I'm trying to learn a bit of packet generation with scapy. It looks pretty cool. Following some documentation I'm doing this:
l3=IP(dst="192.168.0.1", src="192.168.0.2", tos=(46 << 2))
But only to get the error message of:
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 251, in send
__gen_send(conf.L3socket(*args, **kargs), x, inter=inter, loop=loop, count=count,verbose=verbose, realtime=realtime)
File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 307, in __init__
self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type))
File "/usr/lib/python2.7/socket.py", line 187, in __init__
_sock = _realsocket(family, type, proto)
error: [Errno 1] Operation not permitted
Running scapy as root solved the problem. But that's not what I wanted. Is it because normal user can't create RAW socket? If so, is there a solution?
To send a package in scapy, we have two methods: send(): Sends layer-3 packets. sendp(): Sends layer-2 packets.
The send() function will send packets at layer 3. That is to say, it will handle routing and layer 2 for you. The sendp() function will work at layer 2. It's up to you to choose the right interface and the right link layer protocol.
Scapy is a well-known packet manipulation tool. There are several use cases in which you need to run Scapy without root access (e.g., distributed testing of network applications). Originally, running Scapy without root permissions was not possible or introduced some limitations.
Creating a packet In scapy, packets are constructed by defining packet headers for each protocol at different layers of TCP/IP and then stacking these layers in order. To create a DNS query, you need to build Ether(sometimes optional), IP,UDP headers and stack them using / operator.
Scapy needs root privileges to create raw sockets because it uses the Python socket library. Raw sockets are only allowed to used "with an effective user ID of 0 or the CAP_NET_RAW capability" according to the Linux raw man pages.
I can't find what looks to be reliable documentation on setting the CAP_NET_RAW
capability, but if you are looking to a work around to running Scapy scripts that user raw sockets without root, that is what you need to do.
To run Scapy with just cap_net_raw
privilege...
The safest and less complicated way I know is, in order:
Make a personal copy of the python binary:
$ sudo cp /usr/bin/python2.7 ~/python_netraw
Own it:
$ sudo chown your user name
~/python_netraw
Don't let anybody else run it:
$ chmod -x,u+x ~/python_netraw
Give it cap_net_raw capability:
$ sudo setcap cap_net_raw=eip /usr/bin/python_netraw
Run scapy with it:
$ ~/python_netraw -O /usr/bin/scapy
(Or use sudo
each time you need to run Scapy with raw privileges.)
A dirty approach, possibly insecure: Directly give CAP_NET_RAW capability to Python:
sudo setcap cap_net_raw=eip $(readlink -f $(which python))
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With