Network's speed continues to increase at a high rate resulting in massive network traffic. This results in a need to have a high-speed network intrusion detection system (NIDS) to detect malicious traffic. Snort is a software-based NIDS that can run as a single threaded application. However, it may not be able to detect intrusions in real-time especially in networks with high traffic. This paper proposes a two layer framework where Snort will run as a second line of defense and will be executed only when deep payload analysis is needed. To accelerate the efficiency of Snort, the proposed system will dynamically offload the most frequent rules or signatures to a NetFPGA based hardware. The NetFPGA will work as a first line of defense that accelerates the detection by filtering all the traffic looking for intrusions. This will be done by analyzing the captured packet header to match the offloaded rules or signatures.