[Noxwizard]

This means the listening socket was created using SOCK_RAW as opposed to SOCK_STREAM or SOCK_DGRAM. Raw sockets are used for working with ICMP, doing packet sniffing, sending some types of custom TCP packets, etc. Basically anything that isn't UDP or TCP, you'll need a raw socket for.

[cryptonector]

Historically programs like `ping` and `traceroute` use raw sockets. Using raw sockets requires privilege, which is why those historically have been set-uid on Unix systems.

[Noxwizard]

Indeed. Windows requires elevation for raw sockets as well. The ping binary works without elevation by using the IP Helper Win32 API's ICMP functions: https://learn.microsoft.com/en-us/windows/win32/api/icmpapi/...