In standard sockets, the payload is automatically encapsulated according to the chosen transport layer protocol (e.g. TCP, UDP), and the socket-user is unaware of the existence of protocol headers that are broadcast with the payload. When reading from a raw socket, the headers are usually included. When transmitting packets from a raw socket, the automatic addition of a header is optional.
Raw sockets are used in security related applications like nmap. One possible use case for raw sockets is the implementation of new transport-layer protocols in user space. Raw sockets are typically available in network equipment, and used for routing protocols such as the Internet Group Management Protocol (IGMPv4) and Open Shortest Path First (OSPF), and in the Internet Control Message Protocol (ICMP, best known for the ping suboperation) for example, sends ICMP echo requests and receives ICMP echo replies.
Most socket application programming interfaces (APIs), for example those based on Berkeley sockets, support raw sockets. Windows XP was released in 2001 with raw socket support implemented in the Winsock interface, but three years later, Microsoft limited Winsock's raw socket support because of security concerns.
- Net::RawIP; module for Perl applications. Created by Sergey Kolychev.
- Network Programming for Microsoft Windows (ISBN 0-7356-1579-9)
- A little more info on raw sockets and Windows XP SP2 - Michael Howard's Web Log an indication of what's actually allowed on Windows.
- SOCK_RAW Demystified: article describing inner workings of Raw Sockets
- C language examples of Linux raw sockets for IPv4 and IPv6 - David Buchan's C language examples of IPv4 and IPv6 raw sockets for Linux.