diff --git a/pkgs/tools/security/p0f/default.nix b/pkgs/tools/security/p0f/default.nix
new file mode 100644
index 00000000000..22c58cdfecf
--- /dev/null
+++ b/pkgs/tools/security/p0f/default.nix
@@ -0,0 +1,13 @@
+{stdenv, fetchurl, libpcap}:
+  
+stdenv.mkDerivation {
+  name = "p0f-2.0.8";
+  
+  src = fetchurl {
+    url = http://lcamtuf.coredump.cx/p0f/p0f-2.0.8.tgz;
+    md5 = "1ccbcd8d4c95ef6dae841120d23c56a5";
+  };
+  
+  buildInputs = [libpcap];
+  patches = [./p0f.patch];
+}
diff --git a/pkgs/tools/security/p0f/p0f.patch b/pkgs/tools/security/p0f/p0f.patch
new file mode 100644
index 00000000000..e1b73fa37a0
--- /dev/null
+++ b/pkgs/tools/security/p0f/p0f.patch
@@ -0,0 +1,46 @@
+diff -ruN p0f/Build p0f.new/Build
+--- p0f/Build	2006-03-16 08:44:34.000000000 +0100
++++ p0f.new/Build	2007-01-13 03:26:40.000000000 +0100
+@@ -36,9 +36,9 @@
+ 
+ USE_BPF="pcap-bpf.h"
+ 
+-if [ ! -f "/usr/include/$USE_BPF" -a ! -f "/usr/local/include/$USE_BPF" ]; then
+-  USE_BPF="net/bpf.h"
+-fi
++#if [ ! -f "/usr/include/$USE_BPF" -a ! -f "/usr/local/include/$USE_BPF" ]; then
++#  USE_BPF="net/bpf.h"
++#fi
+ 
+ export USE_BPF
+ 
+diff -ruN p0f/mk/Linux p0f.new/mk/Linux
+--- p0f/mk/Linux	2006-08-21 14:37:00.000000000 +0200
++++ p0f.new/mk/Linux	2007-01-13 03:34:18.000000000 +0100
+@@ -11,8 +11,7 @@
+ LIBS	= -lpcap
+ STRIP   = strip
+ CFLAGS  = -O3 -Wall -fomit-frame-pointer -funroll-loops \
+-          -DUSE_BPF=\"${USE_BPF}\" \
+-	  -I/usr/include/pcap -I/usr/local/include/pcap -I/usr/local/include
++          -DUSE_BPF=\"${USE_BPF}\"
+ FILE	= p0f
+ TOOLS   = test/sendack test/sendack2 test/sendsyn
+ 
+@@ -47,9 +46,11 @@
+ 	rm -f /tmp/p0f.tgz
+ 	
+ install: $(FILE)
+-	cp -f $(FILE) /usr/sbin/
+-	cp -f p0frep /usr/sbin/
+-	mkdir /etc/p0f || true
+-	cp -f p0f.fp p0fa.fp p0fr.fp p0fo.fp /etc/p0f/
+-	cp -f p0f.1 /usr/man/man1/ || cp -f p0f.1 /usr/local/man/man1/
++	mkdir -p ${out}/sbin
++	cp -f $(FILE) ${out}/sbin/
++	cp -f p0frep ${out}/sbin/
++	mkdir -p ${out}/etc/p0f || true
++	cp -f p0f.fp p0fa.fp p0fr.fp p0fo.fp ${out}/etc/p0f/
++	mkdir -p ${out}/man/man1
++	cp -f p0f.1 ${out}/man/man1/
+ 	@echo "You might want to manually install test/ tools now."