Secure Cartography Help Guide

Getting Started

Secure Cartography is a network discovery and mapping tool that uses SSH to safely explore and document your network topology.

Main Features

  • Secure SSH-based network discovery
  • Support for multiple vendor platforms
  • Real-time discovery progress monitoring
  • Dark and light theme support
  • Multiple visualization layouts
graph TD A[Start Discovery] --> B[Enter Seed IP] B --> C[Configure Credentials] C --> D[Set Discovery Parameters] D --> E[Begin Mapping] E --> F[Generate Network Map]

Configuration

Basic Settings

Seed IP
The starting point IP address for network discovery
Username/Password
SSH credentials for device access
Timeout
Maximum wait time for device responses (in seconds)
Max Devices
Upper limit for discovered devices

Output Settings

Map Name
Name for the generated network map file
Output Directory
Location for discovery results and maps
Exclude Pattern
Comma-separated patterns to exclude specific devices or networks. For example:
othersite-,sep
This would exclude:
  • Any device with "othersite-" in the name (e.g., "othersite-core-1")
  • Any Cisco IP phones (which contain "SEP" in their names)

Using Exclude Patterns

Exclude patterns help control the scope of network discovery. Multiple patterns can be combined using commas.

Example Pattern What it Excludes
othersite- All devices containing "othersite-" in their name (e.g., othersite-core-1, othersite-switch-2)
sep Cisco IP phones (which have "SEP" in their names)
test-,dev- All devices with names containing "test-" or "dev-"
Tip: Patterns are case-insensitive. Use commas to separate multiple patterns without spaces.

Network Discovery

Discovery Algorithm

Secure Cartography uses Breadth-First Search (BFS) to systematically explore your network. Starting from the seed device, it discovers and processes each layer of neighbors before moving deeper into the network:

graph TB subgraph "Layer 1" A[Seed Device] end subgraph "Layer 2" B[Switch 1] C[Switch 2] D[Switch 3] end subgraph "Layer 3" E[Device A] F[Device B] G[Device C] H[Device D] end A --> B A --> C A --> D B --> E B --> F C --> G D --> H style A fill:#f96 style B fill:#9cf style C fill:#9cf style D fill:#9cf style E fill:#9c6 style F fill:#9c6 style G fill:#9c6 style H fill:#9c6
How BFS Discovery Works
  1. Starts at the seed device (Layer 1)
  2. Discovers all immediate neighbors before moving deeper
  3. Processes each layer completely before moving to the next
  4. Avoids revisiting devices, preventing loops
  5. Respects exclude patterns at each layer
Advantage: BFS ensures thorough discovery of nearby devices before exploring further network segments, making it ideal for network mapping.
Discovery Progress Indicators
  • Discovered: Successfully mapped devices
  • Failed: Unreachable or authentication failed
  • Queue: Devices waiting to be processed
  • Total: Overall devices found

Map Visualization

Choose from multiple layout algorithms to best represent your network topology:

Kamada-Kawai (kk)

Best for general network topologies

Circular

Arranges devices in a circular pattern

Troubleshooting

  • Verify SSH credentials are correct
  • Check network connectivity to target devices
  • Ensure firewall rules allow SSH access
  • Verify device SSH service is enabled