diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.auth/mysql.log b/testing/btest/Baseline/scripts.base.protocols.mysql.auth/mysql.log
index 0a3bce1d21..536ac3aaac 100644
--- a/testing/btest/Baseline/scripts.base.protocols.mysql.auth/mysql.log
+++ b/testing/btest/Baseline/scripts.base.protocols.mysql.auth/mysql.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	mysql
-#open	2014-09-05-02-57-27
+#open	2014-09-05-03-02-01
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	cmd	arg	result	response
 #types	time	string	addr	port	addr	port	string	string	string	string
 1362452327.618353	CsRx2w45OKnoww6xl4	192.168.1.3	55845	192.168.1.8	3306	login	root_nope	error	Access denied for user 'root_nope'@'lumberjack.home' (using password: NO)
@@ -18,4 +18,4 @@
 1362452372.452858	Che1bq3i2rO3KD1Syg	192.168.1.3	55865	192.168.1.8	3306	login	root	ok	Affected rows: 0
 1362452372.454995	Che1bq3i2rO3KD1Syg	192.168.1.3	55865	192.168.1.8	3306	query	select @@version_comment limit 1	ok	Affected rows: 1
 1362452372.991997	Che1bq3i2rO3KD1Syg	192.168.1.3	55865	192.168.1.8	3306	quit	(empty)	-	-
-#close	2014-09-05-02-57-27
+#close	2014-09-05-03-02-01
diff --git a/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/mysql.log b/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/mysql.log
new file mode 100644
index 0000000000..7baf2954ae
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.mysql.wireshark/mysql.log
@@ -0,0 +1,27 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	mysql
+#open	2014-09-05-03-02-01
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	cmd	arg	result	response
+#types	time	string	addr	port	addr	port	string	string	string	string
+1216281025.136728	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	login	tfoerste	ok	Affected rows: 0
+1216281025.137062	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	select @@version_comment limit 1	ok	Affected rows: 1
+1216281030.835001	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	SELECT DATABASE()	ok	Affected rows: 1
+1216281030.835395	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	init_db	test	ok	Affected rows: 0
+1216281030.835742	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	show databases	ok	Affected rows: 1
+1216281030.836349	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	show tables	ok	Affected rows: 1
+1216281030.836757	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	field_list	agent	ok	Affected rows: 3
+1216281048.287657	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	create table foo (id BIGINT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, animal VARCHAR(64) NOT NULL, name VARCHAR(64) NULL DEFAULT NULL) ENGINE = MYISAM	ok	Affected rows: 0
+1216281057.746222	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	insert into foo (animal, name) values ("dog", "Goofy")	ok	Affected rows: 1
+1216281061.713980	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	insert into foo (animal, name) values ("cat", "Garfield")	ok	Affected rows: 1
+1216281066.549786	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	select * from foo	ok	Affected rows: 3
+1216281072.304467	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	delete from foo where name like '%oo%'	ok	Affected rows: 1
+1216281079.450037	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	delete from foo where id = 1	ok	Affected rows: 0
+1216281087.437392	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	select count(*) from foo	ok	Affected rows: 1
+1216281109.107769	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	select * from foo	ok	Affected rows: 3
+1216281116.209268	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	delete from foo	ok	Affected rows: 1
+1216281122.880561	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	query	drop table foo	ok	Affected rows: 0
+1216281124.418765	CXWv6p3arKYeMETxOg	192.168.0.254	56162	192.168.0.254	3306	quit	(empty)	-	-
+#close	2014-09-05-03-02-01
diff --git a/testing/btest/Traces/mysql/mysql.trace b/testing/btest/Traces/mysql/mysql.trace
index bfc4d794db..59ae3641e3 100644
Binary files a/testing/btest/Traces/mysql/mysql.trace and b/testing/btest/Traces/mysql/mysql.trace differ
diff --git a/testing/btest/scripts/base/protocols/mysql/wireshark.test b/testing/btest/scripts/base/protocols/mysql/wireshark.test
new file mode 100644
index 0000000000..64f4aacdda
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/mysql/wireshark.test
@@ -0,0 +1,6 @@
+# This tests a PCAP with a few MySQL commands from the Wireshark samples.
+
+# @TEST-EXEC: bro -b -r $TRACES/mysql/mysql.trace %INPUT
+# @TEST-EXEC: btest-diff mysql.log
+
+@load base/protocols/mysql
\ No newline at end of file