The TCP/IP stack is a rich protocol. It commonly manifests itself at the higher levels through the API known as sockets. However, sockets is just the programming veneer on the surface. Underneath the surface there is much, much more to the protocols. For example TCP and UDP are layers on top of IP and IP the code of the story.
For example, the format of an IP (v4) packet can be found here:
https://en.wikipedia.org/wiki/IPv4#Header
Inside that packet is a byte called "Protocol". If the value of that field is "1" then the packet contains the "ICMP" protocol described here:
https://en.wikipedia.org/wiki/IPv4#Header
All of this shenanigans occurs deep below the surface of most programmer's interactions with network programming. We take the existence of the IP (and TCP/UDP) stacks for the basis.
IP is the protocol and there are a variety of ways that IP messages can be moved from one machine to another. For example, Ethernet frames or IEEE 802.11 radio. That last one is also known as WiFi. It is important to realize that WiFi deals with the "substrate" over which IP packets are transmitted/received and (as far as I know) don't care about the content on the packets themselves.
So ... looking for "hooks" into super-low-level IP packet content is unlikely to be found at the WiFi subsystems. If I had to look into how to "trap" ICMP packets, I'd do a deep study of the ESP32 implementation of the TCP/IP protocol stack which I believe is supplied in source form and is based on the "lwIP" implementation.