diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest
new file mode 100644
index 0000000..b4db148
--- /dev/null
+++ b/net-analyzer/wireshark/Manifest
@@ -0,0 +1,7 @@
+AUX README.gentoo 188 BLAKE2B 1734362317f1c09b63ebb946961a3f31e5b785787ac3c4e026d71c95c14367f4f3df752706e0d04e14792c95c33c3829eea704806b3b14a96339819f8c2ad4f7 SHA512 92811e9bb6df95d87058e6b77ed09dd086db922721b71ea87af0fdfcc44e2585ef28cf264095d8645a9b5bb60a3990b21376f892305debac19a3f01518918959
+AUX release-notes.html 153 BLAKE2B 5b211857ba0be0d40d218f4bea1fabf7a6034b1219d08307ec958684d194898ef96ef152e8996fe1e4b89acf36faaf3d094763244983372ca8a3a0a47942c5f0 SHA512 056da005da67fa1e7ae76bc2243b63b08ccefd437e24d32a2794ac051d9869b83961f5eaeab1838c92a1a46af7417b6d31d7a7f993717a919cf9f38a57f037fc
+AUX wireshark-4.2.8-cares.patch 1934 BLAKE2B b39c1f5e67a693be7fa880316ceb8131f961135f7243a1a5af725dfbeb8a39fb1371b3cb3afa624891ef9a1d3f1d657ff4b610678d314b4b47e891da97822837 SHA512 b32cb0135a967c34882e1e272ecc4f25c79ea1c1d7d35b55012c5a95c5e8899ae747ac23f8fab818f61611ad9cea5f7b44be73f233111b733c8d1f718d245cb4
+DIST wireshark-4.2.9-signatures.txt 2706 BLAKE2B 5f1f30a8fce3c967cab165667a4f27bc1a8e425d41d6df42f91a1249bc3934e8fbae29f0e13e53f7f821e1b1b4420564b482e882cfaef66d5f05c5a54bdaa0b8 SHA512 9a259c8e1a9f7308348bf8c45023d9c6d3a6e51f05c89c500c4232267b4d13f8fd18803e78ed45646c73c66769f13bdaf7f071df98e92d2d63c432d176a946eb
+DIST wireshark-4.2.9.tar.xz 45045592 BLAKE2B 3e39f6c9e606b818abaab8339906c17c50c1a675583725bd4cdd4530f95054cb5d7679f4e022ac5dd2eedb84d08b528be75b5d0f715f1f710393254840b7bb58 SHA512 6ad9318549ab60794c967a071a267e9642e97bb52289570e36c8221e6e160bafb346f789ad879ae1a87c0789ce3352b6a795a5a2ccf723891615a0b8c62eb668
+EBUILD wireshark-4.2.9.ebuild 8816 BLAKE2B 99d4e19395d20eb2e7a0094157fe2f05ee0f72972c8e0e5e914d92cd865783c183359290cd5b5ec33a9ae8da3cccd123b31ce7c0fe6c5d621f3473bcae3541c2 SHA512 741aa0e5704d04816254e7b5e6d5f4b1156b9e438bbe888f43aa957ec7a313c82782b09e8e29b3db209a87ab16d01c68bb634b41157ad1becb3d3a2af5abf766
+MISC metadata.xml 5352 BLAKE2B 319ae9385ccf49cf52abdc3bb2292a6181f8bad974eecb1863b69dc248e8e1b17d95de5c7267e4e70ee28809bffc82a13f06de3e7d15541d32e2e2ab7ada638f SHA512 15580364ef3f86e9d4020c8b7e2e765a2be97742dc398d11697b87e15085e1a95e951d0200eea71484fb8d124d54b86da8542921c0b8f29d064a26681192d919
diff --git a/net-analyzer/wireshark/files/README.gentoo b/net-analyzer/wireshark/files/README.gentoo
new file mode 100644
index 0000000..a26d2c4
--- /dev/null
+++ b/net-analyzer/wireshark/files/README.gentoo
@@ -0,0 +1,3 @@
+NOTE: To capture traffic with wireshark as normal user you have to
+add yourself to the pcap group. This security measure ensures
+that only trusted users are allowed to sniff your traffic.
