SDIG.CONF(5) Switch Digger SDIG.CONF(5)NAMEsdig.conf - Configuration for the Switch Digger
DESCRIPTIONsdig(8) uses this file to learn about your network's configuration. It
is essential to proper operation.
SECURITY WARNING
This file will obviously contain a great deal of information about your
organization's network, including SNMP community strings. For that
reason, you should use appropriate permissions so that only authorized
users may access it.
I recommend creating a new group, then make the file readable by that
group, and place specific users into that group.
This file should not be world-readable.
DIRECTIVES
ROUTER network addr community description rtr_ip
List a router for the network network (CIDR or a.b.c.d/x.x.x.x
format) at IP address addr using SNMP community community. The
description provides some details when generating the output.
Remember to wrap the description in "quotes" if it contains any
sort of whitespace (spaces, tabs, etc).
ROUTER 192.168.3.0/24 192.168.3.1 mycommunity "Company core
router"
Optional rtr_ip can be used to provide an explicit IP address of
the routing interface in the target network. Otherwise the same
addr used for SNMP queries is used as the routing interface
address, which may be wrong. For example, firewall rules may
allow SNMP access to only one IP of the router, but ARP lookups
usually require specific interfaces within the target's subnet.
For example, to query the router (rtr_ip) 192.168.2.1 of the
network 192.168.2.0/24 via SNMP interface (addr) 192.168.3.254
configure a line like this:
ROUTER 192.168.2.0/24 192.168.3.254 mycommunity "Company
core router" 192.168.2.1
Textual Hostnames can be used for rtr_ip and addr, subject to be
resolved by system (via /etc/hosts or DNS Resolver).
NOTE: Some switches, namely Cisco Catalyst (IOS), require SNMP
queries for different VLANs to use different community strings.
For example, to look up mycommunity in VLAN123 you'll need to
write mycommunity@123.
SWITCH network addr community description
Like ROUTER, but for a switch instead. Note there's no equiva‐
lent of rtr_ip.
SWITCH 192.168.3.0/24 192.168.3.2 mycommunity "Upstairs
data room"
SWITCH 192.168.3.0/24 192.168.3.3 mycommunity "Downstairs
data room"
Textual Hostnames can be used for addr, resolved by system
(/etc/hosts or DNS Resolver).
NOTE: Some switches, namely Cisco Catalyst (IOS), require SNMP
queries for different VLANs to use different community strings.
For example, to look up mycommunity in VLAN123 you'll need to
write mycommunity@123.
LINKINFO addr port num description
Describe a connection between switches so it won't show up on
the normal sdig display. This limits your findings in normal
mode to port(s) that probably lead to the target host. Use ver‐
bose mode to display all of them, even the ones that just go to
other switches.
LINKINFO 192.168.3.2 24 "link to downstairs switch"
LINKINFO 192.168.3.3 24 "link to upstairs switch"
PORTDESC addr port num description
Describe a port in a switch. Usually used for details like
patch panel numbers and other things that can't be inferred by
asking the equipment directly.
Also useful for downlink ports to either "dumb" active equipment
(i.e. hubs with no SNMP capabilities) or to another network's
equipment to which you have no SNMP-query access (unknown commu‐
nity name).
PORTDESC 192.168.3.2 1 "Upstairs patch panel #10"
PORTDESC 192.168.3.3 25 "Fiber to remote site"
PORTDESC 192.168.3.3 48 "UPLINK to Campus ISP"
WINS addr
Tell nmblookup to use the WINS server at addr for name lookups.
Only used when NMBLOOKUP is defined and DNS lookups fail.
WINS 192.168.100.1
NMBLOOKUP path
Specify the path to Samba's nmblookup binary. This might be
/usr/local/samba/bin/nmblookup if you do a stock install from
source. This program is optional, and is provided to augment
DNS lookups in environments laden with Windows machines.
NMBLOOKUP /usr/local/bin/nmblookup
MACTABLE path
Specify the location of the MAC table file. This is another
item that is used to provide a few more bits of information when
tracking down a system. You might use it to find rogue NICs
that are not the company-approved brand.
This file is rather large and rarely changes, so it's not
included in the source distribution. You can get it on the main
sdig web site - http://www.exploits.org/sdig/
MACTABLE /usr/local/etc/mactable
HOSTINFO path
Give the location of a script or program that will be called
shortly after displaying the Query: data. It will receive the
IP address of the target host as an argument.
If you want to display things like the system's NetBIOS name,
this is a good place to put a call to Samba's nmblookup.
SEE ALSOsdig(8)AUTHORS
Russell Kroll <rkroll@exploits.org> up till sdig-0.40 Russell A.
Jackson <raj@csub.edu> sdig-0.41 .. sdig-0.44 Jim Klimov <jimk‐
limov@gmail.com> sdig-0.45
Mon Mar 24 2003 SDIG.CONF(5)
