Background
If you check the logs on your computer system you will see how many thousands of logs generated, it is not easy to understand what happened from looking at these logs. The aim of this project is to correlate this data in one easy to access place. I will design the tool that will use some existing network sniffing tools to gather basic data. This will then decompiled visually in such a way that at a glance a user will be able to determine what happened on the network within a given timeframe. Whilst the aim of this project is not to create one tool to understand everything on a network it is to create a tool that is more up-to-date with better usability and accessibility than its predecessors.
Objective
The objective of this project is to provide a network monitoring tool that will provide an improved user interface whilst providing usable data that can be quickly and easily manipulated in a way that can be used by a security professional to understand how the network is behaving.
these are the opening statements of my PID, I think that things really beginning to take shape, however the questions I need to ask myself now are ... what language to use ??? which one will give optimal performance?? should I read from the pcap files or use a database??? if I use a database I have same questions again... Do I use MY SQL etc ... then I have design methodologies to consider... and all this before starting to look at the actual visualisation of the log data... I am drawn to Pearl as a development language because of its claim of speed, however I am concerned about how to use it and if its api's are good graphically. I think I need to continue to read until I can really break my problems down to a low enough level to be able to manage them and develop them adiquatly.
