diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 879a4f5995..503bf2547c 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -915,6 +915,10 @@ const frag_timeout = 0.0 sec &redef;
 ##    to be potentially copied and buffered.
 const packet_sort_window = 0 usecs &redef;
 
+## If positive, indicates the encapsulation header size that should
+## be skipped. This applies to all packets.
+const encap_hdr_size = 0 &redef;
+
 ## Whether to use the ``ConnSize`` analyzer to count the number of packets and
 ## IP-level bytes transfered by each endpoint. If true, these values are returned
 ## in the connection's :bro:see:`endpoint`  record value.
diff --git a/src/NetVar.cc b/src/NetVar.cc
index 70aa60c886..b057efad11 100644
--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@@ -30,6 +30,8 @@ int partial_connection_ok;
 int tcp_SYN_ack_ok;
 int tcp_match_undelivered;
 
+int encap_hdr_size;
+
 double frag_timeout;
 
 double tcp_SYN_timeout;
@@ -323,6 +325,8 @@ void init_net_var()
 	tcp_SYN_ack_ok = opt_internal_int("tcp_SYN_ack_ok");
 	tcp_match_undelivered = opt_internal_int("tcp_match_undelivered");
 
+	encap_hdr_size = opt_internal_int("encap_hdr_size");
+
 	frag_timeout = opt_internal_double("frag_timeout");
 
 	tcp_SYN_timeout = opt_internal_double("tcp_SYN_timeout");
diff --git a/src/NetVar.h b/src/NetVar.h
index 7aff9b84e6..e6f6e0cfc4 100644
--- a/src/NetVar.h
+++ b/src/NetVar.h
@@ -33,6 +33,8 @@ extern int partial_connection_ok;
 extern int tcp_SYN_ack_ok;
 extern int tcp_match_undelivered;
 
+extern int encap_hdr_size;
+
 extern double frag_timeout;
 
 extern double tcp_SYN_timeout;
diff --git a/src/Sessions.cc b/src/Sessions.cc
index c754a14698..b5d82f147f 100644
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@@ -158,6 +158,10 @@ void NetSessions::DispatchPacket(double t, const struct pcap_pkthdr* hdr,
 			ip_data = pkt + hdr_size + (ip_hdr->ip_hl << 2);
 		}
 
+	if ( encap_hdr_size > 0 && ip_data )
+		// Blanket encapsulation
+		hdr_size += encap_hdr_size;
+
 	if ( src_ps->FilterType() == TYPE_FILTER_NORMAL )
 		NextPacket(t, hdr, pkt, hdr_size, pkt_elem);
 	else