diff --git a/pkg/capture/flow.go b/pkg/capture/flow.go
index 82623091..b6f0e488 100644
--- a/pkg/capture/flow.go
+++ b/pkg/capture/flow.go
@@ -71,7 +71,7 @@ func ParsePacket(ipLayer capture.IPLayer) (epHash capturetypes.EPHash, isIPv4 bo
 	var protocol byte
 	if ipLayerType := ipLayer.Type(); ipLayerType == ipLayerTypeV4 {
 
-		_ = ipLayer[ipv4.HeaderLen] // bounds check hint to compiler
+		_ = ipLayer[ipv4.HeaderLen-1] // bounds check hint to compiler
 
 		isIPv4, protocol = true, ipLayer[9]
 
@@ -126,7 +126,7 @@ func ParsePacket(ipLayer capture.IPLayer) (epHash capturetypes.EPHash, isIPv4 bo
 		}
 	} else if ipLayerType == ipLayerTypeV6 {
 
-		_ = ipLayer[ipv6.HeaderLen] // bounds check hint to compiler
+		_ = ipLayer[ipv6.HeaderLen-1] // bounds check hint to compiler
 
 		protocol = ipLayer[6]
 
diff --git a/pkg/capture/packet_test.go b/pkg/capture/packet_test.go
index d2632371..e51e62a0 100644
--- a/pkg/capture/packet_test.go
+++ b/pkg/capture/packet_test.go
@@ -79,6 +79,31 @@ func TestPortMergeLogic(t *testing.T) {
 	}
 }
 
+func TestSmallInvalidIPPackets(t *testing.T) {
+	invalidProto := byte(0xF8)
+
+	for _, params := range []testParams{
+		{"10.0.0.1", "10.0.0.2", 0, 0, invalidProto, 0x0, capturetypes.DirectionRemains},
+		{"2c04:4000::6ab", "2c01:2000::3", 0, 0, invalidProto, 0x0, capturetypes.DirectionRemains},
+	} {
+		testPacket := params.genDummyPacket(0)
+		refHash, refIsIPv4 := params.genEPHash()
+
+		var croppedIPLayer capture.IPLayer
+		if refIsIPv4 {
+			croppedIPLayer = testPacket.IPLayer()[:ipv4.HeaderLen]
+		} else {
+			croppedIPLayer = testPacket.IPLayer()[:ipv6.HeaderLen]
+		}
+
+		epHash, isIPv4, _, errno := ParsePacket(croppedIPLayer)
+		require.Equal(t, capturetypes.ErrnoOK, errno, "population error")
+
+		require.Equal(t, refHash, epHash)
+		require.Equal(t, refIsIPv4, isIPv4)
+	}
+}
+
 func TestPopulation(t *testing.T) {
 	for _, params := range testCases {
 		t.Run(params.String(), func(t *testing.T) {