diff --git a/net-analyzer/wireshark/files/release-notes.html b/net-analyzer/wireshark/files/release-notes.html
new file mode 100644
index 0000000..fae4810
--- /dev/null
+++ b/net-analyzer/wireshark/files/release-notes.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="refresh" content="0; url='https://www.wireshark.org/docs/relnotes/#VERSION#'" />
+  </head>
+</html>
diff --git a/net-analyzer/wireshark/files/wireshark-4.2.8-cares.patch b/net-analyzer/wireshark/files/wireshark-4.2.8-cares.patch
new file mode 100644
index 0000000..d177bcf
--- /dev/null
+++ b/net-analyzer/wireshark/files/wireshark-4.2.8-cares.patch
@@ -0,0 +1,48 @@
+https://gitlab.com/wireshark/wireshark/-/commit/d27714d748d9f291784fda3e848603ae19a99256
+
+From d27714d748d9f291784fda3e848603ae19a99256 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Thu, 10 Oct 2024 23:15:35 +0000
+Subject: [PATCH] CMake: Fix our c-ares version discovery
+
+c-ares 1.34.0 and later generate ARES_VERSION_STR using a macro, so
+fetch the version from ARES_VERSION_MAJOR, ARES_VERSION_MINOR, and
+ARES_VERSION_PATCH.
+
+Fixes #20125
+
+
+(cherry picked from commit 7c1418625d2ba5095ef5393abdb2141c990a662c)
+
+Co-authored-by: Gerald Combs <gerald@wireshark.org>
+--- a/cmake/modules/FindCARES.cmake
++++ b/cmake/modules/FindCARES.cmake
+@@ -36,11 +36,22 @@ find_library( CARES_LIBRARY
+ )
+ 
+ # Try to retrieve version from header if found
++# Adapted from https://stackoverflow.com/a/47084079/82195
+ if(CARES_INCLUDE_DIR)
+-  set(_version_regex "^#define[ \t]+ARES_VERSION_STR[ \t]+\"([^\"]+)\".*")
+-  file(STRINGS "${CARES_INCLUDE_DIR}/ares_version.h" CARES_VERSION REGEX "${_version_regex}")
+-  string(REGEX REPLACE "${_version_regex}" "\\1" CARES_VERSION "${CARES_VERSION}")
+-  unset(_version_regex)
++  file(READ "${CARES_INCLUDE_DIR}/ares_version.h" _ares_version_h)
++
++  string(REGEX MATCH "#[\t ]*define[ \t]+ARES_VERSION_MAJOR[ \t]+([0-9]+)" _ ${_ares_version_h})
++  set(_ares_version_major ${CMAKE_MATCH_1})
++  string(REGEX MATCH "#[\t ]*define[ \t]+ARES_VERSION_MINOR[ \t]+([0-9]+)" _ ${_ares_version_h})
++  set(_ares_version_minor ${CMAKE_MATCH_1})
++  string(REGEX MATCH "#[\t ]*define[ \t]+ARES_VERSION_PATCH[ \t]+([0-9]+)" _ ${_ares_version_h})
++  set(_ares_version_patch ${CMAKE_MATCH_1})
++  set(CARES_VERSION ${_ares_version_major}.${_ares_version_minor}.${_ares_version_patch})
++
++  unset(_ares_version_h)
++  unset(_ares_version_major)
++  unset(_ares_version_minor)
++  unset(_ares_version_patch)
+ endif()
+ 
+ # handle the QUIETLY and REQUIRED arguments and set CARES_FOUND to TRUE if
+-- 
+GitLab
diff --git a/net-analyzer/wireshark/metadata.xml b/net-analyzer/wireshark/metadata.xml
new file mode 100644
index 0000000..50ce497
--- /dev/null
+++ b/net-analyzer/wireshark/metadata.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>sam@gentoo.org</email>
+		<name>Sam James</name>
+	</maintainer>
+	<longdescription>
+		Wireshark is the world's foremost network protocol analyzer, and is the de
+		facto (and often de jure) standard across many industries and educational
+		institutions. Wireshark has a rich feature set which includes 1) deep
