2 Replies Latest reply: Feb 8, 2012 7:49 PM by chrisjoms RSS

    malicious software web traffic detection tool


      hi guys, does cisco have any software to detect malicious web traffic?


      is wireshark able to detect such traffic?


      thanks for any input.

        • 1. Re: malicious software web traffic detection tool
          Paul Stewart  -  CCIE Security

          Wireshark is able to detect just about anything.  There are challenges when it is encrypted though.  Additionally, there is a steep learning curve to understanding what is normal and not (on your network and in general).  So I use wireshark for troubleshooting when I KNOW something is going on.  This is typically in reaction to a complaint of some sort.


          Cisco has a Botnet Traffic feature that can be licensed on the ASA.  They also have their more full featured Ironport Web Security solution.

          • 2. Re: malicious software web traffic detection tool

            Hi Paul, Thanks for your reply.

            Actually, this is for my home PC. I believe that there is some malware on my home network.


            Because some websites i'm not able to accesss, i was automatically block and saying that my public ip is ban.


            and when searching google they would prompt me to key in some letters, because there's a lot of traffic originated from my public ip.


            Had tried a lot of anti-virus  but they were not able to detect. I believe that the malware is residing on the hidden partition of my hard drive (the recovery partition).


            I  don't have time delete the recovery partition, because once i did that i need to go down to the service center to copy those files again.


            So i was thinking before i delete the partition or smashed the hard drive, why not try to study or analyze the traffic on my home network.


            Anyway, i will try to download books for network security analysis. any recommendations?


            Thanks again,