I have an IDSM-2 version 6.1.1 E2 sig 353. The IPS is running in promiscuous mode. The IPS is alarming on impossible IP packets. To trace down the culprit, I decided to log the packet pair with the hopes that the layer 2 information would help guide the way. When I examined the packets with Wireshark, the IP address information showed different source and destination IP addresses. The packet appeared to be normal.
Any ideas why the IPS reports data differently from Wireshark?
I have several Cisco IPS sensors on this same version (6.1.1 E2 S353). This device is the only one reporting this type of error.
