diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest
index e988dc48e..61e8f27eb 100644
--- a/net-analyzer/wireshark/Manifest
+++ b/net-analyzer/wireshark/Manifest
@@ -3,6 +3,8 @@ AUX wireshark-1.8-btbb.patch 3759 SHA256 348084d534a7c8ea49270b3fab42409d37a571e
 AUX wireshark-1.8.0-underlinking.patch 239 SHA256 63a0ecdd4b45e048c6f8a3f25c0fe0b7a827df8e7dc2167cc3ad51ab94b8eae7 SHA512 df34235187efc9c423acd2b0f14d7ff569db090566abfa8f343a6826afb246f6dbacf84af9d4903f3f2656ed832f8329ae4037536d7be1f18db8e36b1fb4c1c6 WHIRLPOOL 3fda73b9fa6cd6e22201a20f0e4331a610ea13f53a8b352f89f27e89e1a2b4edc16bededa6677892ec65b53c78dbc53ce051082824ddd7e1d823f0001e33faed
 DIST libbtbb-0.8.tar.gz 70407 SHA256 6ea1aff41be6deec765f10b1b9aba01a88ae0f1eae2d5f617ebd847da72f57dc SHA512 b30fc869eecf718abec1ea54371ecfe4e2b64d394a6c07e6bfdd39b8fc1927aeef55b3cb686b10e0ea0bde054648a7fff13a12bbb2d1a289327a4198854fdfb1 WHIRLPOOL 878c67f934d7f264b81e811ee033dab6e03011ebbed842473911653a95129f286d326a3bfb5e865eaec4400a426c4802555c7a0cb42af81efe65bcd34567a850
 DIST wireshark-1.8.0.tar.bz2 24425043 SHA256 4cb802f116bbdcfa71afbc842dbfacd8f96594f4b221cbb5616d5c17bc696a62 SHA512 bd2b476dda089d27aba73ae5d5974757ec0fd1f6047adecad9966366cacd6e0565a313be1f14f59e38011cd18331f7cf4aaca69228d9af1201866c5174bf41d4 WHIRLPOOL e1173052180ad8f5634395cbdf5fc57e0339870aedfe7173ea9af44cdf1ec4386cfb314f34c10a37c38aae0fa1808a2ae08d6ae5076d1c9b2d1cfdf319ab784f
+DIST wireshark-1.8.1.tar.bz2 24125571 SHA256 5966a3e23d34972eb35433ae8198fccf1945617f71b89c1af26dada9f342feb7 SHA512 fec2212ca6c0b50b84f0642160b4685c5aa9e06677b68fa1103dbbd7dd684bfdc00330b2444a8805169e9fc88866707cf2b0dee45207e7f91ac40f7bcefb6faa WHIRLPOOL 1343b68fd95cb55f6445e09f38cd1b8f9b93d5a05146ea8937609f9d97be4b1fb4a45ff68aaa1885fd753d889b81f31422b5a96517eb72fd72d29e24f90745b6
 EBUILD wireshark-1.8.0.ebuild 6647 SHA256 8ce90cc8a249e5e57c6826498e5b97fc04510e763a07c25676433c225dc4d7da SHA512 0730cc1d3376ad4e435ed12213ecdfba7de0f0bb2a8f4ba2b02be5ae10c98dcc555d5a66a5fda3d6157df24d66dd600bd46b18e69ad0d711c5aa590e57a05887 WHIRLPOOL 3a8701ac68bbe2d45fb97a9004fd905df70f89380388e21cc7491b503b6c1895743d6761f8de64936caff940eb94238f9f93b6ba1e658a2026e32e80ca703d1d
+EBUILD wireshark-1.8.1.ebuild 6601 SHA256 a054ea68e238bc68d4b8a45a58aa72049f257a0440d77b1b947d0aec912a2d35 SHA512 e2702b30e9d95175b8bcb6452fbaf30692ccf6284fe14630cbd8c62ddd2410db3416ae2f69a0e65f5952962213cc413af274b57bf5dd7c6262efa13824f56b40 WHIRLPOOL b60e04064f4fb1f0485e5f2f13ad40bc4155a45eb73e9fb5ca1ac78ee06b5bfbc3d78eeee2e22519d2035f018eae4232929136fddfcdc3a28629b8ebe9c9a0a4
 MISC ChangeLog 51787 SHA256 326a7534b56331374aa8f9d7f3400769c4a33bc9616ab1eb308b38ede4e94b22 SHA512 4fd2b3f0d893c0b4ddc5a0ef3011f4680dec458fe6fd8b191a950a8fe6c89b1c830a8b55255880b84d052e021f81049cf6b1873d7917d06cc82cc7b8a2a6b6b0 WHIRLPOOL 7a982e298109ec50dd3afdce9ffd2f0d787b634356cf49db757739adf3014b644b16d0092e9be7ba0fb8edfb369c602d039992e6142d5fae4a60a4589a6c1359
 MISC metadata.xml 2591 SHA256 d1e0f669c78c45324dfd09f28c90b53fff9b8f8fa3de3d9304ee2d4cb4573499 SHA512 7c71ea9f31fe9307c422a7fa0c83ac72ca177a5b3a56539d02cff63e9dbfc4938f000ef3ba454558aed3cea3f5932cc788dcc599c4ec1c0e2a736922376732eb WHIRLPOOL 0ac717e4ca0f949333f4d0cff85bd45257da3216a41cd35fcd74358c94067772910785371739995523fb92688318907f3e909261da240b3a4ad32ce51210af05
