diff --git a/scripts/base/protocols/socks/dpd.sig b/scripts/base/protocols/socks/dpd.sig
index 3dcd7a945a..808a8bb12a 100644
--- a/scripts/base/protocols/socks/dpd.sig
+++ b/scripts/base/protocols/socks/dpd.sig
@@ -40,9 +40,7 @@ signature dpd_socks5_server {
 	requires-reverse-signature dpd_socks5_client
 	# Watch for a single authentication method to be chosen by the server or
 	# the server to indicate the no authentication is required.
-	payload /^\x05(\x00|\x01[\x00\x01\x02])/
+	payload /^\x05[\x00\x01\x02\xff]/
 	tcp-state responder
 	enable "socks"
 }
-
-
diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.socks-auth-10080/conn.log.cut b/testing/btest/Baseline/scripts.base.protocols.socks.socks-auth-10080/conn.log.cut
new file mode 100644
index 0000000000..640346b6bc
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.socks-auth-10080/conn.log.cut
@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+id.orig_h	id.orig_p	id.resp_h	id.resp_p	service	history
+192.168.0.2	55951	192.168.0.1	10080	socks	ShADad
+192.168.0.1	55951	192.168.0.2	22	-	ShA
diff --git a/testing/btest/Baseline/scripts.base.protocols.socks.socks-auth-10080/socks.log.cut b/testing/btest/Baseline/scripts.base.protocols.socks.socks-auth-10080/socks.log.cut
new file mode 100644
index 0000000000..22eed48205
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.socks-auth-10080/socks.log.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	status	bound.host	bound.name	bound_p
+192.168.0.2	55951	192.168.0.1	10080	5	succeeded	192.168.0.1	-	55951
diff --git a/testing/btest/Traces/socks-auth-10080.pcap b/testing/btest/Traces/socks-auth-10080.pcap
new file mode 100644
index 0000000000..8720135223
Binary files /dev/null and b/testing/btest/Traces/socks-auth-10080.pcap differ
diff --git a/testing/btest/scripts/base/protocols/socks/socks-auth-10080.zeek b/testing/btest/scripts/base/protocols/socks/socks-auth-10080.zeek
new file mode 100644
index 0000000000..d272aed38e
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/socks/socks-auth-10080.zeek
@@ -0,0 +1,11 @@
+# @TEST-DOC: Socks V5 over a non-standard port.
+
+# @TEST-EXEC: zeek -r $TRACES/socks-auth-10080.pcap %INPUT
+# @TEST-EXEC: zeek-cut -m id.orig_h id.orig_p id.resp_h id.resp_p service history < conn.log > conn.log.cut
+# @TEST-EXEC: zeek-cut -m id.orig_h id.orig_p id.resp_h id.resp_p version status bound.host bound.name bound_p < socks.log > socks.log.cut
+# @TEST-EXEC: btest-diff conn.log.cut
+# @TEST-EXEC: btest-diff socks.log.cut
+
+@load base/protocols/socks
+
+redef SOCKS::default_capture_password = T;