scapy-unroot

Daemon and tooling to enable using scapy without root permissions.

Installation

scapy_unroot can be installed by just running

pip install scapy_unroot

The requirements also installed by this are listed in requirements.txt.

Usage

The scapy-unroot daemon

The daemon to allow usage of scapy without root permissions requires root itself. You can start it with the following command:

sudo scapy-unroot scapy

The provided argument scapy should be a permission group, users who are allowed to use scapy without root permissions should be in.

By default, all files related to scapy_unroot are managed in the directory /var/run/scapy-unroot. You can change that directory using the -r / --run-dir argument:

sudo scapy-unroot --run-dir /tmp scapy

The UNIX domain socket to communicate with the daemon will be created under the name server-socket in that directory.

Network interfaces that users of scapy_unroot should not be able to send over or sniff on can be blacklisted using the -b / --interface-blacklist argument. Multiple interfaces can be provided:

sudo scapy-unroot scapy --interface-blacklist wlan0 eth0 lo

To run the daemon in background, use the -d / --daemonize parameter:

sudo scapy-unroot -d scapy

To get more information on the arguments of the scapy-unroot daemon, run

sudo scapy-unroot -h

All arguments described above can be combined.

Configuring scapy to communicate with the daemon

Before sending or sniffing with scapy, just do

from scapy_unroot import configure_sockets

configure_sockets()

You can provide a different server address by the server_addr argument. The default is /var/run/scapy_unroot/server-socket.

You can also configure the timeout for waiting for a reply from the server using the connection_timeout argument.