diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek
index b408586873..b89aa00f4c 100644
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@@ -5355,7 +5355,7 @@ export {
         ## A numeric identifier, which can be found in the packet data, that denotes the
         ## encapsulated protocol. This field is optional. If it is not included, the
         ## configured child analyzer will be used as default analyzer.
-        identifier : count &optional;
+        identifier : count;
 
         ## The analyzer that corresponds to the above identifier.
         analyzer : PacketAnalyzer::Tag;
diff --git a/scripts/base/packet-protocols/__load__.zeek b/scripts/base/packet-protocols/__load__.zeek
index 0edfce8a76..572b1a0c0c 100644
--- a/scripts/base/packet-protocols/__load__.zeek
+++ b/scripts/base/packet-protocols/__load__.zeek
@@ -1,3 +1,4 @@
+@load base/packet-protocols/root
 @load base/packet-protocols/ip
 @load base/packet-protocols/skip
 @load base/packet-protocols/ethernet
diff --git a/scripts/base/packet-protocols/ethernet/main.zeek b/scripts/base/packet-protocols/ethernet/main.zeek
index 170e4a7d6e..6723556708 100644
--- a/scripts/base/packet-protocols/ethernet/main.zeek
+++ b/scripts/base/packet-protocols/ethernet/main.zeek
@@ -1,6 +1,9 @@
-module PacketAnalyzer::Ethernet;
+module PacketAnalyzer::ETHERNET;
 
 export {
+	## Default analyzer
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+
 	## IEEE 802.2 SNAP analyzer
 	const snap_analyzer: PacketAnalyzer::Tag &redef;
 	## Novell raw IEEE 802.3 analyzer
@@ -22,5 +25,4 @@ redef PacketAnalyzer::config_map += {
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x9100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE),
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $analyzer=PacketAnalyzer::ANALYZER_IP)
 };
diff --git a/scripts/base/packet-protocols/fddi/main.zeek b/scripts/base/packet-protocols/fddi/main.zeek
index 10d885ee84..30ab05331f 100644
--- a/scripts/base/packet-protocols/fddi/main.zeek
+++ b/scripts/base/packet-protocols/fddi/main.zeek
@@ -1,8 +1,12 @@
 module PacketAnalyzer::FDDI;
 
+export {
+	## Default analyzer
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+}
+
 const DLT_FDDI : count = 10;
 
 redef PacketAnalyzer::config_map += {
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI),
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_FDDI, $analyzer=PacketAnalyzer::ANALYZER_IP)
 };
diff --git a/scripts/base/packet-protocols/ip/main.zeek b/scripts/base/packet-protocols/ip/main.zeek
index 6731bddb29..c7884db588 100644
--- a/scripts/base/packet-protocols/ip/main.zeek
+++ b/scripts/base/packet-protocols/ip/main.zeek
@@ -1,7 +1,6 @@
 module PacketAnalyzer::IP;
 
 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $analyzer=PacketAnalyzer::ANALYZER_IP),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IP, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IP, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
 };
diff --git a/scripts/base/packet-protocols/mpls/main.zeek b/scripts/base/packet-protocols/mpls/main.zeek
index 6fcf4b5777..a597ceea0b 100644
--- a/scripts/base/packet-protocols/mpls/main.zeek
+++ b/scripts/base/packet-protocols/mpls/main.zeek
@@ -1,5 +1,6 @@
 module PacketAnalyzer::MPLS;
 
-redef PacketAnalyzer::config_map += {
-   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_MPLS, $analyzer=PacketAnalyzer::ANALYZER_IP)
-};
+export {
+	## Default analyzer
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+}
diff --git a/scripts/base/packet-protocols/root/__load__.zeek b/scripts/base/packet-protocols/root/__load__.zeek
new file mode 100644
index 0000000000..d551be57d3
--- /dev/null
+++ b/scripts/base/packet-protocols/root/__load__.zeek
@@ -0,0 +1 @@
+@load ./main
\ No newline at end of file
diff --git a/scripts/base/packet-protocols/root/main.zeek b/scripts/base/packet-protocols/root/main.zeek
new file mode 100644
index 0000000000..09edcc97b4
--- /dev/null
+++ b/scripts/base/packet-protocols/root/main.zeek
@@ -0,0 +1,6 @@
+module PacketAnalyzer::ROOT;
+
+export {
+	## Default analyzer (if we don't know the link type, we assume raw IP)
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+}
diff --git a/scripts/base/packet-protocols/skip/main.zeek b/scripts/base/packet-protocols/skip/main.zeek
index 8ea2a951f4..f18050ce83 100644
--- a/scripts/base/packet-protocols/skip/main.zeek
+++ b/scripts/base/packet-protocols/skip/main.zeek
@@ -1,10 +1,9 @@
-module PacketAnalyzer::SkipAnalyzer;
+module PacketAnalyzer::SKIP;
 
 export {
+	## Default analyzer
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+
 	## Bytes to skip.
 	const skip_bytes: count = 0 &redef;
 }
-
-redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_SKIP, $analyzer=PacketAnalyzer::ANALYZER_IP)
-};
diff --git a/src/packet_analysis/Analyzer.cc b/src/packet_analysis/Analyzer.cc
index bec54918eb..12b446738f 100644
--- a/src/packet_analysis/Analyzer.cc
+++ b/src/packet_analysis/Analyzer.cc
@@ -2,6 +2,7 @@
 
 #include "Analyzer.h"
 
+#include "Dict.h"
 #include "DebugLogger.h"
 
 namespace zeek::packet_analysis {
@@ -26,6 +27,26 @@ void Analyzer::Init(const Tag& _tag)
 	tag = _tag;
 	}
 