+		inspection of hundreds of protocols, with more being added all the time, 2)
+		live capture and offline analysis, 3) standard three-pane packet browser, 4)
+		captured network data can be browsed via a GUI, or via the TTY-mode TShark
+		utility, 5) the most powerful display filters in the industry, 6) rich VoIP
+		analysis, 7) read/write many different capture file formats: tcpdump (libpcap),
+		Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network
+		General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®,
+		Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer,
+		Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime,
+		WildPackets EtherPeek/TokenPeek/AiroPeek, and many others, 8) capture files
+		compressed with gzip can be decompressed on the fly, 9) live data can be read
+		from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame
+		Relay, FDDI, and others, 10) decryption support for many protocols, including
+		IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2, 11) coloring rules
+		can be applied to the packet list for quick, intuitive analysis, 12) output can
+		be exported to XML, PostScript®, CSV, or plain text.
+	</longdescription>
+	<use>
+		<flag name="androiddump">Install androiddump, an extcap interface to capture from Android devices</flag>
+		<flag name="bcg729">Use <pkg>media-libs/bcg729</pkg> for G.729 codec support in RTP Player</flag>
+		<flag name="capinfos">Install capinfos, to print information about capture files</flag>
+		<flag name="captype">Install captype, to print the file types of capture files</flag>
+		<flag name="ciscodump">Install ciscodump, extcap interface to capture from a remote Cisco router</flag>
+		<flag name="dftest">Install dftest, to display filter byte-code, for debugging dfilter routines</flag>
+		<flag name="dpauxmon">Install dpauxmon, an external capture interface (extcap) that captures DisplayPort AUX channel data from linux kernel drivers</flag>
+		<flag name="dumpcap">Install dumpcap, to dump network traffic from inside wireshark</flag>
+		<flag name="editcap">Install editcap, to edit and/or translate the format of capture files</flag>
+		<flag name="http3">Install <pkg>net-libs/nghttp3</pkg> for enhanced HTTP3 analysis</flag>
+		<flag name="ilbc">Build with iLBC support in RTP Player using <pkg>media-libs/libilbc</pkg></flag>
+		<flag name="libxml2">Use <pkg>dev-libs/libxml2</pkg> for handling XML configuration in dissectors</flag>
+		<flag name="maxminddb">Use <pkg>dev-libs/libmaxminddb</pkg> for IP address geolocation</flag>
+		<flag name="mergecap">Install mergecap, to merge two or more capture files into one</flag>
+		<flag name="minizip">Build with zip file compression support</flag>
+		<flag name="netlink">Use <pkg>dev-libs/libnl</pkg></flag>
+		<flag name="pcap">Use <pkg>net-libs/libpcap</pkg> for network packet capturing (build dumpcap, rawshark)</flag>
+		<flag name="plugins">Install plugins</flag>
+		<flag name="qt6">Build with Qt6 support instead of the default Qt5 for GUI support</flag>
+		<flag name="randpkt">Install randpkt, a utility for creating pcap trace files full of random packets</flag>
