diff --git a/print-esp.c b/print-esp.c
index 61c3e13bf..425ad95b8 100644
--- a/print-esp.c
+++ b/print-esp.c
@@ -409,6 +409,25 @@ int espprint_decode_hex(netdissect_options *ndo,
 	return i;
 }
 
+static int
+strendswith(const char *str, const char *end)
+{
+	char *p;
+	const size_t str_len = strlen(str);
+	const size_t end_len = strlen(end);
+
+	/*
+	 * Find substring at the end of given substring. If present,
+	 * cut str by placing '\0' right before ending substring.
+	 */
+	if (str_len > end_len && !strcmp(str + str_len - end_len, end)) {
+		p = strstr(str, end);
+		*p = '\0';
+		return 1;
+	}
+	return 0;
+}
+
 /*
  * decode the form:    SPINUM@IP <tab> ALGONAME:0xsecret
  */
@@ -421,7 +440,7 @@ espprint_decode_encalgo(netdissect_options *ndo,
 	size_t i;
 	const EVP_CIPHER *evp;
 	int authlen = 0;
-	char *colon, *p;
+	char *colon;
 
 	colon = strchr(decode, ':');
 	if (colon == NULL) {
@@ -430,18 +449,13 @@ espprint_decode_encalgo(netdissect_options *ndo,
 	}
 	*colon = '\0';
 
-	if (strlen(decode) > strlen("-hmac96") &&
-	    !strcmp(decode + strlen(decode) - strlen("-hmac96"),
-		    "-hmac96")) {
-		p = strstr(decode, "-hmac96");
-		*p = '\0';
+	if (strendswith(decode, "-hmac96"))
 		authlen = 12;
-	}
-	if (strlen(decode) > strlen("-cbc") &&
-	    !strcmp(decode + strlen(decode) - strlen("-cbc"), "-cbc")) {
-		p = strstr(decode, "-cbc");
-		*p = '\0';
-	}
+
+	if (strendswith(decode, "-hmac-sha256-128"))
+		authlen = 16;
+
+	(void)strendswith(decode, "-cbc");
 	evp = EVP_get_cipherbyname(decode);
 
 	if (!evp) {