7 White-Brown
8 Brown 8 Brown

Gigabit Crossover- Uses 4 pairs for transmission, double cross
1 White-Orange 1 White-Green
2 Orange 2 Green
3 White-Green 3 White-Orange
4 Blue 4 White-Brown
5 White-Blue 5 Brown
6 Green 6 Orange
7 White-Brown 7 Blue
8 Brown 8 White-Blue

Sniffer Cable Pinout

The sniffer cable is needed to connect a sniffer to an ethernet┬áhub, but not transmit any data that may reveal the sniffer’s existence. This cable will return an inverted version of anything sent to the interface. The pinout for this cable is from the book Windows Forensics, by Chad Steel (ISBN 0-470-03862-4), but can also be found at, along with other useful pinouts for receive-only cables.

Orange White TD+ (pin 1)
Orange TD- (pin 2)
Green White RD+ (pin 3)
Green RD- (pin 6)

Hub Side:
Orange White is spliced into Green
Orange is spliced into Green White

Sniffer Side
Orange White is cut and sealed.
Orange is cut and sealed.

66 Block 25 Pair Pinout

punch order for a 66 block with a 25 pair cable.

1. white blue
2. blue white
3. white orange
4. orange white
5. white green
6. green white
7. white brown
8. brown white
9. white gray
10. gray white

11. red blue
12. blue red
13. red orange
14. orange red
15. red green
16 green red
17 red brown
18 brown red
19. red gray
20. gray red

21 black blue
22. blue black
23. black orange
24. orange black
25. black green
26. green black
27. black brown
28. brown black
29. black gray
30. gray black

31 yellow blue
32. blue yellow
33 yellow orange
34. orange yellow
35. yellow green
36 green yellow
37 yellow brown
38 brown yellow
39. yellow gray
40 gray yellow

41. violet blue
42. blue violet
43. violet orange
44. orange violet
45. violet green
46. green violet
47. violet brown
48. brown violet
49. violet gray
50. gray violet

Symantec’s NoNav Utility

NoNav is a utility provided by Symantec tech support. Sometimes, a Symantec Corporate AntiVirus installation fails for a client, and one of the recommended remediation practices is to remove the app manually. The problem with doing this is the number of steps in the process, including visiting hundreds of locations in the Windows registry to see if certain keys exist and if so, deleting them. For one box, this is a process. For five boxes, this is a project. You could try scripting this, or you can contact Symantec Tech support and get a copy of NoNav. This utility- Current Version 2.6- will clean out most of the settings left by Symantec Corporate versions 4,5,6,7,8,9,and 10. It should be noted that Norton (retail) products are not covered with the NoNav tool.

Running Nonav is simple, click on the executable file and it will ask for some input about what you would like to remove- Live update, virus definitions, etc. Some other input is required, options for scanning for .msi leftovers, rebooting the box at program end, and more. Each of these choices has an explanation and a recommended or not recommended note to guide the user. Let the program do some work, and if you have selected the option to do so, the machine will reboot automatically.

After the machine comes back up, you want to delete some directories left behind. These are outlined in the readme file included with NoNav- Symantec’s install directory, some shared file locations and some staging areas. Kill any that you find. Finally, delete everything in the system’s Temp directory (start, run, %TEMP%). Reboot again, and you can now reinstall the latest version of SAV and patch it to the right level.

NoNav can be acquired from Symantec Tech Support. If you have a valid support contract, call in and the technician will provide a link to download the latest version.