diff --git a/src/sniffer.c b/src/sniffer.c
index bfacbf8f0..43063854c 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -410,9 +410,11 @@ static word32 MissedDataSessions = 0;    /* # of sessions with missed data */
 static SSLConnCb ConnectionCb;
 static void* ConnectionCbCtx = NULL;
 
+#ifdef WOLFSSL_SNIFFER_STATS
 /* Sessions Statistics */
 static SSLStats SnifferStats;
 static wolfSSL_Mutex StatsMutex;
+#endif
 
 
 static void UpdateMissedDataSessions(void)
@@ -423,21 +425,25 @@ static void UpdateMissedDataSessions(void)
 }
 
 
+#ifdef WOLFSSL_SNIFFER_STATS
 #define ADD_TO_STAT(x,y) do { wc_LockMutex(&StatsMutex); \
     x += y; \
     wc_UnLockMutex(&StatsMutex); } while (0)
 #define INC_STAT(x) ADD_TO_STAT(x,1)
+#endif
 
 
 /* Initialize overall Sniffer */
 void ssl_InitSniffer(void)
 {
     wolfSSL_Init();
-    XMEMSET(&SnifferStats, 0, sizeof(SSLStats));
     wc_InitMutex(&ServerListMutex);
     wc_InitMutex(&SessionMutex);
     wc_InitMutex(&RecoveryMutex);
+#ifdef WOLFSSL_SNIFFER_STATS
+    XMEMSET(&SnifferStats, 0, sizeof(SSLStats));
     wc_InitMutex(&StatsMutex);
+#endif
 }
 
 
@@ -1811,7 +1817,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
                               SnifferSession* session, char* error)
 {
     ProtocolVersion pv;
-    byte            b;
+    byte            b, b0;
     int             toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
     int             doResume     = 0;
     int             initialBytes = *sslBytes;
@@ -1859,14 +1865,33 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     *sslBytes -= b;
 
     /* cipher suite */
-    b = *input++;  /* first byte, ECC or not */
-    session->sslServer->options.cipherSuite0 = b;
-    session->sslClient->options.cipherSuite0 = b;
+    b0 = *input++;  /* first byte, ECC or not */
+    session->sslServer->options.cipherSuite0 = b0;
+    session->sslClient->options.cipherSuite0 = b0;
     b = *input++;
     session->sslServer->options.cipherSuite = b;
     session->sslClient->options.cipherSuite = b;
     *sslBytes -= SUITE_LEN;
 
+#ifdef WOLFSSL_SNIFFER_STATS
+    {
+        const CipherSuiteInfo* suites = GetCipherNames();
+        int suitesSz = GetCipherNamesSize();
+        int match = 0;
+
+        while (suitesSz) {
+            if (b0 == suites->cipherSuite0 && b == suites->cipherSuite) {
+                match = 1;
+                break;
+            }
+            suites++;
+            suitesSz--;
+        }
+        if (!match)
+            INC_STAT(SnifferStats.sslCiphersUnsupported);
+    }
+#endif /* WOLFSSL_SNIFFER_STATS */
+
     /* compression */
     b = *input++;
     *sslBytes -= ENUM_LEN;
@@ -1936,8 +1961,11 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         if (XMEMCMP(session->sslServer->arrays->sessionID,
                     session->sslClient->arrays->sessionID, ID_LEN) == 0)
             doResume = 1;
-        else if (session->sslClient->options.haveSessionId)
+        else if (session->sslClient->options.haveSessionId) {
+#ifdef WOLFSSL_SNIFFER_STATS
             INC_STAT(SnifferStats.sslResumeMisses);
+#endif
+        }
     }
     else if (session->sslClient->options.haveSessionId == 0 &&
              session->sslServer->options.haveSessionId == 0 &&
@@ -1965,7 +1993,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         session->flags.resuming = 1;
 