diff --git a/net-analyzer/wireshark/wireshark-1.8.1.ebuild b/net-analyzer/wireshark/wireshark-1.8.1.ebuild
new file mode 100644
index 000000000..5f7f105e7
--- /dev/null
+++ b/net-analyzer/wireshark/wireshark-1.8.1.ebuild
@@ -0,0 +1,223 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.8.0.ebuild,v 1.6 2012/07/09 19:39:21 zerochaos Exp $
+
+EAPI="4"
+PYTHON_DEPEND="python? 2"
+inherit autotools eutils flag-o-matic python toolchain-funcs user
+
+[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && MY_P=${PN}-${PV/_} || MY_P=${P}
+DESCRIPTION="A network protocol analyzer formerly known as ethereal"
+HOMEPAGE="http://www.wireshark.org/"
+BTBB="libbtbb-0.8"
+SRC_URI="http://www.wireshark.org/download/src/all-versions/${MY_P}.tar.bz2 \
+	mirror://sourceforge/libbtbb/${BTBB}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="adns ares btbb doc doc-pdf gtk ipv6 lua gcrypt geoip kerberos
+profile +pcap portaudio python +caps selinux smi ssl zlib"
+
+RDEPEND=">=dev-libs/glib-2.14:2
+	zlib? ( sys-libs/zlib
+		!=sys-libs/zlib-1.2.4 )
+	smi? ( net-libs/libsmi )
+	gtk? ( >=x11-libs/gtk+-2.4.0:2
+		x11-libs/pango
+		dev-libs/atk
+		x11-misc/xdg-utils )
+	ssl? ( <net-libs/gnutls-3 )
+	gcrypt? ( dev-libs/libgcrypt )
+	pcap? ( net-libs/libpcap )
+	caps? ( sys-libs/libcap )
+	kerberos? ( virtual/krb5 )
+	portaudio? ( media-libs/portaudio )
+	ares? ( >=net-dns/c-ares-1.5 )
+	!ares? ( adns? ( net-libs/adns ) )
+	geoip? ( dev-libs/geoip )
+	lua? ( >=dev-lang/lua-5.1 )
+	btbb? ( >=net-libs/libbtbb-0.8 )
+	selinux? ( sec-policy/selinux-wireshark )"
+
+DEPEND="${RDEPEND}
+	doc? ( dev-libs/libxslt
+		dev-libs/libxml2
+		app-doc/doxygen
+		doc-pdf? ( dev-java/fop ) )
+	virtual/pkgconfig
+	dev-lang/perl
+	sys-devel/bison
+	sys-apps/sed
+	sys-devel/flex
+	!!<net-analyzer/wireshark-1.8.0"
+
+S=${WORKDIR}/${MY_P}
+
+# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys
+# @FUNCTION: fcaps
+# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
+# @RETURN: 0 if all okay; non-zero if failure and fallback
+# @DESCRIPTION:
+# fcaps sets the specified capabilities in the effective and permitted set of
+# the given file. In case of failure fcaps sets the given file-mode.
+fcaps() {
+	local uid_gid=$1
+	local perms=$2
+	local capset=$3
+	local path=$4
+	local res
+
+	chmod $perms $path && \
+	chown $uid_gid $path
+	res=$?
+
+	use caps || return $res
+
+	#set the capability
+	setcap "$capset=ep" "$path" &> /dev/null
+	#check if the capabilitiy got set correctly
+	setcap -v "$capset=ep" "$path" &> /dev/null
+	res=$?
+
+	if [ $res -ne 0 ]; then
+		ewarn "Failed to set capabilities. Probable reason is missed kernel support."
+		ewarn "Kernel must have <FS>_FS_SECURITY enabled where <FS> is the filesystem"
+		ewarn "to store ${path} (e.g. EXT3_FS_SECURITY). For kernels version before"
+		ewarn "2.6.33_rc1 SECURITY_FILE_CAPABILITIES must be enabled as well."
+		ewarn
+		ewarn "Falling back to suid now..."
+		chmod u+s ${path}
+	fi
+	return $res
+}
+
+pkg_setup() {
+	if ! use gtk; then
+		ewarn "USE=-gtk disables gtk-based gui called wireshark."
