OR SQL Injection Detected

edit

I am running snort and a few days ago I added following rules to local.rules(just found on internet):

    alert tcp any any -> any 80 (msg: "Error Based SQL Injection Detected"; content: "%27" ; sid:100000011; ) 
alert tcp any any -> any 80 (msg: "Error Based SQL Injection Detected"; content: "22" ; sid:100000012; )
    #Boolean Based SQL Injection 
alert tcp any any -> any 80 (msg: "AND SQL Injection Detected"; content: "and" ; nocase; sid:100000060; ) 
alert tcp any any -> any 80 (msg: "OR SQL Injection Detected"; content: "or" ; nocase; sid:100000061; )
    # Encoded AND/OR 
alert tcp any any -> any 80 (msg: "AND SQL Injection Detected"; content: "and" ; nocase; sid:100000008; ) 
alert tcp any any -> any 80 (msg: "OR SQL Injection Detected"; content: "or" ; nocase; sid:100000009; )
    # Identify Form Based SQL Injection 
alert tcp any any -> any 80 (msg: "Form Based SQL Injection Detected"; content: "%27" ; sid:1000003; )
    # Identify Order by SQL Injection 
alert tcp any any -> any 80 (msg: "Order by SQL Injection"; content: "order" ; sid:1000005; )
    # Identify Union Based SQL Injection 
alert tcp any any -> any 80 (msg: "UNION SELECT SQL Injection"; content: "union" ; sid:1000006; )

Now for last few days, intermittently, I am getting alerts like below:

09/16-06:56:07.702959  [**] [1:100000061:0] OR SQL Injection Detected [**] [Priority: 0] {TCP} XX.XXX.XXX.XX:41036 -> XX.XXX.XXX.XX:80
09/16-06:56:07.702959  [**] [1:100000009:0] OR SQL Injection Detected [**] [Priority: 0] {TCP} XX.XXX.XXX.XX:41036 -> XX.XXX.XXX.XX:80
09/16-06:56:07.702959 100.120.56.190:41036 -> 34.107.221.82:80
TCP TTL:64 TOS:0x0 ID:36967 IpLen:20 DgmLen:353 DF
***AP*** Seq: 0xCCC4772  Ack: 0x94D2196F  Win: 0x1F6  TcpLen: 32
TCP Options (3) => NOP NOP TS: 3751144199 2103252965 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Whereas in wireshark pcap the same TCP stream is showing as "TCP retransmission". I don't know I am not a coder and I have no idea if above rules really giving some real alert or not. Kindly Help.