Efficiently and correctly localizing malicious SDN switches whose behavior deviates from the controller’s intent is a daunting challenge, and existing network troubleshooting tools can easily misdetect the mismatch between the actual behavior of malicious switches and the operator’s intent. In this paper, we propose SDNProbe, a lightweight SDN application that sends minimized number of probe packets to pinpoint misbehaving or malfunctioning switches. Similar to existing tools, the controller sends test packets to validate whether flow entries are correctly executed. To achieve low network overhead and fast detection, we propose an algorithm to provably minimize the number of test packets required to cover every flow entry in the network. To prevent circumvention from strong adversaries (e..g., know the detection algorithm or collude), we further extend the algorithm to randomize the test paths. Based on realistic topologies and flow rules, our evaluation results confirm that SDNProbe can rapidly localize malicious switches by sending a minimal number of test packets. SDNProbe reduces the number of test packets required to localize all existing malicious switches by 30% compared to the state of the art technology. Hence, in addition to SDN’s support to a systematic and automatic network troubleshooting workflow, our work can further secure the workflow against in-network adversaries with significantly reduced overhead.