Sockets (.NET, Winsock, etc.) are usually assembled at level 7, Application. That is, what is sent by the sender is what is received by the recipient. All the various headers that are automatically added to the sending side are deleted by the time the receiver reads data from the socket.
You can configure the socket as a raw socket, in which case you can see all the headers up to layer 3, the network layer. In addition, you can put the raw socket in promiscuous mode, which allows you to see all the traffic on the network, not just packets destined for your device. But even this is limited. For example, when setting up a raw socket, you specify the type of protocol to use, for example IP, ICMP, etc. This limits the socket to βseeingβ packets that conform to this protocol. I could not figure out how to make a socket so that all packets are at level 3 regardless of protocol.
Winpcap works as a device driver at data level 2. In this case, you see literally all packets on the network with full headers up to level 2. Winpcap also offers the ability to filter, so you can narrow the packets that are sent to you based on any criteria that you provide.
As for the choice between them, it really comes down to the requirements of your specific task. If you are trying to implement any realistic network analysis capabilities, it will be difficult for you to do this with only sockets. In this case, Winpcap makes more sense. However, if you are only interested in IP packets, for example, sockets will work fine for this.