2 files changed, 21 insertions, 9 deletions

diff --git a/doc/editcap.pod b/doc/editcap.pod
index a122332f1d..0eff2c943d 100644
--- a/doc/editcap.pod
+++ b/doc/editcap.pod
@@ -178,9 +178,10 @@ opened. The default is to use a single output file.
 
 =item -I  E<lt>bytes to ignoreE<gt>
 
-Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation
-Useful to remove duplicated packets taken on several routers(differents mac addresses for example)
-e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
+Ignore the specified number of bytes at the beginning of the frame during MD5 hash calculation,
+unless the frame is too short, then the full frame is used.
+Useful to remove duplicated packets taken on several routers (different mac addresses for example)
+e.g. -I 26 in case of Ether/IP will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
 The default value is 0.
 
 =item -L
diff --git a/editcap.c b/editcap.c
index f2da469e41..43aa6a3b08 100644
--- a/editcap.c
+++ b/editcap.c
@@ -581,11 +581,16 @@ is_duplicate(guint8* fd, guint32 len) {
     md5_state_t ms;
 
     /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */
+    guint32 offset = ignored_bytes;
     guint32 new_len;
     guint8 *new_fd;
 
-    new_fd  = &fd[ignored_bytes];
-    new_len = len - (ignored_bytes);
+    if (len <= ignored_bytes) {
+        offset = 0;
+    }
+
+    new_fd  = &fd[offset];
+    new_len = len - (offset);
 
     cur_dup_entry++;
     if (cur_dup_entry >= dup_window)
@@ -618,11 +623,16 @@ is_duplicate_rel_time(guint8* fd, guint32 len, const nstime_t *current) {
     md5_state_t ms;
 
     /*Hint to ignore some bytes at the start of the frame for the digest calculation(-I option) */
+    guint32 offset = ignored_bytes;
     guint32 new_len;
     guint8 *new_fd;
 
-    new_fd  = &fd[ignored_bytes];
-    new_len = len - (ignored_bytes);
+    if (len <= ignored_bytes) {
+        offset = 0;
+    }
+
+    new_fd  = &fd[offset];
+    new_len = len - (offset);
 
     cur_dup_entry++;
     if (cur_dup_entry >= dup_window)
@@ -752,8 +762,9 @@ print_usage(FILE *output)
     fprintf(output, "                         (e.g. 0.000001).\n");
     fprintf(output, "  -a <framenum>:<comment> Add or replace comment for given frame number\n");
     fprintf(output, "\n");
-    fprintf(output, "  -I <bytes to ignore>   ignore the specified bytes at the beginning of\n");
-    fprintf(output, "                         the frame during MD5 hash calculation.\n");
+    fprintf(output, "  -I <bytes to ignore>   ignore the specified number of bytes at the beginning\n");
+    fprintf(output, "                         of the frame during MD5 hash calculation, unless the\n");
+    fprintf(output, "                         frame is too short, then the full frame is used.\n");
     fprintf(output, "                         Useful to remove duplicated packets taken on\n");
     fprintf(output, "                         several routers (different mac addresses for\n");
     fprintf(output, "                         example).\n");