关于raw socket 在windows 平台的使用

原文摘自 codeproject

Raw Sockets and Windows
关于raw socket 在windows 平台的使用

First of all, it must be understood very clearly that raw sockets is not a feature of the network API (although it must be

present there as an option) but of the OS protocol stack.

To implement raw sockets, all we have to do is to inform the OS that the packet buffer we are providing will have the header

and so the OS should transmit it as is without "adding any header" that's all, nothing more to do.

使用raw socket,包的包头部分由我们自己实现，操作系统只负责把数据原本发出去，它不会在上面添加修改任何东西，比如其他“包头”

 

 The Unix operating system has raw socket support since ancient times. But the problem is with Windows. None of Windows 95,

98, 98SE supported raw sockets. Raw sockets became available on Windows from Windows 2000; Windows XP continued this. But

suddenly, raw socket support was removed from Windows XP through a patch in SP2. Vista probably doesn't have it. Windows 95,

98, 98SE do not support raw sockets, but this doesn't end the story. If you want the facility, then the solution is to use a

third party packet driver like Winpcap. Such packet drivers will do your task irrespective of what the OS likes and dislikes.

Windows XP and XP SP1 have full raw socket support and so life is easy. So if you want to do raw socketing on Windows, then

either use Winpcap or don't feel desperate to install SP2, or otherwise use Windows 2003 which, as per my knowledge, has raw

socket support. So let's brief up.

unix 在很早的时候就支持raw socket.可windows却没这么好。95,98,98se 对rawsocket的支持得不是很好. 到了2000,xp才真正获得支持。但

到了xp sp2的时候却被移除了一小块功能。vista 可能都不支持raw socket. 如果你想使用该功能，可以使用第三方包驱动如winpcap.该包驱

动执行你的任务，不管OS是不是愿意你这么干。
xp 和xp1 有完整的raw socket 支持。 到此如果你想用该功能，可以选择使用winpcap 或者 在xp上不要装sp2,2003或许也是支持的。

Windows 95, 98, 98SE, NT4.0 -- Only raw ICMP and IGMP with restricted features.

Windows 2000, XP, XP SP1, 2003 -- Full raw socket support for both receiving and sending purposes.
完整的支持raw socket 的收发功能
Windows XP SP2 -- Only raw ICMP, IGMP, and UDP with proper source address (IP spoofing restricted) can be sent. But, full raw

sockets can be received, which means you can sniff all incoming data and read their headers.

xp sp2 仅能发送 icmp ,igmp,udp  且必须用正确的来源IP，（IP欺骗被限制). 但是，raw socekt可以嗅探所有收到的包，读取包的包头

Note : Winsock Ver. >=2.0
winsock 版本>= 2.0

注解：
raw socket 可能还需要管理员的权限才可以执行

使用winpcpap 发送的数据必须有以太网 的包头，直接用windows 平台的api使用raw socket则不需要，

例如发个UDP，那么只需要从ip包头 +ip数据（由udp 包头+数据），winpcap 就得加上以太网的包头了