diff --git a/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek b/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek
new file mode 100644
index 0000000000..05d27c5fef
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek
@@ -0,0 +1,25 @@
+# @TEST-EXEC: zeek -r $TRACES/rdp/rdpeudp2-handshake-success.pcap %INPUT >out
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff out
+
+@load base/protocols/rdp
+
+event rdpeudp_syn(c: connection)
+	{
+	print "rdpeudp_syn", c$id;
+	}
+
+event rdpeudp_synack(c: connection)
+	{
+	print "rdpeudp_synack", c$id;
+	}
+
+event rdpeudp_established(c: connection, version: count)
+	{
+	print "rdpeudp_established", c$id, version;
+	}
+
+event rdpeudp_data(c: connection, is_orig: bool, version: count, data: string)
+	{
+	print fmt("rdpeudp_data is_orig: %s, version %d, data: %s", is_orig, version, data);
+	}