Microsoft removed raw sockets from Windows XP SP2.
Before SP2 they were only available to Administrators and some people argued that with this powerful features Windows XP will be the “denial of service tool of choice for internet hackers everywhere”
There are several network tools that depend on that functionality, e.g. nmap.
I use nmap rather often so this was shocking for me – i gave it a try.
OK – most of the option i normally use still seem to work (i tested version 3.50 and not the newest 3.55). connect scan, stealth scan, version scan and fingerprinting seem to be OK (i also read other statements – but my first impression was good). what is broken are the IDS Evasion options like decoy scan or idle scanning (i think it’s because nmap has to spoof ip addresses whith these kind of scans and that’s were raw socket come into play…)
here’s the official statement from fyodor.
UPDATE: Fellow DevelopMentor instructor Ian Griffiths wrote a nice summary and consclusion about this change.