Internet’s growing quickly makes the monitor and protect about the Internet security have become more important. The most important thing about monitor system design is to protect the internet security, so there is a lot of tool and software that we can use to monitor the internet. Most of these monitoring systems are designed basis on the API’s library, such as the libcap to capture the packets and the libnids to reassemble packets. Most of the monitoring system usually use the libnids to capture the packet, IP defragmentation, and TCP stream reassembly. When using the libnids to reassembly the TCP data stream, if the situation about packet loss and capture unsuccessful happened, that will fail to continue analyzing following packets. So, we will improve the procedure of libnids in TCP stream reassembly by add a interrupt waiting mechanism. Packet dispatch mechanism make the libnids been waiting for a period of time, it can continue o analyze following packets. In addition, libnids will avoid consuming a lot of memory to store following packets that can’t be reassembly. Finally, we will deliver packets with packet header informations to the application layer for get more useful network information to make the network management.