diff --git a/testing/btest/Baseline/scripts.base.frameworks.analyzer.request-response-protocol-differences/conn-http-to-ssh.log b/testing/btest/Baseline/scripts.base.frameworks.analyzer.request-response-protocol-differences/conn-http-to-ssh.log
new file mode 100644
index 0000000000..af72f66ac8
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.analyzer.request-response-protocol-differences/conn-http-to-ssh.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents	ip_proto
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]	count
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40896	127.0.0.1	22	tcp	-	0.001845	75	78	RSTR	T	T	0	ShADadFr	7	447	6	398	-	6
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.frameworks.analyzer.request-response-protocol-differences/conn-https-to-http.log b/testing/btest/Baseline/scripts.base.frameworks.analyzer.request-response-protocol-differences/conn-https-to-http.log
new file mode 100644
index 0000000000..5e026f7c3d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.analyzer.request-response-protocol-differences/conn-https-to-http.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents	ip_proto
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]	count
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	50382	127.0.0.1	80	tcp	-	0.028273	517	468	RSTO	T	T	0	ShADadfR	5	785	4	684	-	6
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Traces/http/http-to-ssh.pcap b/testing/btest/Traces/http/http-to-ssh.pcap
new file mode 100644
index 0000000000..7393dd6f53
Binary files /dev/null and b/testing/btest/Traces/http/http-to-ssh.pcap differ
diff --git a/testing/btest/Traces/tls/https-to-http.pcap b/testing/btest/Traces/tls/https-to-http.pcap
new file mode 100644
index 0000000000..5037527177
Binary files /dev/null and b/testing/btest/Traces/tls/https-to-http.pcap differ
diff --git a/testing/btest/scripts/base/frameworks/analyzer/request-response-protocol-differences.zeek b/testing/btest/scripts/base/frameworks/analyzer/request-response-protocol-differences.zeek
new file mode 100644
index 0000000000..90332067ce
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/analyzer/request-response-protocol-differences.zeek
@@ -0,0 +1,10 @@
+# This test checks behavior when the originator and responder protocols
+# differ - e.g. when a HTTPS client connects to a HTTP port.
+#
+# @TEST-EXEC: zeek -r ${TRACES}/http/http-to-ssh.pcap
+# @TEST-EXEC: mv conn.log conn-http-to-ssh.log
+# @TEST-EXEC: zeek -r ${TRACES}/tls/https-to-http.pcap
+# @TEST-EXEC: mv conn.log conn-https-to-http.log
+# @TEST-EXEC: btest-diff conn-http-to-ssh.log
+# @TEST-EXEC: btest-diff conn-https-to-http.log
+