Daemon and tooling to enable using scapy without root permissions.

scapy_unroot can be installed by just running

pip install scapy_unroot

The requirements also installed by this are listed in requirements.txt.

The daemon to allow usage of scapy without root permissions requires root itself. You can start it with the following command:

sudo scapy-unroot scapy

The provided argument scapy should be a permission group, users who are allowed to use scapy without root permissions should be in.

By default, all files related to scapy_unroot are managed in the directory /var/run/scapy-unroot. You can change that directory using the -r / --run-dir argument:

sudo scapy-unroot --run-dir /tmp scapy

The UNIX domain socket to communicate with the daemon will be created under the name server-socket in that directory.

Network interfaces that users of scapy_unroot should not be able to send over or sniff on can be blacklisted using the -b / --interface-blacklist argument. Multiple interfaces can be provided:

sudo scapy-unroot scapy --interface-blacklist wlan0 eth0 lo

To run the daemon in background, use the -d / --daemonize parameter:

sudo scapy-unroot -d scapy

To get more information on the arguments of the scapy-unroot daemon, run

sudo scapy-unroot -h

All arguments described above can be combined.

Before sending or sniffing with scapy, just do

from scapy_unroot import configure_sockets
configure_sockets()

You can provide a different server address by the server_addr argument. The default is /var/run/scapy_unroot/server-socket.

You can also configure the timeout for waiting for a reply from the server using the connection_timeout argument.