         Trace(SERVER_DID_RESUMPTION_STR);
+#ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslResumedConns);
+#endif
         if (SetCipherSpecs(session->sslServer) != 0) {
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
             return -1;
@@ -1993,7 +2023,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
         }
     }
     else {
+#ifdef WOLFSSL_SNIFFER_STATS
         INC_STAT(SnifferStats.sslStandardConns);
+#endif
     }
 #ifdef SHOW_SECRETS
     {
@@ -2305,6 +2337,9 @@ static int DoHandShake(const byte* input, int* sslBytes,
             Trace(GOT_CERT_REQ_STR);
             break;
         case server_key_exchange:
+#ifdef WOLFSSL_SNIFFER_STATS
+            INC_STAT(SnifferStats.sslKeyFails);
+#endif
             Trace(GOT_SERVER_KEY_EX_STR);
             /* can't know temp key passively */
             SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
@@ -2312,8 +2347,11 @@ static int DoHandShake(const byte* input, int* sslBytes,
             break;
         case certificate:
             Trace(GOT_CERT_STR);
-            if (session->flags.side == WOLFSSL_CLIENT_END)
+            if (session->flags.side == WOLFSSL_SERVER_END) {
+#ifdef WOLFSSL_SNIFFER_STATS
                 INC_STAT(SnifferStats.sslClientAuthConns);
+#endif
+            }
             break;
         case server_hello_done:
             Trace(GOT_SERVER_HELLO_DONE_STR);
@@ -3598,7 +3636,9 @@ doPart:
             break;
         case alert:
             Trace(GOT_ALERT_STR);
+#ifdef WOLFSSL_SNIFFER_STATS
             INC_STAT(SnifferStats.sslAlerts);
+#endif
             sslFrame += rhSize;
             sslBytes -= rhSize;
             break;
@@ -3867,6 +3907,8 @@ int ssl_SetConnectionCtx(void* ctx)
 }
 
 
+#ifdef WOLFSSL_SNIFFER_STATS
+
 /* Resets the statistics tracking global structure.
  * returns 0 on success, -1 on error */
 int ssl_ResetStatistics(void)
@@ -3891,6 +3933,8 @@ int ssl_ReadStatistics(SSLStats* stats)
     return 0;
 }
 
+#endif /* WOLFSSL_SNIFFER_STATS */
+
 
 #endif /* WOLFSSL_SNIFFER */
 #endif /* WOLFCRYPT_ONLY */
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 5aadccae6..7fe607db5 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -87,18 +87,68 @@ static void FreeAll(void)
 #endif
 }
 
-static void sig_handler(const int sig)
+
+#ifdef WOLFSSL_SNIFFER_STATS
+
+static void DumpStats(void)
 {
     SSLStats sslStats;
     ssl_ReadStatistics(&sslStats);
-    printf("SSL Stats (sslStandardConns):%u\n", sslStats.sslStandardConns);
-    printf("SSL Stats (sslClientAuthConns):%u\n", sslStats.sslClientAuthConns);
-    printf("SSL Stats (sslResumedConns):%u\n", sslStats.sslResumedConns);
-    printf("SSL Stats (sslResumeMisses):%u\n", sslStats.sslResumeMisses);
-    printf("SSL Stats (sslAlerts):%u\n", sslStats.sslAlerts);
 
