Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  SDIG (8)


sdig - The Switch Digger


See Also


sdig [-d] [-v] [-F] [-p/-P] [-f config] [-m/-m MAC] ( IP | hostname )


The Switch Digger, or sdig, is a tool that is intended to help network administrators track down systems. It was designed in a public school district environment with about 1500 systems spread across 25 remote locations.

sdig works by first finding the IP address of the target system, then it contacts the router(s) in that network to get the MAC address for that IP address. With that known, it then probes every switch on the target network to find a port number. The port that doesn’t lead to another switch is returned, along with any description you may have provided.


-d Raise the debugging level by 1. This gets rather messy above 3 or 4.

-v Be verbose. This makes sdig print every port instead of just the one that is the most likely candidate, for example (includes inter-switch ports with LINKINFO written in sdig.conf).

-F Fast mode. sdig will not do reverse DNS ( or NetBIOS queries to port 137 when this is enabled.

-f config Use the configuration file config.

-m MAC Look for this MAC address rather than asking a router about it. You still can provide an IP address or hostname so that sdig knows which network to check.

-m A total-network sweep option is when you don’t provide the IP, takes longer to query all switches, so care is taken than each IPxCOMMUNITY is only queried once.

IP An Internet Protocol address to find, i.e.

hostname A DNS or WINS hostname to find. WINS resolution is only available if you have installed nmblookup from Samba and have added it to your config file.

-p/-P Parallelized SNMP queries have been added and improved as a feature of the recent sdig versions. If compiled in, they can be disabled at run time, or different activities may be done at discretion of future programmers. "-p" increases the "use parallelism" counter. "-P" decreases the "use parallelism" counter, but to no less than zero. You might want to disable this i.e. if it misbehaves on your platform, or if you have very many switches and spawning many children would exhaust your file descriptors (network sockets) or process table entries. Hint: Future versions may add a limit on number of spawned children. If the "parallelized queries" feature is not compiled in, these "-p/-P" flags are recognized, but ignored.


You can’t track down arbitrary hosts on the Internet. Well, most people can’t. You might be able to do this if you convince all the router and switch manufacturers of the world to drop in a SNMP backdoor for your sdig host. US government three letter entities: contact me for details.


This program was developed on just one kind of system (Linux glibc2) so it probably doesn’t compile cleanly on others.

NOTE: version 0.45 was developed on Solaris x86/SPARC and also works there.


I (Russell Kroll) first wrote this program to show some local people that you don’t need to dump lots of money into a program like 3com’s Transcend just to hunt down some lusers on your network. If you don’t need to create fancy network diagrams to impress the PHBs, then this program will probably work for you.

It was developed originally on 3com SuperStack 3300s, and continues to be tested both on those and various HP 2324s and 4108s. Other equipment should also work if it provides the same basic OIDs.

Jim Klimov also tested it in a diverse network with HP, Cisco, Avaya, and Allied Telesyn equipment, to name a few.




Russell Kroll <> up till sdig-0.40 Russell A. Jackson <> sdig-0.41 .. sdig-0.44 Jim Klimov <> sdig-0.45
Search for    or go to Top of page |  Section 8 |  Main Index

SDIG (8) Mon Apr 4 2003

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.