socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
socket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.Icmp);
第一句是錯的,應該使用第二句。
參見:
https://docs.microsoft.com/zh-cn/windows/desktop/WinSock/tcp-ip-raw-sockets-2#Creating_a__Raw_Socket
Limitations on Raw Sockets
On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:
-
TCP data cannot be sent over raw sockets.
-
UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
-
A call to the bind function with a raw socket for the IPPROTO_TCP protocol is not allowed.
以下是瀏覽器自動翻譯的內容:
限制原始套接字
在Windows 7中,Windows Vista、Windows XP Service Pack 2(SP2)和Windows XP Service Pack 3(SP3),通過原始套接字發送流量的能力被限制在幾個方面:
-
TCP數據不能發送原始套接字。
-
UDP數據報在一個無效的源地址不能發送原始套接字。 IP源地址爲任何即將離任的UDP數據報必須存在於一個網絡接口或數據報被刪除。 這種變化是限制惡意代碼創建分佈式拒絕服務攻擊的能力和限制發送欺騙數據包的能力(TCP / IP數據包僞造源IP地址)。
-
調用綁定函數的原始套接字IPPROTO_TCP協議是不允許的。
所以說,想要在win7上抓包,省省心吧。