+		<flag name="randpktdump">Install randpktdump, an extcap interface to provide access to the random packet generator (randpkt)</flag>
+		<flag name="reordercap">Install reordercap, to reorder input file by timestamp into output file</flag>
+		<flag name="sbc">Use <pkg>media-libs/sbc</pkg> for playing back SBC encoded packets</flag>
+		<flag name="sdjournal">Install sdjournal, an extcap that captures systemd journal entries</flag>
+		<flag name="sharkd">Install sharkd, the daemon variant of wireshark</flag>
+		<flag name="smi">Use <pkg>net-libs/libsmi</pkg> to resolve numeric OIDs into human readable format</flag>
+		<flag name="spandsp">Use <pkg>media-libs/spandsp</pkg> for for G.722 and G.726 codec support in the RTP Player</flag>
+		<flag name="sshdump">Install sshdump, an extcap interface to capture from a remote host through SSH</flag>
+		<flag name="text2pcap">Install text2pcap, to generate a capture file from an ASCII hexdump of packets</flag>
+		<flag name="tfshark">Install tfshark, a terminal-based version of the FileShark capability</flag>
+		<flag name="tshark">Install tshark, to dump and analyzer network traffic from the command line</flag>
+		<flag name="udpdump">Install udpdump, to get packets exported from a source (like a network device or a GSMTAP producer) that are dumped to a pcap file</flag>
+		<flag name="wifi">Install wifidump, to dump and analyse 802.11 traffic</flag>
+	</use>
+	<upstream>
+		<changelog>https://www.wireshark.org/news/</changelog>
+		<remote-id type="github">wireshark/wireshark</remote-id>
+		<remote-id type="gitlab">wireshark/wireshark</remote-id>
+		<remote-id type="cpe">cpe:/a:wireshark:wireshark</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/net-analyzer/wireshark/wireshark-4.2.9.ebuild b/net-analyzer/wireshark/wireshark-4.2.9.ebuild
new file mode 100644
index 0000000..f0c589e
--- /dev/null
+++ b/net-analyzer/wireshark/wireshark-4.2.9.ebuild
@@ -0,0 +1,346 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( lua5-{1..2} )
+# TODO: check cmake/modules/UseAsn2Wrs.cmake for 3.12
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit fcaps flag-o-matic lua-single python-any-r1 qmake-utils xdg cmake
+
+DESCRIPTION="Network protocol analyzer (sniffer)"
+HOMEPAGE="https://www.wireshark.org/"
+
+if [[ ${PV} == *9999* ]] ; then
+	EGIT_REPO_URI="https://gitlab.com/wireshark/wireshark"
+	inherit git-r3
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/wireshark.asc
+	inherit verify-sig
+
+	SRC_URI="https://www.wireshark.org/download/src/all-versions/${P/_/}.tar.xz"
+	SRC_URI+=" verify-sig? ( https://www.wireshark.org/download/SIGNATURES-${PV}.txt -> ${P}-signatures.txt )"
+	S="${WORKDIR}/${P/_/}"
+
+	if [[ ${PV} != *_rc* ]] ; then
+		KEYWORDS="amd64 ~arm arm64 ~hppa ~loong ppc64 ~riscv x86"
+	fi
+fi
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+IUSE="androiddump bcg729 brotli +capinfos +captype ciscodump +dftest doc dpauxmon"
+IUSE+=" +dumpcap +editcap +gui http2 http3 ilbc kerberos libxml2 lua lz4 maxminddb"
+IUSE+=" +mergecap +minizip +netlink opus +plugins +pcap qt6 +randpkt"
+IUSE+=" +randpktdump +reordercap sbc selinux +sharkd smi snappy spandsp sshdump ssl"
