TCP Stream reassembly is a core function that is required for robust IPS and IDS systems. Snort's stream reassembly implementation (Stream5) has certain flaws that limit the protection capabilities. In this paper we conduct a detailed analysis of the state tracking and stream reassembly functionality of the open source IPS/IDS - Snort - with a focus on prevention capabilities. Our work aims to highlight the flaws in order to shed light as well as suggest possible alternative approaches so as to improve the functionality. Various tests are conducted and the results are discussed in details to demonstrate the issues.