diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro
index 0a42c85d85..2580b003dd 100644
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@@ -73,6 +73,8 @@ global dns_tcp_ports = { 53/tcp } &redef;
 redef dpd_config += { [ANALYZER_DNS_UDP_BINPAC] = [$ports = dns_udp_ports] };
 redef dpd_config += { [ANALYZER_DNS_TCP_BINPAC] = [$ports = dns_tcp_ports] };
 
+redef likely_server_ports += { 53/udp, 53/tcp, 137/udp, 5353/udp, 5355/udp };
+
 event bro_init() &priority=5
 	{
 	Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns]);
diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro
index 2f9f3af77d..e8eb96d3ee 100644
--- a/scripts/base/protocols/ftp/main.bro
+++ b/scripts/base/protocols/ftp/main.bro
@@ -85,6 +85,8 @@ const ports = { 21/tcp } &redef;
 redef capture_filters += { ["ftp"] = "port 21" };
 redef dpd_config += { [ANALYZER_FTP] = [$ports = ports] };
 
+redef likely_server_ports += { 21/tcp };
+
 # Establish the variable for tracking expected connections.
 global ftp_data_expected: table[addr, port] of Info &create_expire=5mins;
 
diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro
index 139531327c..f1699e6414 100644
--- a/scripts/base/protocols/http/main.bro
+++ b/scripts/base/protocols/http/main.bro
@@ -115,6 +115,11 @@ redef capture_filters +=  {
 	["http"] = "tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888)"
 };
 
+redef likely_server_ports += { 
+	80/tcp, 81/tcp, 631/tcp, 1080/tcp, 3138/tcp,
+	8000/tcp, 8080/tcp, 8888/tcp,
+};
+
 function code_in_range(c: count, min: count, max: count) : bool
 	{
 	return c >= min && c <= max;
diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.bro
index 7cccbdf9a3..731a943819 100644
--- a/scripts/base/protocols/irc/main.bro
+++ b/scripts/base/protocols/irc/main.bro
@@ -37,11 +37,15 @@ redef record connection += {
 # Some common IRC ports.
 redef capture_filters += { ["irc-6666"] = "port 6666" };
 redef capture_filters += { ["irc-6667"] = "port 6667" };
+redef capture_filters += { ["irc-6668"] = "port 6668" };
+redef capture_filters += { ["irc-6669"] = "port 6669" };
 
 # DPD configuration.
-global irc_ports = { 6666/tcp, 6667/tcp } &redef;
+global irc_ports = { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp } &redef;
 redef dpd_config += { [ANALYZER_IRC] = [$ports = irc_ports] };
 
+redef likely_server_ports += { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp };
+
 event bro_init() &priority=5
 	{
 	Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log]);
diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro
index 23ea24704e..df7a9e89a1 100644
--- a/scripts/base/protocols/smtp/main.bro
+++ b/scripts/base/protocols/smtp/main.bro
@@ -68,9 +68,11 @@ redef record connection += {
 };
 
 # Configure DPD
-redef capture_filters += { ["smtp"] = "tcp port smtp or tcp port 587" };
+redef capture_filters += { ["smtp"] = "tcp port 25 or tcp port 587" };
 redef dpd_config += { [ANALYZER_SMTP] = [$ports = ports] };
 
+redef likely_server_ports += { 25/tcp, 587/tcp };
+
 event bro_init() &priority=5
 	{
 	Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp]);
diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro
index 09fcb463d0..95d68fe438 100644
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@@ -73,6 +73,8 @@ export {
 redef capture_filters += { ["ssh"] = "tcp port 22" };
 redef dpd_config += { [ANALYZER_SSH] = [$ports = set(22/tcp)] };
 
+redef likely_server_ports += { 22/tcp };
+
 redef record connection += {
 	ssh: Info &optional;
 };
diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index e774a20b89..c3c04d3c93 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -76,6 +76,11 @@ redef dpd_config += {
 	[[ANALYZER_SSL]] = [$ports = ports]
 };
 
