About PacketSmith and Netomize

PacketSmith is the flagship product of Netomize, a sole proprietorship founded in June 2025 by Mohamad Mokbel in Toronto, Canada. Mohamad brings over 15 years of cybersecurity research expertise to Netomize. His extensive career includes roles at Telus Security Lab and CIBC, most recently spending eight years at Trend Micro’s DVLabs. There, he specialized in working with the TippingPoint Intrusion Prevention System (IPS), reverse engineering vulnerabilities and malware Command & Control (C2) communication protocols to develop custom filters for TippingPoint Next-Generation IPS (NGIPS).

The Genesis of PacketSmith

PacketSmith was developed out of a real-world need to address common issues found in network packet captures (pcaps). Analysts often encounter pcaps captured on loopback interfaces that require significant “fixing” – specifically, correcting checksums, source and destination IP and MAC addresses, and port numbers. Other challenges include pcaps with incorrect checksums, superfluous layers and extensions (requiring the substitution of one layer for another), missing TCP handshake packets and DNS requests, or an incorrect Maximum Transmission Unit (MTU) value leading to fragmentation, among other common issues.

All these essential modifications must be performed at the IPv4/IPv6/TCP/UDP (stream level). This demands precise, “surgical” manipulation of packets across various network layers to ensure the pcap’s integrity is maintained.

While some open-source alternatives exist, none offer the comprehensive and robust capabilities found in PacketSmith for addressing these complex pcap issues.

Why PacketSmith Matters

The ability to statically modify a pcap to replace, fix, or add specific fields is critical. It eliminates the need to re-capture traffic, saving valuable time and resources when you need a valid pcap. This functionality is particularly vital for replaying pcaps against Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) for testing, fuzzing, or anonymization purposes.