Libnids is an implementation of an E-component of Network Intrusion Detection 
System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP 
defragmentation, TCP stream assembly and TCP port scan detection.  The most 
valuable feature of libnids is reliability. A number of tests were conducted, 
which proved that libnids predicts behaviour of protected Linux hosts as 
closely as possible.  Libnids is highly configurable in run-time and offers a 
convenient interface.  Currently it compiles on Linux, *BSD and Solaris.  
Using libnids, one has got a convenient access to data carried by a TCP 
stream, no matter how artfully obscured by an attacker.