diff --git a/src/packet_analysis/protocol/ip/IP.cc b/src/packet_analysis/protocol/ip/IP.cc
index e739cc3e31..982cb51f40 100644
--- a/src/packet_analysis/protocol/ip/IP.cc
+++ b/src/packet_analysis/protocol/ip/IP.cc
@@ -155,6 +155,10 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 	detail::FragReassembler* f = nullptr;
 
+	// Store this off so that it can be reset back to the original value before returning from
+	// this method.
+	size_t orig_cap_len = packet->cap_len;
+
 	if ( packet->ip_hdr->IsFragment() )
 		{
 		packet->dump_packet = true; // always record fragments
@@ -187,13 +191,14 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 			len = total_len = packet->ip_hdr->TotalLen();
 			ip_hdr_len = packet->ip_hdr->HdrLen();
-			packet->cap_len = total_len + hdr_size;
 
 			if ( ip_hdr_len > total_len )
 				{
 				Weird("invalid_IP_header_size", packet);
 				return false;
 				}
+
+			packet->cap_len = total_len + hdr_size;
 			}
 		}
 
@@ -208,6 +213,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 			event_mgr.Enqueue(esp_packet, packet->ip_hdr->ToPktHdrVal());
 
 		// Can't do more since upper-layer payloads are going to be encrypted.
+		packet->cap_len = orig_cap_len;
 		return true;
 		}
 
@@ -221,6 +227,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		     mobility_header_checksum(packet->ip_hdr.get()) != 0xffff )
 			{
 			Weird("bad_MH_checksum", packet);
+			packet->cap_len = orig_cap_len;
 			return false;
 			}
 
@@ -230,6 +237,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 		if ( packet->ip_hdr->NextProto() != IPPROTO_NONE )
 			Weird("mobility_piggyback", packet);
 
+		packet->cap_len = orig_cap_len;
 		return true;
 		}
 
@@ -253,6 +261,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	if ( total_len < packet->ip_hdr->HdrLen() )
 		{
 		Weird("bogus_IP_header_lengths", packet);
+		packet->cap_len = orig_cap_len;
 		return false;
 		}
 
@@ -280,6 +289,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	if ( f )
 		f->DeleteTimer();
 
+	packet->cap_len = orig_cap_len;
 	return return_val;
 	}