diff --git a/src/Val.cc b/src/Val.cc
index abae677754..4db8aedd73 100644
--- a/src/Val.cc
+++ b/src/Val.cc
@@ -768,7 +768,7 @@ PortManager::PortManager()
 		auto port_type = (TransportProto)i;
 
 		for ( auto j = 0u; j < arr.size(); ++j )
-			arr[j] = new PortVal(j, port_type);
+			arr[j] = new PortVal(Mask(j, port_type), true);
 		}
 	}
 
@@ -807,34 +807,45 @@ PortVal* PortManager::Get(uint32 port_num, TransportProto port_type) const
 	return rval;
 	}
 
-PortVal::PortVal(uint32 p, TransportProto port_type) : Val(TYPE_PORT)
+uint32 PortManager::Mask(uint32 port_num, TransportProto port_type) const
 	{
 	// Note, for ICMP one-way connections:
 	// src_port = icmp_type, dst_port = icmp_code.
 
-	if ( p >= 65536 )
+	if ( port_num >= 65536 )
 		{
-		InternalWarning("bad port number");
-		p = 0;
+		reporter->Warning("bad port number %d", port_num);
+		port_num = 0;
 		}
 
 	switch ( port_type ) {
 	case TRANSPORT_TCP:
-		p |= TCP_PORT_MASK;
+		port_num |= TCP_PORT_MASK;
 		break;
 
 	case TRANSPORT_UDP:
-		p |= UDP_PORT_MASK;
+		port_num |= UDP_PORT_MASK;
 		break;
 
 	case TRANSPORT_ICMP:
-		p |= ICMP_PORT_MASK;
+		port_num |= ICMP_PORT_MASK;
 		break;
 
 	default:
-		break;	// "other"
+		break;	// "unknown/other"
 	}
 
+	return port_num;
+	}
+
+PortVal::PortVal(uint32 p, TransportProto port_type) : Val(TYPE_PORT)
+	{
+	auto port_num = port_mgr->Mask(p, port_type);
+	val.uint_val = static_cast<bro_uint_t>(port_num);
+	}
+
+PortVal::PortVal(uint32 p, bool unused) : Val(TYPE_PORT)
+	{
 	val.uint_val = static_cast<bro_uint_t>(p);
 	}
 
diff --git a/src/Val.h b/src/Val.h
index d0538db8ee..6da37b7137 100644
--- a/src/Val.h
+++ b/src/Val.h
@@ -510,9 +510,15 @@ public:
 	~PortManager();
 
 	// Port number given in host order.
-	PortVal* Get(uint32 port_num) const;
 	PortVal* Get(uint32 port_num, TransportProto port_type) const;
 
+	// Host-order port number already masked with port space protocol mask.
+	PortVal* Get(uint32 port_num) const;
+
+	// Returns a masked port number
+	uint32 Mask(uint32 port_num, TransportProto port_type) const;
+
+private:
 	std::array<std::array<PortVal*, 65536>, NUM_PORT_SPACES> ports;
 };
 
@@ -520,6 +526,14 @@ extern PortManager* port_mgr;
 
 class PortVal : public Val {
 public:
+	// Port number given in host order.
+	BRO_DEPRECATED("use port_mgr->Get() instead")
+	PortVal(uint32 p, TransportProto port_type);
+
+	// Host-order port number already masked with port space protocol mask.
+	BRO_DEPRECATED("use port_mgr->Get() instead")
+	PortVal(uint32 p);
+
 	Val* SizeVal() const override	{ return new Val(val.uint_val, TYPE_INT); }
 
 	// Returns the port number in host order (not including the mask).
@@ -546,10 +560,7 @@ protected:
 	friend class Val;
 	friend class PortManager;
 	PortVal()	{}
-	// Constructors - both take the port number in host order.
-	PortVal(uint32 p, TransportProto port_type);
-	PortVal(uint32 p);	// used for already-massaged port value.
-
+	PortVal(uint32 p, bool unused);
 
 	void ValDescribe(ODesc* d) const override;