Libnids is an implementation of an E-component of Network Intrusion
Detection System. It emulates the IP stack of Linux 2.0.x. Libnids
offers IP defragmentation, TCP stream assembly and TCP port scan
detection. The most valuable feature of libnids is reliability. A
number of tests were conducted, which proved that libnids predicts
behaviour of protected Linux hosts as closely as possible. Libnids is
highly configurable in run-time and offers a convenient interface.
Currently it compiles on Linux, *BSD and Solaris. Using libnids, one
has got a convenient access to data carried by a TCP stream, no matter
how artfully obscured by an attacker.