Pynids limitation with stream reassembly

[jared703]

Team,

Is there any plans to move away from Pynids in the future? The lack of error handling with Pynids leaves it difficult in packetloss scenerio(s) as the stream is ignored completely if Pynids can't reassemble it.

Best, JG

[Mraoul]

I actually really dislike nids/pynids -- it was the requirement for chopshop when it was first created since pynids was heavily used in my shop and others as the basis for C2 protocol decoders, but it's always come with limitations and bugs. The issue in finding another back-end, though, is that it has to have significant improvements over nids to warrant the switch over since it could possibly break backwards compatibility (something I have been trying to maintain as much as possible). I've been following the progress of libuinet as a possible replacement but that project doesn't seem to be at a a state where I'd feel comfortable using it to replace nids/pynids.

If you happen to know of any projects that could potentially replace nids, I'd be very interested in taking a look at them.

[jared703]

Thanks for the quick reply. I'll certainly be on the lookout.