TCP stream overlaps with different data.

Possible Man-on-the-Side attack.

Resending of different data in TCP streams is a way to attempt to evade the IDS/IPS.

In practice, an attacker may use packet injection to insert a TCP packet with a payload to be executed by the victim, such as an HTTP redirect to a malicious web site.

The TCP sequence number of this injected packet will typically be the same as that in the real HTTP response coming from the legitimate web server.

Thus, the end node will see two overlapping TCP segments with different application layer data.