cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
503
Views
9
Helpful
2
Replies

Virus detect

stephtchoko
Level 3
Level 3

Please,

How can i identify a network problem come from virus ? What kind of command can i apply ?

Thank Stephane

2 Replies 2

sachinraja
Level 9
Level 9

Hi Stephane,

In case your router's CPU or traffic increases due to a virus, you can detect it by enabling cache flow on the ethernet or serial interface...

int ethernet0/0

ip route-cache flow

after enabling this, you can see 'sh cache flow" and see if the packets flowing on that router. If you see too many packets on the same IP with the same port, you can think this as a virus. you can try blocking this on the router and solve the issue.

You can also have a syslog server placed on the network which will get all the logging messages from the core router/switch.

hope this helps.. all the best..

Raj

vnirmal112
Level 1
Level 1

Hi,

To Know a network problem from Virus.U can also enable "ip accounting output-packets" in Fast Ethernet Interface.

After Enabling the above, please issue the command

"Sh ip accounting" to keep monitoring the hits from a Specific IP.If traffic is more, keep using clear ip accounting for every sh ip accounting command.

From that IP, see if it hits many destination IPs/IP Ranges.It may be some unused IP/IP Ranges.

If ur experiencing this problem,this would definitely be due to improper Anti-Virus/Patch Upgradation in the PC.

Revert for any further inputs.

Nirmal