scapy: Operation not permitted when sending packets
I'm trying to learn a bit of packet generation with scapy. It looks pretty cool. Following some documentation I'm doing this:
l3=IP(dst="192.168.0.1", src="192.168.0.2", tos=(46 << 2))
But only to get the error message of:
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 251, in send
__gen_send(conf.L3socket(*args, **kargs), x, inter=inter, loop=loop, count=count,verbose=verbose, realtime=realtime)
File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 307, in __init__
self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type))
File "/usr/lib/python2.7/socket.py", line 187, in __init__
_sock = _realsocket(family, type, proto)
error: [Errno 1] Operation not permitted
Running scapy as root solved the problem. But that's not what I wanted. Is it because normal user can't create RAW socket? If so, is there a solution?
Answer
Scapy needs root privileges to create raw sockets because it uses the Python socket library. Raw sockets are only allowed to used "with an effective user ID of 0 or the CAP_NET_RAW capability" according to the Linux raw man pages.
I can't find what looks to be reliable documentation on setting the CAP_NET_RAW capability, but if you are looking to a work around to running Scapy scripts that user raw sockets without root, that is what you need to do.