Designing Networks. Securing Infrastructure.
Solving Real Problems.
From Packets to Protection — Real-World Network Engineering
Where Real Network Problems Get Solved
PacketCraft is a hands-on network engineering lab focused on real-world problem solving across security, routing, and infrastructure — the kind engineers face daily in production environments.
Built from MSP experience in New Zealand, every scenario here is designed, tested, and troubleshot on real enterprise hardware. Not theory. This is how networks actually behave.
Lab Projects & Builds
Enterprise-grade perimeter firewall with policy segmentation, IPS, and SSL inspection across VLAN-tagged infrastructure.
FortinetVLANIPSBGP/OSPF configuration, route policies, and zone-based security on Junos — hands-on toward JNCIA/JNCIS.
JuniperBGPJunosCentralised log ingestion, threat detection dashboards, and alerting across all homelab nodes via Wazuh and Grafana.
WazuhGrafanaSIEMMulti-VM environment running TrueNAS, security tools, and test workloads. Isolated networks per service tier.
ProxmoxTrueNASKVMLocally-hosted smart home integration with network isolation — no cloud dependency, full control.
Home AssistantIoTDedicated offensive security subnet with Kali Linux for OSCP prep — isolated from production segments.
KaliOSCPRed TeamBare-metal Dell PowerEdge R720 running ESXi, hosting isolated VM clusters for routing labs, security tools, and network simulation workloads.
Dell R720ESXiVMwarePNetLab running on ESXi for multi-vendor network topology simulation. Used for CCNP/JNCIA lab scenarios with real IOS and Junos images.
PNetLabCisco IOSJunosEVE-NG Community Edition for building complex multi-vendor network topologies — BGP, MPLS, and SD-WAN scenarios across Cisco, Juniper, and FortiGate nodes.
EVE-NGMPLSSD-WANProof of Work
Scenario 01 · Firewall
Diagnosed an SSL-VPN split tunnel issue where remote users were unable to reach internal subnets post-failover. Traced the fault to overlapping phase-2 selectors and corrected routing table priority.
✓ Phase-2 selector scope corrected, failover tested under load
Scenario 02 · Routing
Identified a BGP route leak between two VRFs on the Juniper SRX causing asymmetric routing and intermittent TCP resets. Applied route-policy filters and prefix-lists to enforce correct path selection.
✓ Symmetric path confirmed via traceroute across all VRFs
Scenario 03 · Security
Wazuh generating 2,000+ alerts/hr from a misconfigured agent on a Proxmox node. Created custom decoders and tuned thresholds to reduce noise by 94% while retaining real detections.
✓ Custom ruleset deployed, alert fidelity fully restored
Scenario 04 · Switching
Traced intermittent connectivity loss on a production VLAN to a native VLAN mismatch across trunk links between a Cisco switch and FortiGate. Identified via CDP and packet capture, corrected across all trunk ports.
✓ Trunk ports aligned, outage eliminated, documented for change control
Scenario 05 · Infrastructure
Discovered unintended cross-VLAN communication between ESXi VMs due to incorrect port group configuration on a virtual switch. Rebuilt vSwitch segmentation with dedicated port groups per security zone.
✓ Full VM network isolation restored, verified via inter-VLAN ping tests
Scenario 06 · Monitoring
Grafana dashboards showed gaps in node metrics during peak hours. Root cause traced to Prometheus scrape timeout on high-load Proxmox nodes. Tuned scrape intervals and added alerting for collection failures.
✓ 100% metric coverage restored, alerting on scrape failure added
Tools & Technologies
Networking
Security
Infrastructure
Lab & Simulation
Certifications
Get In Touch
Open to MSP roles, network engineering opportunities, and collaboration in New Zealand and beyond.