diff --git a/src/packet_analysis/protocol/default/Default.cc b/src/packet_analysis/protocol/default/Default.cc
index 72e226fcad..d3e3901c1b 100644
--- a/src/packet_analysis/protocol/default/Default.cc
+++ b/src/packet_analysis/protocol/default/Default.cc
@@ -17,7 +17,7 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
 	// Assume we're pointing at IP. Just figure out which version.
 	if ( pdata + sizeof(struct ip) >= packet->GetEndOfData() )
 		{
-		packet->Weird("default_ll_analyser_failed");
+		packet->Weird("packet_analyzer_truncated_header");
 		return { AnalyzerResult::Failed, 0 };
 		}
 
diff --git a/src/packet_analysis/protocol/ethernet/Ethernet.cc b/src/packet_analysis/protocol/ethernet/Ethernet.cc
index 261f30a0f0..9db434d82c 100644
--- a/src/packet_analysis/protocol/ethernet/Ethernet.cc
+++ b/src/packet_analysis/protocol/ethernet/Ethernet.cc
@@ -15,6 +15,14 @@ std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identif
 	auto& pdata = packet->cur_pos;
 	auto end_of_data = packet->GetEndOfData();
 
+	// Make sure that we actually got an entire ethernet header before trying
+	// to pull bytes out of it.
+	if ( pdata + 16 >= end_of_data )
+		{
+		packet->Weird("truncated_ethernet_frame");
+		return { AnalyzerResult::Failed, 0 };
+		}
+
 	// Skip past Cisco FabricPath to encapsulated ethernet frame.
 	if ( pdata[12] == 0x89 && pdata[13] == 0x03 )
 		{
diff --git a/testing/btest/Baseline/core.truncation/output b/testing/btest/Baseline/core.truncation/output
index 0bd1083165..9625b3a1bb 100644
--- a/testing/btest/Baseline/core.truncation/output
+++ b/testing/btest/Baseline/core.truncation/output
@@ -3,78 +3,78 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-02-14-29-19
+#open	2020-07-14-01-19-19
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334160095.895421	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-07-02-14-29-19
+#close	2020-07-14-01-19-19
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-02-14-29-20
+#open	2020-07-14-01-19-20
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334156241.519125	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-07-02-14-29-20
+#close	2020-07-14-01-19-20
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-02-14-29-20
+#open	2020-07-14-01-19-21
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334094648.590126	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-07-02-14-29-20
+#close	2020-07-14-01-19-21
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-02-14-29-21
+#open	2020-07-14-01-19-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1338328954.078361	-	-	-	-	-	internally_truncated_header	-	F	zeek
-#close	2020-07-02-14-29-21
+#close	2020-07-14-01-19-23
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-02-14-29-21
+#open	2020-07-14-01-19-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 0.000000	-	-	-	-	-	truncated_ethernet_frame	-	F	zeek
-#close	2020-07-02-14-29-21
+#close	2020-07-14-01-19-24
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-02-14-29-21
+#open	2020-07-14-01-19-25
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1508360735.834163	-	163.253.48.183	0	192.150.187.43	0	invalid_IP_header_size	-	F	zeek
-#close	2020-07-02-14-29-21
+#close	2020-07-14-01-19-25
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-02-14-29-21
+#open	2020-07-14-01-19-26
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1508360735.834163	-	163.253.48.183	0	192.150.187.43	0	internally_truncated_header	-	F	zeek
-#close	2020-07-02-14-29-22
+#close	2020-07-14-01-19-26
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-02-14-29-22
+#open	2020-07-14-01-19-27
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1500557630.000000	-	0.255.0.255	0	15.254.2.1	0	invalid_IP_header_size_in_tunnel	-	F	zeek
-#close	2020-07-02-14-29-22
+#close	2020-07-14-01-19-27