libnids basics libnids is the "E" box on a NIDS generates event data libnids is Linux 2.0.36's stack in userland uses pcap, libnet internally builds "streams" based on traffic flows can reassemble fragments