Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection.
The most valuable feature of libnids is reliability. A number of tests were conducted, which proved that libnids predicts behaviour of protected Linux hosts as closely as possible.
Libnids is highly configurable in run-time and offers a convenient interface. Currently it compiles on Linux, *BSD and Solaris. WIN32 port is maintained separately here.
Using libnids, one has got a convinient access to data carried by a TCP stream, no matter how artfully obscured by an attacker. You may have a look at a sample application.
Libnids is designed by Rafal Wojtczuk. Numerous people have contributed - see the README file in the source directory.