Network Detective Data Collector Command Line options

The following information is to be used with nddc.exe

######################
# COMMAND LINE BASICS
######################
Please note that when passing a command line option that contains special characters or SPACES, the option MUST BE DOUBLE QUOTED.
Example:
nddc -outdir "c:\network detective"

######################
# RECOMMENDED
######################
It is recommended that you use the RunNetworkDetective.exe to produce the command line switches. On the Verify and Run screen, click the "Save Settings to File" link. Then from the command line you can run:
nddc -file <your saved file>

######################
# SWITCH DETAILS
######################
Switch: -v
Details: Get the version of the program.

Switch: -encrypt <password>
Details: Encrypt a password. Used to produce the string to be used by options that accept encrypted password.

Switch: -file <filename>
Details: Gets other command line parameters from the specified file.
Note 1: Each parameter must be on a single line. Please note that a switch that takes a value counts as two parameters. Using -outbase for example,
-outbase will be on a single line, then <basename> will on on its own line.
There is a sample parameter file included (sample.ndp).
Note 2: Any other switches used with -file WILL TAKE PRECEDENCE over the switches
contained in filename.

Switch: -comment <comment text>
Details: Add a comment for the scan.
Example: -comment "This is for MY COMPANY"

Switch: -common
Details: Same as specifying all of the following: -net -sql -ad -whois -eventlogs -internet -speedchecks -dhcp
Note: Some of the above options require other options to gather the actual data. This switch is just a
shortform for the most commonly specified switches.

Switch: -workdir <directory>
Details: Set the working directory for the output. This directory will be used for temp storage and file generation.

Switch: -logfile <filename>
Details: Set the name of the log file.
Default: ndfRun.log

Switch: -outbase <basename>
Details: The basename of the output file. Defaults to NetworkDetective-<timestamp>.ndf.
Default: The folder containing the Network Data Collector files.
Note: Can use the following variables: %COMPUTERNAME%, %DATE%, and %MAC%.

Switch: -outdir <directory>
Details: The directory to produce the final ZIP or NDF. Defaults to the current directory.

Switch: -mbsa
Details: Collects MBSA password data.
Requires: Requires MBSA to be installed on the machine running the data collection.

Switch: -updates
Details: Collects MBSA Windows update data.
Requires: -mbsa

Switch: -threads <number of threads>
Details: Sets -mbsathread, -netthreads, and -computerthreads with one parameter.
Default: 10
Note: This value is read first. If any of the 3 options are specifically specified, the specified value will be used.

Switch: -mbsathreads <number of threads>
Details: Sets the number of threads to be to collect MBSA data.
Default: 10
Max: 20
Requires: -mbsa

Switch: -mbsatimeout <number in minutes>
Details: Sets the timeout in minutes before giving up on a MBSA thread.
Default: 20
Requires: -mbsa

Switch: -mbsauser <domain\username>
Details: The username used to run MBSA. Please note it must be in the form: domain\user.
Default: credsdomain\credsuser
Requires: -mbsa

Switch: -mbsaepwd
Details: The ENCRYPED password for the MBSA user.
Default: credsepwd
Requires: -mbsa and -mbsauser
Note: If both -mbsapwd and -mbsaepwd are specified, only the encrypted one will be used.

Switch: -mbsapwd
Details: The NON_ENCRYPTED password for the MBSA user.
Default: credspwd
Requires: -mbsa and -mbsauser
Note: If both -mbsapwd and -mbsaepwd are specified, only the encrypted one will be used.

Switch: -ipranges <range1,range2,...>
Details: A list of comma delimited IP ranges used to collect network data.
Requires: -net
Note: Each range is in the format: startip-endip
Example: -ipranges 192.168.1.0-192.168.1.255,10.0.1.1-10.0.1.255

Switch: -net
Details: Collects network data.
Requires: -ipranges

Switch: -netthreads <number of threads>
Details: Sets the number of threads to be used for network data collection.
Default: 10
Requires: -net

Switch: -nettimeout <number in minutes>
Details: Sets the timeout in minutes before giving up on a network thread.
Note: This is NOT a timeout for socket communincation. This is used to help prevent hung threads due to WMI, Remote Registry, etc calls.
Default: 10
Requires: -net

Switch: -nonpingable
Details: Will perform extra work (port checks, SNMP data, windows information, etc) on network devices that are also non-pingable.
Requires: -net
Note 1: Using this option is A LOT slower but more accurate.
Note 2: When this option IS USED, a non-device IP Address can take about 5 minutes to process.
Note 3: Option is only available with collections initiated from an Inspector Appliance.