+void Analyzer::Initialize()
+	{
+	std::string ns = util::fmt("PacketAnalyzer::%s::", GetAnalyzerName());
+
+	default_analyzer = LoadAnalyzer(ns +"default_analyzer");
+	}
+
+zeek::packet_analysis::AnalyzerPtr Analyzer::LoadAnalyzer(const std::string &name)
+	{
+	auto& analyzer = zeek::id::find(name);
+	if ( ! analyzer )
+		return nullptr;
+
+	auto& analyzer_val = analyzer->GetVal();
+	if ( ! analyzer_val )
+		return nullptr;
+
+	return packet_mgr->GetAnalyzer(analyzer_val->AsEnumVal());
+	}
+
 const Tag Analyzer::GetAnalyzerTag() const
 	{
 	assert(tag);
diff --git a/src/packet_analysis/Analyzer.h b/src/packet_analysis/Analyzer.h
index e2ae7e76f4..8331784954 100644
--- a/src/packet_analysis/Analyzer.h
+++ b/src/packet_analysis/Analyzer.h
@@ -37,8 +37,10 @@ public:
 	 * Initialize the analyzer. This method is called after the configuration
 	 * was read. Derived classes can override this method to implement custom
 	 * initialization.
+	 * When overriding this methods, always make sure to call the base-class
+	 * version to ensure proper initialization.
 	 */
-	virtual void Initialize() { };
+	virtual void Initialize();
 
 	/**
 	 * Returns the tag associated with the analyzer's type.
@@ -109,6 +111,14 @@ protected:
 	 */
 	AnalyzerPtr Lookup(uint32_t identifier) const;
 
+	/**
+	 * Returns an analyzer based on a script-land definition.
+	 *
+	 * @param name The script-land identifier for a PacketAnalyzer::Tag value.
+	 * @return The defined analyzer if available, else nullptr.
+	 */
+	AnalyzerPtr LoadAnalyzer(const std::string& name);
+
 	/**
 	 * Triggers analysis of the encapsulated packet. The encapsulated protocol
 	 * is determined using the given identifier.
diff --git a/src/packet_analysis/protocol/ethernet/Ethernet.cc b/src/packet_analysis/protocol/ethernet/Ethernet.cc
index cec9d90288..998eb3498f 100644
--- a/src/packet_analysis/protocol/ethernet/Ethernet.cc
+++ b/src/packet_analysis/protocol/ethernet/Ethernet.cc
@@ -13,24 +13,13 @@ EthernetAnalyzer::EthernetAnalyzer()
 
 void EthernetAnalyzer::Initialize()
 	{
+	Analyzer::Initialize();
+
 	SNAPAnalyzer = LoadAnalyzer("PacketAnalyzer::Ethernet::snap_analyzer");
 	NovellRawAnalyzer = LoadAnalyzer("PacketAnalyzer::Ethernet::novell_raw_analyzer");
 	LLCAnalyzer = LoadAnalyzer("PacketAnalyzer::Ethernet::llc_analyzer");
 	}
 
-zeek::packet_analysis::AnalyzerPtr EthernetAnalyzer::LoadAnalyzer(const std::string &name)
-	{
-	auto& analyzer = zeek::id::find(name);
-	if ( ! analyzer )
-		return nullptr;
-
-	auto& analyzer_val = analyzer->GetVal();
-	if ( ! analyzer_val )
-		return nullptr;
-
-	return packet_mgr->GetAnalyzer(analyzer_val->AsEnumVal());
-	}
-
 bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	{
 	// Make sure that we actually got an entire ethernet header before trying
diff --git a/src/packet_analysis/protocol/ethernet/Ethernet.h b/src/packet_analysis/protocol/ethernet/Ethernet.h
index eef3741a1f..ea003d27ab 100644
--- a/src/packet_analysis/protocol/ethernet/Ethernet.h
+++ b/src/packet_analysis/protocol/ethernet/Ethernet.h
@@ -24,8 +24,6 @@ private:
 	AnalyzerPtr SNAPAnalyzer = nullptr;
 	AnalyzerPtr NovellRawAnalyzer = nullptr;
 	AnalyzerPtr LLCAnalyzer = nullptr;
-
-	AnalyzerPtr LoadAnalyzer(const std::string& name);
 };
 
 }
diff --git a/src/packet_analysis/protocol/skip/Skip.cc b/src/packet_analysis/protocol/skip/Skip.cc
index 8b8ee4974f..bb2a71330a 100644
--- a/src/packet_analysis/protocol/skip/Skip.cc
+++ b/src/packet_analysis/protocol/skip/Skip.cc
@@ -12,7 +12,9 @@ SkipAnalyzer::SkipAnalyzer()
 
 void SkipAnalyzer::Initialize()
 	{
-	auto& skip_val = zeek::id::find_val("PacketAnalyzer::SkipAnalyzer::skip_bytes");
+	Analyzer::Initialize();
+
+	auto& skip_val = zeek::id::find_val("PacketAnalyzer::SKIP::skip_bytes");
 	if ( ! skip_val )
 		return;
 
diff --git a/testing/btest/core/skip_analyzer.zeek b/testing/btest/core/skip_analyzer.zeek
index ed0b6d587f..9a152a9d4c 100644
--- a/testing/btest/core/skip_analyzer.zeek
+++ b/testing/btest/core/skip_analyzer.zeek
@@ -11,4 +11,4 @@ redef PacketAnalyzer::config_map += {
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=1, $analyzer=PacketAnalyzer::ANALYZER_SKIP)
 };
 
-redef PacketAnalyzer::SkipAnalyzer::skip_bytes: count = 38;
+redef PacketAnalyzer::SKIP::skip_bytes: count = 38;