FreeBSD Manual Pages
SDIG.CONF(5) Switch Digger SDIG.CONF(5) NAME sdig.conf - Configuration for the Switch Digger DESCRIPTION sdig(8) uses this file to learn about your network's configuration. It is essential to proper operation. SECURITY WARNING This file will obviously contain a great deal of information about your organization's network, including SNMP community strings. For that reason, you should use appropriate permissions so that only authorized users may access it. I recommend creating a new group, then make the file readable by that group, and place specific users into that group. This file should not be world-readable. DIRECTIVES ROUTER network addr community description rtr_ip List a router for the network network (CIDR or a.b.c.d/x.x.x.x format) at IP address addr using SNMP community community. The description provides some details when generating the output. Remember to wrap the description in "quotes" if it contains any sort of whitespace (spaces, tabs, etc). ROUTER 192.168.3.0/24 192.168.3.1 mycommunity "Company core router" Optional rtr_ip can be used to provide an explicit IP address of the routing interface in the target network. Otherwise the same addr used for SNMP queries is used as the routing interface ad- dress, which may be wrong. For example, firewall rules may allow SNMP access to only one IP of the router, but ARP lookups usu- ally require specific interfaces within the target's subnet. For example, to query the router (rtr_ip) 192.168.2.1 of the network 192.168.2.0/24 via SNMP interface (addr) 192.168.3.254 configure a line like this: ROUTER 192.168.2.0/24 192.168.3.254 mycommunity "Company core router" 192.168.2.1 Textual Hostnames can be used for rtr_ip and addr, subject to be resolved by system (via /etc/hosts or DNS Resolver). NOTE: Some switches, namely Cisco Catalyst (IOS), require SNMP queries for different VLANs to use different community strings. For example, to look up mycommunity in VLAN123 you'll need to write mycommunity@123. SWITCH network addr community description Like ROUTER, but for a switch instead. Note there's no equiva- lent of rtr_ip. SWITCH 192.168.3.0/24 192.168.3.2 mycommunity "Upstairs data room" SWITCH 192.168.3.0/24 192.168.3.3 mycommunity "Downstairs data room" Textual Hostnames can be used for addr, resolved by system (/etc/hosts or DNS Resolver). NOTE: Some switches, namely Cisco Catalyst (IOS), require SNMP queries for different VLANs to use different community strings. For example, to look up mycommunity in VLAN123 you'll need to write mycommunity@123. LINKINFO addr port num description Describe a connection between switches so it won't show up on the normal sdig display. This limits your findings in normal mode to port(s) that probably lead to the target host. Use ver- bose mode to display all of them, even the ones that just go to other switches. LINKINFO 192.168.3.2 24 "link to downstairs switch" LINKINFO 192.168.3.3 24 "link to upstairs switch" PORTDESC addr port num description Describe a port in a switch. Usually used for details like patch panel numbers and other things that can't be inferred by asking the equipment directly. Also useful for downlink ports to either "dumb" active equipment (i.e. hubs with no SNMP capabilities) or to another network's equipment to which you have no SNMP-query access (unknown commu- nity name). PORTDESC 192.168.3.2 1 "Upstairs patch panel #10" PORTDESC 192.168.3.3 25 "Fiber to remote site" PORTDESC 192.168.3.3 48 "UPLINK to Campus ISP" WINS addr Tell nmblookup to use the WINS server at addr for name lookups. Only used when NMBLOOKUP is defined and DNS lookups fail. WINS 192.168.100.1 NMBLOOKUP path Specify the path to Samba's nmblookup binary. This might be /usr/local/samba/bin/nmblookup if you do a stock install from source. This program is optional, and is provided to augment DNS lookups in environments laden with Windows machines. NMBLOOKUP /usr/local/bin/nmblookup MACTABLE path Specify the location of the MAC table file. This is another item that is used to provide a few more bits of information when tracking down a system. You might use it to find rogue NICs that are not the company-approved brand. This file is rather large and rarely changes, so it's not in- cluded in the source distribution. You can get it on the main sdig web site - http://www.exploits.org/sdig/ MACTABLE /usr/local/etc/mactable HOSTINFO path Give the location of a script or program that will be called shortly after displaying the Query: data. It will receive the IP address of the target host as an argument. If you want to display things like the system's NetBIOS name, this is a good place to put a call to Samba's nmblookup. SEE ALSO sdig(8) AUTHORS Russell Kroll <rkroll@exploits.org> up till sdig-0.40 Russell A. Jackson <raj@csub.edu> sdig-0.41 .. sdig-0.44 Jim Klimov <jimk- limov@gmail.com> sdig-0.45 Mon Mar 24 2003 SDIG.CONF(5)
NAME | DESCRIPTION | SECURITY WARNING | DIRECTIVES | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sdig.conf&sektion=5&manpath=FreeBSD+Ports+15.0.quarterly>