+IUSE+=" sdjournal test +text2pcap tfshark +tshark +udpdump wifi zlib +zstd"
+
+REQUIRED_USE="
+	lua? ( ${LUA_REQUIRED_USE} )
+"
+
+RESTRICT="!test? ( test )"
+
+# bug #753062 for speexdsp
+RDEPEND="
+	acct-group/pcap
+	>=dev-libs/glib-2.50.0:2
+	dev-libs/libpcre2
+	>=net-dns/c-ares-1.13.0:=
+	>=dev-libs/libgcrypt-1.8.0:=
+	media-libs/speexdsp
+	bcg729? ( media-libs/bcg729 )
+	brotli? ( app-arch/brotli:= )
+	ciscodump? ( >=net-libs/libssh-0.6:= )
+	filecaps? ( sys-libs/libcap )
+	http2? ( >=net-libs/nghttp2-1.11.0:= )
+	http3? ( net-libs/nghttp3 )
+	ilbc? ( media-libs/libilbc:= )
+	kerberos? ( virtual/krb5 )
+	libxml2? ( dev-libs/libxml2 )
+	lua? ( ${LUA_DEPS} )
+	lz4? ( app-arch/lz4:= )
+	maxminddb? ( dev-libs/libmaxminddb:= )
+	minizip? ( sys-libs/zlib[minizip] )
+	netlink? ( dev-libs/libnl:3 )
+	opus? ( media-libs/opus )
+	pcap? ( net-libs/libpcap )
+	gui? (
+		x11-misc/xdg-utils
+		qt6? (
+			dev-qt/qtbase:6[concurrent,dbus,gui,widgets]
+			dev-qt/qt5compat:6
+			dev-qt/qtmultimedia:6
+		)
+		!qt6? (
+			dev-qt/qtcore:5
+			dev-qt/qtconcurrent:5
+			dev-qt/qtgui:5
+			dev-qt/qtmultimedia:5
+			dev-qt/qtprintsupport:5
+			dev-qt/qtwidgets:5
+		)
+	)
+	sbc? ( media-libs/sbc )
+	sdjournal? ( sys-apps/systemd:= )
+	smi? ( net-libs/libsmi )
+	snappy? ( app-arch/snappy:= )
+	spandsp? ( media-libs/spandsp:= )
+	sshdump? ( >=net-libs/libssh-0.6:= )
+	ssl? ( >=net-libs/gnutls-3.5.8:= )
+	wifi? ( >=net-libs/libssh-0.6:= )
+	zlib? ( sys-libs/zlib )
+	zstd? ( app-arch/zstd:= )
+"
+DEPEND="
+	${RDEPEND}
+	gui? (
+		!qt6? (
+			dev-qt/qtdeclarative:5
+		)
+	)
+"
+# TODO: 4.0.0_rc1 release notes say:
+# "Perl is no longer required to build Wireshark, but may be required to build some source code files and run code analysis checks."
+BDEPEND="
+	${PYTHON_DEPS}
+	dev-lang/perl
+	app-alternatives/lex
+	sys-devel/gettext
+	virtual/pkgconfig
+	doc? (
+		app-text/doxygen
+		dev-ruby/asciidoctor
+		dev-libs/libxslt
+	)
+	gui? (
+		qt6? (
+			dev-qt/qttools:6[linguist]
+		)
+		!qt6? (
+			dev-qt/linguist-tools:5
+		)
+	)
+	test? (
+		$(python_gen_any_dep '
+			dev-python/pytest[${PYTHON_USEDEP}]
+			dev-python/pytest-xdist[${PYTHON_USEDEP}]
+		')
+	)
+"
+RDEPEND="
+	${RDEPEND}
+	gui? ( virtual/freedesktop-icon-theme )
+	selinux? ( sec-policy/selinux-wireshark )
+"
+
+if [[ ${PV} != *9999* ]] ; then
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-wireshark )"
+fi
+
+python_check_deps() {
+	use test || return 0
+
+	python_has_version -b "dev-python/pytest[${PYTHON_USEDEP}]" &&
+		 python_has_version -b "dev-python/pytest-xdist[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use lua && lua-single_pkg_setup
+
+	python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == *9999* ]] ; then
+		git-r3_src_unpack
+	else
+		if use verify-sig ; then
+			cd "${DISTDIR}" || die
+			verify-sig_verify_signed_checksums \
+				${P}-signatures.txt \
+				openssl-dgst \
+				${P}.tar.xz
+			cd "${WORKDIR}" || die
+		fi
+
+		default
+	fi
+}
+
+src_configure() {
+	local mycmakeargs
+
+	python_setup
+
+	# Workaround bug #213705. If krb5-config --libs has -lcrypto then pass
+	# --with-ssl to ./configure. (Mimics code from acinclude.m4).
