diff --git a/usr.sbin/tcpdump/print-tcp.c b/usr.sbin/tcpdump/print-tcp.c
index 58e24b7e1c7b..cd81750a6364 100644
--- a/usr.sbin/tcpdump/print-tcp.c
+++ b/usr.sbin/tcpdump/print-tcp.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: print-tcp.c,v 1.6 1996/05/20 00:41:14 fvdl Exp $	*/
+/*	$NetBSD: print-tcp.c,v 1.7 1996/05/26 18:35:14 fvdl Exp $	*/
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994
@@ -37,6 +37,8 @@ static char rcsid[] =
 #include <netinet/tcp.h>
 #include <netinet/tcpip.h>
 
+#include <rpc/rpc.h>
+
 #include <stdio.h>
 #ifdef __STDC__
 #include <stdlib.h>
@@ -122,12 +124,14 @@ tcp_print(register const u_char *bp, register int length,
 	 * to NFS print routines.
 	 */
 	if (!qflag) {
-		if (length > 0 && dport == NFS_PORT) {
+		if ((u_char *)tp + 4 + sizeof(struct rpc_msg) <= snapend &&
+		    dport == NFS_PORT) {
 			nfsreq_print((u_char *)tp + hlen + 4, length,
 				     (u_char *)ip);
 			return;
 		}
-		else if (length > 0 && sport == NFS_PORT) {
+		else if ((u_char *)tp + 4 + sizeof(struct rpc_msg) <= snapend &&
+		    sport == NFS_PORT) {
 			nfsreply_print((u_char *)tp + hlen + 4, length,
 				       (u_char *)ip);
 			return;