+redef likely_server_ports += {
+	443/tcp, 563/tcp, 585/tcp, 614/tcp, 636/tcp,
+	989/tcp, 990/tcp, 992/tcp, 993/tcp, 995/tcp, 5223/tcp
+};
+
 function set_session(c: connection)
 	{
 	if ( ! c?$ssl )
diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.bro
index 41d3794796..2acc843ea8 100644
--- a/scripts/base/protocols/syslog/main.bro
+++ b/scripts/base/protocols/syslog/main.bro
@@ -23,6 +23,8 @@ export {
 redef capture_filters += { ["syslog"] = "port 514" };
 redef dpd_config += { [ANALYZER_SYSLOG_BINPAC] = [$ports = ports] };
 
+redef likely_server_ports += { 514/udp };
+
 redef record connection += {
 	syslog: Info &optional;
 };
diff --git a/testing/btest/Baseline/core.conn-uid/output b/testing/btest/Baseline/core.conn-uid/output
index 25001033e3..6f58e7c10c 100644
--- a/testing/btest/Baseline/core.conn-uid/output
+++ b/testing/btest/Baseline/core.conn-uid/output
@@ -31,7 +31,8 @@
 [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
 [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
-[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
 [orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl
 [orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc
 [orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf
diff --git a/testing/btest/Baseline/core.conn-uid/output.cc b/testing/btest/Baseline/core.conn-uid/output.cc
index 25001033e3..6f58e7c10c 100644
--- a/testing/btest/Baseline/core.conn-uid/output.cc
+++ b/testing/btest/Baseline/core.conn-uid/output.cc
@@ -31,7 +31,8 @@
 [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
 [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
-[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
 [orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl
 [orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc
 [orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf
diff --git a/testing/btest/Baseline/core.conn-uid/output.cc2 b/testing/btest/Baseline/core.conn-uid/output.cc2
index 25001033e3..6f58e7c10c 100644
--- a/testing/btest/Baseline/core.conn-uid/output.cc2
+++ b/testing/btest/Baseline/core.conn-uid/output.cc2
@@ -31,7 +31,8 @@
 [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], h5DsfNtYzi1
 [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GvmoxJFXdTa
 [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UfGkYA2HI2g
-[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], i2rO3KD1Syg
 [orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 2cx26uAvUPl
 [orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], BWaU4aSuwkc
 [orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], 10XodEwRycf
diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/output b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output
index 24639f8b51..24e3e9237b 100644
--- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/output
+++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output
@@ -2,19 +2,19 @@
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1315167051.418730	-	not ip6	F	T
+1318009349.267385	-	not ip6	F	T
 #separator \x09
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1315167051.652097	-	(((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (udp and port 5353)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port smtp or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6)	F	T
+1318009349.503033	-	(((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6)	F	T
 #separator \x09
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1315167051.885416	-	port 42	F	T
+1318009349.748468	-	port 42	F	T
 #separator \x09
 #path	packet_filter
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1315167052.120658	-	port 56730	T	T
+1318009349.995387	-	port 56730	T	T
diff --git a/testing/btest/Baseline/scripts.base.utils.files/output b/testing/btest/Baseline/scripts.base.utils.files/output
index 99691c7efb..ab92c3a624 100644
--- a/testing/btest/Baseline/scripts.base.utils.files/output
+++ b/testing/btest/Baseline/scripts.base.utils.files/output
@@ -30,3 +30,7 @@ test-prefix_141.142.220.118:35642-208.80.152.2:80_test-suffix
 test-prefix_141.142.220.118:35642-208.80.152.2:80
 141.142.220.118:35642-208.80.152.2:80_test-suffix
 141.142.220.118:35642-208.80.152.2:80
+test-prefix_141.142.220.235:6705-173.192.163.128:80_test-suffix
+test-prefix_141.142.220.235:6705-173.192.163.128:80
+141.142.220.235:6705-173.192.163.128:80_test-suffix
+141.142.220.235:6705-173.192.163.128:80