The idea here was to use an open raw ICMP socket to make an inverted ping utility - one that would run in a cmd window and report when it was... pung. Unfortunately, it doesn't appear that this is possible with this approach (although it would certainly be doable with something like pcap), as the 'echo request' packets, being the only ones I was interested in, appear to be quietly handled and dropped by the underlying OS. The open socket never sees that particular ICMP type.
If anyone has a solution to this issue (that doesn't involve dragging in dependencies on pcap or any other packet capture driver) let me know. Maybe I'm missing something silly.
The source code is a twisted version of the ICMP example located here. It will likely never be cleaned up, as the utility does not serve the purpose I had for it.
C:\>icmpspy.exe ICMP-SPY -------------------------------------------------------- Before you get all excited, this utility does NOT show incoming ICMP echo requests. Apparently incoming pings are handled quietly by the OS and are not visible to the raw socket that this utility uses. This utility lives at http://www.elifulkerson.com >>> Now watching for incoming ICMP traffic, press control-c to quit. >>> ignore the first Echo Reply, its just me clearing my throat. 32 bytes from 127.0.0.1, icmp_seq 0, TTL:128, type: Echo Reply 32 bytes from 192.168.2.1, icmp_seq 251, TTL:106, type: Echo Reply 32 bytes from 192.168.2.1, icmp_seq 252, TTL:106, type: Echo Reply 32 bytes from 192.168.2.1, icmp_seq 253, TTL:106, type: Echo Reply 32 bytes from 192.168.2.1, icmp_seq 254, TTL:106, type: Echo Reply ^C C:\>
... this is from running a 'ping 192.168.2.1' in a second cmd window. Notice that only the echo replies are detected, not the echo requests themselves.