socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.Icmp);
第一句是错的,应该使用第二句。
参见:
https://docs.microsoft.com/zh-cn/windows/desktop/WinSock/tcp-ip-raw-sockets-2#Creating_a__Raw_Socket
Limitations on Raw Sockets
On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:
-
TCP data cannot be sent over raw sockets.
-
UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
-
A call to the bind function with a raw socket for the IPPROTO_TCP protocol is not allowed.
以下是浏览器自动翻译的内容:
限制原始套接字
在Windows 7中,Windows Vista、Windows XP Service Pack 2(SP2)和Windows XP Service Pack 3(SP3),通过原始套接字发送流量的能力被限制在几个方面:
-
TCP数据不能发送原始套接字。
-
UDP数据报在一个无效的源地址不能发送原始套接字。 IP源地址为任何即将离任的UDP数据报必须存在于一个网络接口或数据报被删除。 这种变化是限制恶意代码创建分布式拒绝服务攻击的能力和限制发送欺骗数据包的能力(TCP / IP数据包伪造源IP地址)。
-
调用绑定函数的原始套接字IPPROTO_TCP协议是不允许的。
所以说,想要在win7上抓包,省省心吧。