diff --git a/packet-null.c b/packet-null.c
index 77e9022419..9f3011dd00 100644
--- a/packet-null.c
+++ b/packet-null.c
@@ -1,7 +1,7 @@
 /* packet-null.c
  * Routines for null packet disassembly
  *
- * $Id: packet-null.c,v 1.60 2003/10/01 07:11:44 guy Exp $
+ * $Id: packet-null.c,v 1.61 2003/11/11 20:49:45 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -179,6 +179,19 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
     if ((null_header & 0xFFFF0000) != 0) {
       /* Byte-swap it. */
       null_header = BSWAP32(null_header);
+
+      /*
+       * It is possible that the AF_ type was only a 16 bit value.
+       * IRIX and UNICOS/mp loopback snoop use a 4 byte header with
+       * AF_ type in the first 2 bytes!
+       * BSD AF_ types will always have the upper 8 bits as 0.
+       */
+      if ((null_header & 0x0000FF00) != 0) {
+        guint16 aftype;
+
+        memcpy((char *)&aftype, (const char *)&pd[0], sizeof(aftype));
+        null_header = g_ntohl(aftype);
+      }
     }
 
     /*
@@ -194,6 +207,7 @@ capture_null( const guchar *pd, int len, packet_counts *ld )
     if (null_header > IEEE_802_3_MAX_LEN)
       capture_ethertype(null_header, pd, 4, len, ld);
     else {
+
       switch (null_header) {
 
       case BSD_AF_INET:
@@ -246,6 +260,18 @@ dissect_null(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
     if ((null_header & 0xFFFF0000) != 0) {
       /* Byte-swap it. */
       null_header = BSWAP32(null_header);
+      /*
+       * It is possible that the AF_ type was only a 16 bit value.
+       * IRIX and UNICOS/mp loopback snoop use a 4 byte header with
+       * AF_ type in the first 2 bytes!
+       * BSD AF_ types will always have the upper 8 bits as 0.
+       */
+      if ((null_header & 0x0000FF00) != 0) {
+        guint16 aftype;
+
+        tvb_memcpy(tvb, (guint8 *)&aftype, 0, sizeof(aftype));
+        null_header = g_ntohl(aftype);
+      }
     }
 
     /*
diff --git a/wiretap/snoop.c b/wiretap/snoop.c
index 47b3f643ac..ec341467ac 100644
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@@ -1,6 +1,6 @@
 /* snoop.c
  *
- * $Id: snoop.c,v 1.64 2003/11/04 22:14:50 guy Exp $
+ * $Id: snoop.c,v 1.65 2003/11/11 20:49:46 guy Exp $
  *
  * Wiretap Library
  * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
@@ -189,12 +189,12 @@ int snoop_open(wtap *wth, int *err)
 		WTAP_ENCAP_UNKNOWN,	/* Character Synchronous, e.g. bisync */
 		WTAP_ENCAP_UNKNOWN,	/* IBM Channel-to-Channel */
 		WTAP_ENCAP_FDDI_BITSWAPPED,
-		WTAP_ENCAP_RAW_IP,	/* Other */
+		WTAP_ENCAP_NULL,	/* Other */
 		WTAP_ENCAP_UNKNOWN,	/* Frame Relay LAPF */
 		WTAP_ENCAP_UNKNOWN,	/* Multi-protocol over Frame Relay */
 		WTAP_ENCAP_UNKNOWN,	/* Character Async (e.g., SLIP and PPP?) */
 		WTAP_ENCAP_UNKNOWN,	/* X.25 Classical IP */
-		WTAP_ENCAP_RAW_IP,	/* software loopback */
+		WTAP_ENCAP_NULL,	/* software loopback */
 		WTAP_ENCAP_UNKNOWN,	/* not defined in "dlpi.h" */
 		WTAP_ENCAP_IP_OVER_FC,	/* Fibre Channel */
 		WTAP_ENCAP_UNKNOWN,	/* ATM */