Hi, Robert.We have Cisco IPS4255 7.1(7)E4 in promiscouse mode (connected to switch SPAN port).SPAN port monitors traffic from one trunk port with one vlan allowed.There are a lot of fiers of TCP Segment Overwrite signature (ID:1300/0).After invertiga...

I have the same problem.Cisco IPS 4255 and TCP Segment Overwrite signature is fired.after invertigation I think, that the df-bit set is the reason of this problem.i have this topology:host1 -> LAN ->(IPS)-> local router (route map with DF-bit set) ->...