+		ewarn "Only command line utils will be built available"
+	fi
+	if use python; then
+		python_set_active_version 2
+		python_pkg_setup
+	fi
+	# Add group for users allowed to sniff.
+	enewgroup wireshark
+}
+
+src_prepare() {
+	if use btbb; then
+		cp -r "${WORKDIR}/${BTBB}/wireshark/." "${S}/" || die
+		#epatch "${S}/${BTBB}/plugins/btbb/wireshark-1.8-btbb.patch"
+		epatch "${FILESDIR}/wireshark-1.8-btbb.patch"
+	fi
+	eautoreconf
+}
+
+src_configure() {
+	local myconf
+
+	if [[ $(gcc-major-version) -lt 3 ||
+		( $(gcc-major-version) -eq 3 &&
+			$(gcc-minor-version) -le 4 ) ]] ; then
+		die "Unsupported compiler version, please upgrade."
+	fi
+
+	if use ares && use adns; then
+		elog "You asked for both, ares and adns, but we can use only one of them."
+		elog "c-ares supersedes adns resolver thus using c-ares (ares USE flag)."
+		myconf="$(use_with ares c-ares) --without-adns"
+	else
+		myconf="$(use_with adns) $(use_with ares c-ares)"
+	fi
+
+	# profile and pie are incompatible #215806, #292991
+	if use profile; then
+		ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled."
+		ewarn "Also ignore \"unrecognized option '-nopie'\" gcc warning #358101."
+		append-flags $(test-flags-CC -nopie)
+	fi
+
+	# Workaround bug #213705. If krb5-config --libs has -lcrypto then pass
+	# --with-ssl to ./configure. (Mimics code from acinclude.m4).
+	if use kerberos; then
+		case `krb5-config --libs` in
+			*-lcrypto*)
+				ewarn "Kerberos was built with ssl support: linkage with openssl is enabled."
+				ewarn "Note there are annoying license incompatibilities between the OpenSSL"
+				ewarn "license and the GPL, so do your check before distributing such package."
+				myconf+=" --with-ssl"
+				;;
+		esac
+	fi
+
+	# Hack around inability to disable doxygen/fop doc generation
+	use doc || export ac_cv_prog_HAVE_DOXYGEN=false
+	use doc-pdf || export ac_cv_prog_HAVE_FOP=false
+
+	# dumpcap requires libcap, setuid-install requires dumpcap
+	econf $(use_enable gtk wireshark) \
+		$(use_enable profile profile-build) \
+		$(use_with ssl gnutls) \
+		$(use_with gcrypt) \
+		$(use_enable ipv6) \
+		$(use_with lua) \
+		$(use_with kerberos krb5) \
+		$(use_with smi libsmi) \
+		$(use_with zlib) \
+		$(use_with geoip) \
+		$(use_with portaudio) \
+		$(use_with python) \
+		$(use_with caps libcap) \
+		$(use_with pcap) \
+		$(use_with pcap dumpcap-group wireshark) \
+		$(use pcap && use_enable caps setcap-install) \
+		$(use pcap && use_enable !caps setuid-install) \
+		--sysconfdir="${EPREFIX}"/etc/wireshark \
+		--disable-extra-gcc-checks \
+		${myconf}
+}
+
+src_compile() {
+	default
+	use doc && emake -C docbook
+}
+
+src_install() {
+	default
+	if use doc; then
+		dohtml -r docbook/{release-notes.html,ws{d,u}g_html{,_chunked}}
+		if use doc-pdf; then
+			insinto /usr/share/doc/${PF}/pdf/
+			doins docbook/{{developer,user}-guide,release-notes}-{a4,us}.pdf
+		fi
+	fi
+
+	# FAQ is not required as is installed from help/faq.txt
+	dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} \
+		doc/{randpkt.txt,README*}
+
+	insinto /usr/include/wiretap
+	doins wiretap/wtap.h
+
+	if use gtk; then
+		for c in hi lo; do
+			for d in 16 32 48; do
+				insinto /usr/share/icons/${c}color/${d}x${d}/apps
+				newins image/${c}${d}-app-wireshark.png wireshark.png
+			done
+		done
+		domenu wireshark.desktop
+	fi
+	use pcap && chmod o-x "${ED}"/usr/bin/dumpcap #357237
+}
+
+pkg_postinst() {
+	if use caps && use pcap; then
+		fcaps 0:wireshark 550 cap_net_raw,cap_net_admin "${EROOT}"/usr/bin/dumpcap
+	fi
+	echo
+	ewarn "NOTE: To run wireshark as normal user you have to add yourself to"
+	ewarn "the wireshark group. This security measure ensures that only trusted"
+	ewarn "users are allowed to sniff your traffic."
+	echo
+}