Once you create software that processes raw socket data, besides the endianness issues, the next thing you'll realize is the incredible breadth of RFCs that are covered for even "common" network traffic. Write your software to parse just one RFC, and a bunch of software using that protocol still won't work. Don't support the optional network layers that commercial network infrastructure splices into the packets, and you'll again miss a lot of traffic. Modern tcp/ip stacks are really complicated.
I've found the IANA to be quite good at collating this information and producing best practices.
Personally I think the actual messaging protocols are usually relatively straightforward (all things considered) with sensible backwards compatibility. It's all the other stuff surrounding it that can get really complicated and break things.
VLAN and MPLS are common, as well as .1P/.1Q and DSCP. Then you can find hybrids like MPLS-VPN and S-VLAN, and then the tunneling protocols like GRE, L2TP, VXLAN, DOVE, QinQ, OTV, NVGRE, PBB-TE, SPB, VLL, etc. And most of this is just Ethernet, there are often similar standards for different L2s like wireless networks.
