Sockets: IPPROTO_IP not supported
Peter Pearson
pkpearson at nowhere.invalid
Mon Jan 16 17:24:46 EST 2017
On Mon, 16 Jan 2017 10:17:06 +0000, Joseph L. Casale wrote:
>> Trying to sniff Ethernet packets, I do this:
>>
>> s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
>>
>> but it results in this:
>>
>> $ sudo python3 sniff_survey.py
>> Traceback (most recent call last):
>> File "sniff_survey.py", line 118, in <module>
>> s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
>> File "/usr/lib/python3.2/socket.py", line 94, in __init__
>> _socket.socket.__init__(self, family, type, proto, fileno)
>> socket.error: [Errno 93] Protocol not supported
>>
>> Anybody know what I'm doing wrong? (Python 3.2.3 under Debian 3.2.84-1.)
>
> Have a look at the bottom of this SO question:
> http://stackoverflow.com/questions/5385312/ipproto-ip-vs-ipproto-tcp-ipproto-udp
That discussion was helpful. Thanks.
Still, I'm not out of the woods. From bmargulies's answer at that link,
"IPPROTO_IP is for raw IP packets",
which sounds like what I want. But when I use AF_INET, SOCK_RAW, and
IPPROTO_IP, I get the "Protocol not supported" error as shown above.
>From the link you provided and "man socket", I was inspired to flail
about, finding this:
domain type protocol result
-------- ------- ---------- -----------------
AF_INET SOCK_RAW IPPROTO_IP "Protocol not supported"
AF_INET SOCK_RAW IPPROTO_IPIP Sees nothing
AF_INET SOCK_RAW IPPROTO_TCP Sees TCP traffic, no "dig", no "ping"
AF_INET SOCK_RAW IPPROTO_UDP Sees DNS ("dig", but not "ping")
AF_INET SOCK_RAW IPPROTO_ICMP Sees "ping", but not "dig"
AF_INET SOCK_RAW IPPROTO_RAW Sees nothing
AF_INET SOCK_RAW 0 "Protocol not supported"
AF_INET SOCK_STREAM 0 "Transport endpoint is not connected"
AF_INET SOCK_DGRAM 0 Sees nothing
AF_INET SOCK_RDM 0 "Socket type not supported"
AF_IPX SOCK_RAW IPPROTO_RAW "Socket type not supported"
AF_PACKET SOCK_RAW IPPROTO_RAW Sees nothing
AF_PACKET SOCK_RAW IPPROTO_TCP Sees nothing
So I can receive TCP traffic through one socket, and UDP traffic through
another socket, and ICMP traffic through a third; but I would like to
see all IP packets, regardless of higher-level protocol, and would
prefer to get them through a single pipe. (Perhaps it's unreasonable
for me to ask something as high-level as a socket to give me something
as low-level as a raw packet.)
My starting point, by the way, was sample code for "a very simple
network sniffer", presented at docs.python.org/3/library/socket.html,
which opened the socket with
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
which is the line that results in the "Protocol not supported" error
on my system. (That sample code is labelled as being "for Windows",
so the document is not in error.)
--
To email me, substitute nowhere->runbox, invalid->com.
More information about the Python-list
mailing list