I am a final year undergrad student studying computing and information security. I am about to embark on my final year project, for which I have decided to try and create a network monitoring tool that visualizes the logs of the network traffic. I would like to point out that this is still a very young project but would like to ask for any pointers or advice.

I am currently thinking that I will build a piece of software in something like pearl that will call and run tcp dump from a server on the network. This will then log all entries to a data base or I i can read from p cap file s into a script which will help to display the data on a web interface from a host on the network..

have a lot to learn but some points in the correct direction would be great... like is pearl best to use should I dump everything into a data base or will it fall over if i chuck loads of data at it etc ...

Sorry for answering your question so late. Here are some thoughts:

- Try to do an in-depth prior work analysis. (a lot has been done on this, there are even companies focussing just on this!)
- Don't reinvent. There are tons of tools out there that do most of what you need. Use something like Argus to generate your network flows, don't read PCAP and translate them into flows yourself. You'll make too many mistakes! (It seems easy, but it's not!)
- Be specific. "... display the data on a web interface from a host on the network.." What do you mean by that? Try to look at it from a user / use-case perspective. What do you want to enable? What are the problems you are solving for the user? Why is this a good approach? Why is it better than anyone else's stuff?
- Dumping traffic into a relational database is going to be slow (most likely, if you are dealing with heavy loads). Depending on the use-cases that you want to enable, you can store aggregates or samples. Think hard about that. If you want to keep everything, look into column-based data stores. But focus heavily on the visualization.
- Is this a masters project? What's novel? What's new? Why is this advancing the field? There has been a ton of work on network flows in the past. I'd really like to see something new here!

Hope this helps a bit. Let me know if I can help with anything else!