diff --git a/scripts/policy/protocols/conn/speculative-service.zeek b/scripts/policy/protocols/conn/speculative-service.zeek
new file mode 100644
index 0000000000..2fb9b1cdaa
--- /dev/null
+++ b/scripts/policy/protocols/conn/speculative-service.zeek
@@ -0,0 +1,34 @@
+##! This script adds information about matched DPD signatures to the connection
+##! log.
+
+@load base/protocols/conn
+
+module Conn;
+
+redef record Info += {
+	## Protocol that was determined by a matching signature after the beginning
+	## of a connection. In this situation no analyzer can be attached and hence
+	## the data cannot be analyzed nor the protocol can be confirmed.
+	speculative_service: string &log &optional;
+};
+
+redef record connection += {
+	speculative_service: set[string] &default=string_set();
+};
+
+redef dpd_match_only_beginning = F;
+redef dpd_late_match_stop = T;
+
+event protocol_late_match(c: connection, atype: Analyzer::Tag)
+	{
+	local analyzer = Analyzer::name(atype);
+	add c$speculative_service[analyzer];
+	}
+
+event connection_state_remove(c: connection)
+	{
+	local sp_service = "";
+	for ( s in c$speculative_service )
+		sp_service = sp_service == "" ? s : cat(sp_service, ",", s);
+	c$conn$speculative_service = to_lower(sp_service);
+	}
diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.speculative-service/conn.log b/testing/btest/Baseline/scripts.policy.protocols.conn.speculative-service/conn.log
new file mode 100644
index 0000000000..ba0ed8ed25
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.speculative-service/conn.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2019-08-29-09-45-13
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents	speculative_service
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]	string
+1567010592.624680	CHhAvVGS1DHFjwGM9	127.0.0.1	37526	127.0.0.1	80	tcp	http	0.008395	61907	60478	SF	-	-	0	ShADadfF	10	62435	9	60954	-	http
+1567010639.143657	ClEkJM2Vm5giqnMf4h	127.0.0.1	60644	127.0.0.1	5000	tcp	-	0.015853	61917	60478	SF	-	-	0	ShADadfF	10	62445	9	60954	-	http
+#close	2019-08-29-09-45-13
diff --git a/testing/btest/Traces/http/http-post-large.pcap b/testing/btest/Traces/http/http-post-large.pcap
new file mode 100644
index 0000000000..8fd0e8df2d
Binary files /dev/null and b/testing/btest/Traces/http/http-post-large.pcap differ
diff --git a/testing/btest/scripts/policy/protocols/conn/speculative-service.zeek b/testing/btest/scripts/policy/protocols/conn/speculative-service.zeek
new file mode 100644
index 0000000000..558be50008
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/conn/speculative-service.zeek
@@ -0,0 +1,6 @@
+# A basic test of the speculative service detection
+
+# @TEST-EXEC: zeek -C -r $TRACES/http/http-post-large.pcap %INPUT
+# @TEST-EXEC: btest-diff conn.log
+
+@load protocols/conn/speculative-service