+	if use kerberos ; then
+		case $(krb5-config --libs) in
+			*-lcrypto*)
+				ewarn "Kerberos was built with ssl support: linkage with openssl is enabled."
+				ewarn "Note there are annoying license incompatibilities between the OpenSSL"
+				ewarn "license and the GPL, so do your check before distributing such package."
+				mycmakeargs+=( -DENABLE_GNUTLS=$(usex ssl) )
+				;;
+		esac
+	fi
+
+	if use gui ; then
+		append-cxxflags -fPIC -DPIC
+	fi
+
+	# crashes at runtime
+	# https://bugs.gentoo.org/754021
+	filter-lto
+
+	mycmakeargs+=(
+		-DPython3_EXECUTABLE="${PYTHON}"
+		-DCMAKE_DISABLE_FIND_PACKAGE_{Asciidoctor,DOXYGEN}=$(usex !doc)
+
+		# Force bundled lemon (bug 933119)
+		-DLEMON_EXECUTABLE=
+
+		-DRPMBUILD_EXECUTABLE=
+		-DGIT_EXECUTABLE=
+		-DENABLE_CCACHE=OFF
+
+		$(use androiddump && use pcap && echo -DEXTCAP_ANDROIDDUMP_LIBPCAP=yes)
+		$(usex gui LRELEASE=$(qt5_get_bindir)/lrelease '')
+		$(usex gui MOC=$(qt5_get_bindir)/moc '')
+		$(usex gui RCC=$(qt5_get_bindir)/rcc '')
+		$(usex gui UIC=$(qt5_get_bindir)/uic '')
+
+		-DBUILD_androiddump=$(usex androiddump)
+		-DBUILD_capinfos=$(usex capinfos)
+		-DBUILD_captype=$(usex captype)
+		-DBUILD_ciscodump=$(usex ciscodump)
+		-DBUILD_dftest=$(usex dftest)
+		-DBUILD_dpauxmon=$(usex dpauxmon)
+		-DBUILD_dumpcap=$(usex dumpcap)
+		-DBUILD_editcap=$(usex editcap)
+		-DBUILD_mergecap=$(usex mergecap)
+		-DBUILD_mmdbresolve=$(usex maxminddb)
+		-DBUILD_randpkt=$(usex randpkt)
+		-DBUILD_randpktdump=$(usex randpktdump)
+		-DBUILD_reordercap=$(usex reordercap)
+		-DBUILD_sdjournal=$(usex sdjournal)
+		-DBUILD_sharkd=$(usex sharkd)
+		-DBUILD_sshdump=$(usex sshdump)
+		-DBUILD_text2pcap=$(usex text2pcap)
+		-DBUILD_tfshark=$(usex tfshark)
+		-DBUILD_tshark=$(usex tshark)
+		-DBUILD_udpdump=$(usex udpdump)
+
+		-DBUILD_wireshark=$(usex gui)
+		-DUSE_qt6=$(usex qt6)
+
+		-DENABLE_WERROR=OFF
+		-DENABLE_BCG729=$(usex bcg729)
+		-DENABLE_BROTLI=$(usex brotli)
+		-DENABLE_CAP=$(usex filecaps caps)
+		-DENABLE_GNUTLS=$(usex ssl)
+		-DENABLE_ILBC=$(usex ilbc)
+		-DENABLE_KERBEROS=$(usex kerberos)
+		-DENABLE_LIBXML2=$(usex libxml2)
+		# only appends -flto
+		-DENABLE_LTO=OFF
+		-DENABLE_LUA=$(usex lua)
+		-DLUA_FIND_VERSIONS="${ELUA#lua}"
+		-DENABLE_LZ4=$(usex lz4)
+		-DENABLE_MINIZIP=$(usex minizip)
+		-DENABLE_NETLINK=$(usex netlink)
+		-DENABLE_NGHTTP2=$(usex http2)
