Sockets: IPPROTO_IP not supported

Peter Pearson pkpearson at nowhere.invalid
Mon Jan 16 17:24:46 EST 2017 

On Mon, 16 Jan 2017 10:17:06 +0000, Joseph L. Casale wrote:
>> Trying to sniff Ethernet packets, I do this:
>>
>>    s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
>>
>> but it results in this:
>>
>>     $ sudo python3 sniff_survey.py 
>>     Traceback (most recent call last):
>>       File "sniff_survey.py", line 118, in <module>
>>         s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
>>       File "/usr/lib/python3.2/socket.py", line 94, in __init__
>>         _socket.socket.__init__(self, family, type, proto, fileno)
>>     socket.error: [Errno 93] Protocol not supported
>>
>> Anybody know what I'm doing wrong?  (Python 3.2.3 under Debian 3.2.84-1.)
>
> Have a look at the bottom of this SO question:
> http://stackoverflow.com/questions/5385312/ipproto-ip-vs-ipproto-tcp-ipproto-udp

That discussion was helpful.  Thanks.

Still, I'm not out of the woods.  From bmargulies's answer at that link,

   "IPPROTO_IP is for raw IP packets",

which sounds like what I want.  But when I use AF_INET, SOCK_RAW, and
IPPROTO_IP, I get the "Protocol not supported" error as shown above.
>From the link you provided and "man socket", I was inspired to flail
about, finding this:

 domain    type        protocol     result
 --------  -------     ----------  -----------------
 AF_INET   SOCK_RAW    IPPROTO_IP  "Protocol not supported"
 AF_INET   SOCK_RAW    IPPROTO_IPIP Sees nothing
 AF_INET   SOCK_RAW    IPPROTO_TCP Sees TCP traffic, no "dig", no "ping"
 AF_INET   SOCK_RAW    IPPROTO_UDP Sees DNS ("dig", but not "ping")
 AF_INET   SOCK_RAW    IPPROTO_ICMP Sees "ping", but not "dig"
 AF_INET   SOCK_RAW    IPPROTO_RAW Sees nothing
 AF_INET   SOCK_RAW    0           "Protocol not supported"
 AF_INET   SOCK_STREAM 0           "Transport endpoint is not connected"
 AF_INET   SOCK_DGRAM  0           Sees nothing
 AF_INET   SOCK_RDM    0           "Socket type not supported"
 AF_IPX    SOCK_RAW    IPPROTO_RAW "Socket type not supported"
 AF_PACKET SOCK_RAW    IPPROTO_RAW Sees nothing
 AF_PACKET SOCK_RAW    IPPROTO_TCP Sees nothing

So I can receive TCP traffic through one socket, and UDP traffic through
another socket, and ICMP traffic through a third; but I would like to
see all IP packets, regardless of higher-level protocol, and would
prefer to get them through a single pipe.  (Perhaps it's unreasonable
for me to ask something as high-level as a socket to give me something
as low-level as a raw packet.)

My starting point, by the way, was sample code for "a very simple
network sniffer", presented at docs.python.org/3/library/socket.html,
which opened the socket with 

  s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)

which is the line that results in the "Protocol not supported" error
on my system.  (That sample code is labelled as being "for Windows",
so the document is not in error.)

-- 
To email me, substitute nowhere->runbox, invalid->com.

More information about the Python-list mailing list