SDIG(8) Switch Digger SDIG(8)NAME
sdig - The Switch Digger
SYNOPSIS
sdig [-d] [-v] [-F] [-p/-P] [-f config] [-m/-m MAC] ( IP | hostname )
DESCRIPTION
The Switch Digger, or sdig, is a tool that is intended to help network
administrators track down systems. It was designed in a public school
district environment with about 1500 systems spread across 25 remote
locations.
sdig works by first finding the IP address of the target system, then
it contacts the router(s) in that network to get the MAC address for
that IP address. With that known, it then probes every switch on the
target network to find a port number. The port that doesn't lead to
another switch is returned, along with any description you may have
provided.
OPTIONS-d Raise the debugging level by 1. This gets rather messy above 3
or 4.
-v Be verbose. This makes sdig print every port instead of just
the one that is the most likely candidate, for example (includes
inter-switch ports with LINKINFO written in sdig.conf).
-F Fast mode. sdig will not do reverse DNS (in-addr.arpa) or Net‐
BIOS queries to port 137 when this is enabled.
-f config
Use the configuration file config.
-m MAC Look for this MAC address rather than asking a router about it.
You still can provide an IP address or hostname so that sdig
knows which network to check.
-m A total-network sweep option is when you don't provide the IP,
takes longer to query all switches, so care is taken than each
IPxCOMMUNITY is only queried once.
IP An Internet Protocol address to find, i.e. 192.168.1.1.
hostname
A DNS or WINS hostname to find. WINS resolution is only avail‐
able if you have installed nmblookup from Samba and have added
it to your config file.
-p/-P Parallelized SNMP queries have been added and improved as a fea‐
ture of the recent sdig versions. If compiled in, they can be
disabled at run time, or different activities may be done at
discretion of future programmers. "-p" increases the "use par‐
allelism" counter. "-P" decreases the "use parallelism"
counter, but to no less than zero. You might want to disable
this i.e. if it misbehaves on your platform, or if you have very
many switches and spawning many children would exhaust your file
descriptors (network sockets) or process table entries. Hint:
Future versions may add a limit on number of spawned children.
If the "parallelized queries" feature is not compiled in, these
"-p/-P" flags are recognized, but ignored.
LIMITATIONS
You can't track down arbitrary hosts on the Internet. Well, most peo‐
ple can't. You might be able to do this if you convince all the router
and switch manufacturers of the world to drop in a SNMP backdoor for
your sdig host. US government three letter entities: contact me for
details.
BUGS
This program was developed on just one kind of system (Linux glibc2) so
it probably doesn't compile cleanly on others.
NOTE: version 0.45 was developed on Solaris x86/SPARC and also works
there.
BACKGROUND
I (Russell Kroll) first wrote this program to show some local people
that you don't need to dump lots of money into a program like 3com's
Transcend just to hunt down some lusers on your network. If you don't
need to create fancy network diagrams to impress the PHBs, then this
program will probably work for you.
It was developed originally on 3com SuperStack 3300s, and continues to
be tested both on those and various HP 2324s and 4108s. Other equip‐
ment should also work if it provides the same basic OIDs.
Jim Klimov also tested it in a diverse network with HP, Cisco, Avaya,
and Allied Telesyn equipment, to name a few.
SEE ALSOsdig.conf(5)AUTHORS
Russell Kroll <rkroll@exploits.org> up till sdig-0.40 Russell A.
Jackson <raj@csub.edu> sdig-0.41 .. sdig-0.44 Jim Klimov <jimk‐
limov@gmail.com> sdig-0.45
Mon Apr 4 2003 SDIG(8)