diff --git a/src/sniffer.c b/src/sniffer.c
index dc23c0698..826adf232 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -4730,7 +4730,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
         word32 i, offset, headerSz, qty, remainder;
 
         Trace(CHAIN_INPUT_STR);
-        headerSz = (word32)*sslFrame - (word32)chain[0].iov_base;
+        headerSz = (word32)((const byte*)*sslFrame - (const byte*)chain[0].iov_base);
         remainder = *sslBytes;
 
         if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index ec4fc31a2..c073d45da 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -519,15 +519,27 @@ int main(int argc, char** argv)
         #endif
             ret = ssl_SetPrivateKey(server, port, argv[2],
                                 FILETYPE_PEM, passwd, err);
+
             if (ret == 0)
                 loadCount++;
-            if (loadCount > 0) {
-                ret = 0;
-            }
-            else {
+
+            if (loadCount == 0) {
                 printf("Failed loading private key %d\n", ret);
                 exit(EXIT_FAILURE);
             }
+
+            /* Only let through TCP/IP packets */
+            ret = pcap_compile(pcap, &fp, "(ip6 or ip) and tcp", 0, 0);
+            if (ret != 0) {
+                printf("pcap_compile failed %s\n", pcap_geterr(pcap));
+                exit(EXIT_FAILURE);
+            }
+
+            ret = pcap_setfilter(pcap, &fp);
+            if (ret != 0) {
+                printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
+                exit(EXIT_FAILURE);
+            }
         }
     }
     else {