+		-DENABLE_NGHTTP3=$(usex http3)
+		-DENABLE_OPUS=$(usex opus)
+		-DENABLE_PCAP=$(usex pcap)
+		-DENABLE_PLUGINS=$(usex plugins)
+		-DENABLE_PLUGIN_IFDEMO=OFF
+		-DENABLE_SBC=$(usex sbc)
+		-DENABLE_SMI=$(usex smi)
+		-DENABLE_SNAPPY=$(usex snappy)
+		-DENABLE_SPANDSP=$(usex spandsp)
+		-DBUILD_wifidump=$(usex wifi)
+		-DENABLE_ZLIB=$(usex zlib)
+		-DENABLE_ZSTD=$(usex zstd)
+	)
+
+	cmake_src_configure
+}
+
+src_test() {
+	cmake_build test-programs
+
+	# https://www.wireshark.org/docs/wsdg_html_chunked/ChTestsRunPytest.html
+	epytest \
+		--disable-capture \
+		--skip-missing-programs=all \
+		--program-path "${BUILD_DIR}"/run
+}
+
+src_install() {
+	# bug #928577
+	# https://gitlab.com/wireshark/wireshark/-/commit/fe7bfdf6caac9204ab5f34eeba7b0f4a0314d3cd
+	cmake_src_install install-headers
+
+	# FAQ is not required as is installed from help/faq.txt
+	dodoc AUTHORS ChangeLog NEWS README* doc/randpkt.txt doc/README*
+
+	# install headers
+	insinto /usr/include/wireshark
+	doins "${BUILD_DIR}"/config.h
+
+	# If trying to remove this, try build e.g. libvirt first!
+	# At last check, Fedora is still doing this too.
+	local dir dirs=(
+		epan
+		epan/crypt
+		epan/dfilter
+		epan/dissectors
+		epan/ftypes
+		wiretap
+		wsutil
+		wsutil/wmem
+	)
+
+	for dir in "${dirs[@]}" ; do
+		insinto /usr/include/wireshark/${dir}
+		doins ${dir}/*.h
+	done
+
+	if use gui ; then
+		local s
+
+		for s in 16 32 48 64 128 256 512 1024 ; do
+			insinto /usr/share/icons/hicolor/${s}x${s}/apps
+			newins resources/icons/wsicon${s}.png wireshark.png
+		done
+
+		for s in 16 24 32 48 64 128 256 ; do
+			insinto /usr/share/icons/hicolor/${s}x${s}/mimetypes
+			newins resources/icons//WiresharkDoc-${s}.png application-vnd.tcpdump.pcap.png
+		done
+	fi
+
+	if [[ -d "${ED}"/usr/share/appdata ]] ; then
+		rm -r "${ED}"/usr/share/appdata || die
+	fi
+}
+
+pkg_postinst() {
+	xdg_pkg_postinst
+
+	# Add group for users allowed to sniff.
+	chgrp pcap "${EROOT}"/usr/bin/dumpcap
+
+	if use dumpcap && use pcap ; then
+		fcaps -o 0 -g pcap -m 4710 -M 0710 \
+			cap_dac_read_search,cap_net_raw,cap_net_admin \
+			"${EROOT}"/usr/bin/dumpcap
+	fi
+
+	ewarn "NOTE: To capture traffic with wireshark as normal user you have to"
+	ewarn "add yourself to the pcap group. This security measure ensures"
+	ewarn "that only trusted users are allowed to sniff your traffic."
+}