+    printf("SSL Stats (sslStandardConns):%u\n",
+            sslStats.sslStandardConns);
+    printf("SSL Stats (sslRehandshakeConns):%u\n",
+            sslStats.sslRehandshakeConns);
+    printf("SSL Stats (sslClientAuthConns):%u\n",
+            sslStats.sslClientAuthConns);
+    printf("SSL Stats (sslResumedConns):%u\n",
+            sslStats.sslResumedConns);
+    printf("SSL Stats (sslResumedRehandshakeConns):%u\n",
+            sslStats.sslResumedRehandshakeConns);
+    printf("SSL Stats (sslClientAuthRehandshakeConns):%u\n",
+            sslStats.sslClientAuthRehandshakeConns);
+    printf("SSL Stats (sslEphemeralMisses):%u\n",
+            sslStats.sslEphemeralMisses);
+    printf("SSL Stats (sslResumeMisses):%u\n",
+            sslStats.sslResumeMisses);
+    printf("SSL Stats (sslCiphersUnsupported):%u\n",
+            sslStats.sslCiphersUnsupported);
+    printf("SSL Stats (sslKeysUnmatched):%u\n",
+            sslStats.sslKeysUnmatched);
+    printf("SSL Stats (sslKeyFails):%u\n",
+            sslStats.sslKeyFails);
+    printf("SSL Stats (sslDecodeFails):%u\n",
+            sslStats.sslDecodeFails);
+    printf("SSL Stats (sslAlerts):%u\n",
+            sslStats.sslAlerts);
+    printf("SSL Stats (sslDecryptedBytes):%u\n",
+            sslStats.sslDecryptedBytes);
+    printf("SSL Stats (sslEncryptedBytes):%u\n",
+            sslStats.sslEncryptedBytes);
+    printf("SSL Stats (sslEncryptedPackets):%u\n",
+            sslStats.sslEncryptedPackets);
+    printf("SSL Stats (sslDecryptedPackets):%u\n",
+            sslStats.sslDecryptedPackets);
+    printf("SSL Stats (sslEncryptedConnsPerSecond):%u\n",
+            sslStats.sslEncryptedConnsPerSecond);
+    printf("SSL Stats (sslKeyMatches):%u\n",
+            sslStats.sslKeyMatches);
+    printf("SSL Stats (sslActiveEncryptedConnsPerSecond):%u\n",
+            sslStats.sslActiveEncryptedConnsPerSecond);
+    printf("SSL Stats (sslActiveFlowsPerSecond):%u\n",
+            sslStats.sslActiveFlowsPerSecond);
+}
+
+#endif
+
+
+static void sig_handler(const int sig)
+{
     printf("SIGINT handled = %d.\n", sig);
     FreeAll();
+#ifdef WOLFSSL_SNIFFER_STATS
+    DumpStats();
+#endif
     if (sig)
         exit(EXIT_SUCCESS);
 }
diff --git a/wolfssl/sniffer.h b/wolfssl/sniffer.h
index 66a78f005..9e50099c6 100644
--- a/wolfssl/sniffer.h
+++ b/wolfssl/sniffer.h
@@ -136,25 +136,25 @@ SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx);
 
 typedef struct SSLStats
 {
-    unsigned int sslStandardConns;
+    unsigned int sslStandardConns; /* X */
     unsigned int sslRehandshakeConns; /* unsupported */
-    unsigned int sslClientAuthConns;
-    unsigned int sslResumedConns;
+    unsigned int sslClientAuthConns; /* X */
+    unsigned int sslResumedConns; /* X */
     unsigned int sslResumedRehandshakeConns; /* unsupported */
     unsigned int sslClientAuthRehandshakeConns; /* unsupported */
     unsigned int sslEphemeralMisses;
-    unsigned int sslResumeMisses;
-    unsigned int sslCiphersUnsupported;
-    unsigned int sslKeysUnmatched;
+    unsigned int sslResumeMisses; /* X */
+    unsigned int sslCiphersUnsupported; /* X */
+    unsigned int sslKeysUnmatched; /* X */
     unsigned int sslKeyFails;
     unsigned int sslDecodeFails;
-    unsigned int sslAlerts;
+    unsigned int sslAlerts; /* X */
     unsigned int sslDecryptedBytes;
     unsigned int sslEncryptedBytes;
     unsigned int sslEncryptedPackets;
     unsigned int sslDecryptedPackets;
     unsigned int sslEncryptedConnsPerSecond;
-    unsigned int sslKeyMatches;
+    unsigned int sslKeyMatches; /* X */
     unsigned int sslActiveEncryptedConnsPerSecond;
     unsigned int sslActiveFlowsPerSecond;
 } SSLStats;