Switch: -level2
Details: Enabled Level 2/3 SNMP queries on devices.
Requires: -net
Note 1: Reports that can use this information are currently only available with collection run from the Inspector Appliance.
Note 2: Option is only available with collections initiated from an Inspector Appliance.

Switch: -snmp <comstring1,comstring2,...>
Details: A list of comma delimited read community strings used get SNMP data.
Default: public
Requires: -net
Example: -snmp public,public1

Switch: -snmptimeout <timeout in seconds>
Details: Sets the timeout in seconds for connecting to devices with SNMP.
Default: 10
Requires: -net

Switch: -sql
Details: Detects and collects data from MS SQL Servers on the network.

Switch: -sqltimeout <timeout in minutes>
Details: Sets the timeout in minutes for MS SQL Server detection and collection on the network.
Default: 60
Requires: -sql

Switch: -credsuser
Details: The username used to connect to Active Directory if the -ad switch is used. If not using -ad, then the user used to connect to a workgroup machine.

Switch: -credsepwd
Details: The ENCRYPTED password used to connected to Active Directory if the -ad switch is used. If not using -ad, then ENCRYPTED password used to connect to a workgroup machine.
Requires: -credsuser
Note: If both -credspwd and -credsepwd are specified, only the encrypted one will be used.

Switch: -credspwd
Details: The NON-ENCRYPTED password used to connected to Active Directory if the -ad switch is used. If not using -ad, then NON-ENCRYPTED password used to connect to a workgroup machine.
Requires: -credsuser
Note: If both -credspwd and -credsepwd are specified, only the encrypted one will be used.

Switch: -ad
Details: Collects MS Active Directory data.

Switch: -aduser
Note: Depreciated, use -credsuser instead.

Switch: -adepwd
Note: Depreciated, use -credepwd instead.

Switch: -adpwd
Note: Depreciated, use -credspwd instead.

Switch: -adou <domain1,ou1,ou2;domain2,ou1,ou2>
Details: A semi-colon delmited list used to specify specific domains and/or OUs to collect data from in Active Directory.
Requires: -ad
Note: Excluding this option will collect data from all domains and OUs.

Switch: -addc
Details: Used to specify the name of a Domain Controller on the network.
Default: Auto detects.
Requires: -ad
Note: Used to specify which Domain Controller to get Active Directory information. This is also needed when the data collection is run on a machine that is not joined to the network. In this case, it will also require -credsuser since you will not be logged in as a user on the domain.

Switch: -computerthreads <number of threads>
Details: The number of threads used to query windows specific information from computers detected in Active Directory.
Default: 10
Requires: -ad

Switch: -computertimeout <timeout in minutes>
Details: Sets the timeout
Default: 20
Requires: -ad

Switch: -internet
Details: Gets internet access data (pings and traceroutes to google, etc).

Switch: -speedchecks
Details: Tests upload/download speeds from internet using NDT (currently about 17 different servers).

Switch: -ndttimeout <timeout in minutes>
Details: Sets the timeout in minutes per NDT server check.
Default: 5
Requires: -speedchecks

Switch: -whois
Details: Gets WHOIS and MX data.
Requires: -externaldomains

Switch: -externaldomains <extdomain1,extdomain2,...>
Details: A list of comma delimited external domains used with -whois.
Requires: -whois
Example: -externaldomains "google.com,yahoo.com"

Switch: -eventlogs
Details: Gets local EventLog entries for the past day for Directory Services, DNS Server, and File Replication Serivce logs.
Note: These EventLog entries are ONLY collected on the local machine running the data collection.

Switch: -dhcp
Details: Detects and collects network DHCP server data.

Switch: -securityonly
Details: Collects only the data that is used in some of the Security Detective reports.
Note 1: The main things it skips is port/SNMP checks to network devices and all Active Directory information EXCEPT computers and users.
Note 2: This option should ONLY be used if you have only purchased the Security Detective Module. Even then you can exclude this option unless you are really pressed for time.

Switch: -local
Details: Collects data from ONLY the local machine. Produces a CDF output file named <COMPUTERNAME>-<MAC ADDRESS>.cdf.
Note: All other switches besides -silent will be ignored with this option.

Switch: -silent
Details: When running the local collector, it will not pop up the cdf folder when finished.
Requires: -local

Switch: -skipadcomputers
Details: Skips collecting the data from WMI, Remote Registry, etc from the computers detected from Active Directory.

Switch: -skiplogonevents
Details: Does not collect local EventLog data.

Switch: -foldersave
Details: Only used in the GUI to know if the folder or zip archive setting was selected on the Verify and Run screen.

Switch: -gen1
Details: Generate the generation 1 version of the NDF, along with the current low disk/memory format.

Browse this section