A question regarding packets de-duplication

  • Suricata 7.0.2
  • Operating system debian
  • installed Suricata from source

We use tcpreplay to replay the same pcap packet to Suricata multiple times at a speed of 5MB/s, and we’ve found that when continuously replaying the same packets, Suricata does not output all alerts. For example, if A.pcap is played only once, it will generate 10 alerts, but if replayed 3 times with 5MB/s, it might only result in 15 ~ 16 alerts.
My question is, does Suricata have a mechanism that, when faced with the above situation, uses the 5-tuples to determine they belong to the same packet and then bypasses/de-duplicate them?