diff --git a/tests/websockets/README.md b/tests/websockets/README.md
new file mode 100644
index 000000000..80bf96cd6
--- /dev/null
+++ b/tests/websockets/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Test websockets protocol
+
+## PCAP
+
+From the issue https://redmine.openinfosecfoundation.org/issues/2695
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/2695
diff --git a/tests/websockets/basic_websockets.pcap b/tests/websockets/basic_websockets.pcap
new file mode 100644
index 000000000..0f98f99ee
Binary files /dev/null and b/tests/websockets/basic_websockets.pcap differ
diff --git a/tests/websockets/test.rules b/tests/websockets/test.rules
new file mode 100644
index 000000000..a179f7fd9
--- /dev/null
+++ b/tests/websockets/test.rules
@@ -0,0 +1,2 @@
+alert websockets any any -> any any (msg:"header frame"; flow:established,to_server; frame:websockets.header; content:"|81 88|"; sid:1;)
+alert websockets any any -> any any (msg:"pdu frame"; flow:established,to_client; frame:websockets.pdu; content:"|81 15|version,hybi-draft-13"; sid:2;)
diff --git a/tests/websockets/test.yaml b/tests/websockets/test.yaml
new file mode 100644
index 000000000..a7580a835
--- /dev/null
+++ b/tests/websockets/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+- filter:
+    count: 3
+    match:
+      event_type: websockets
+      websockets.mask: true
+      websockets.opcode: text