With the progress of the times, network technology brings the convenience and efficiency. It has also brought crime and malicious acts relatively. Today the increasing cyber crime, such as data theft, DDoS attacks, the money mule, spam and phishing, are often heard from time to time. Zombie network is the driving force behind the scenes. Public authority network has hundreds of computers. If infected with a zombie botnet network, the government agency suffers huge losses and can not be estimated. This paper attempts to use zombie networks and transmission characteristics to detect bot-like activities in government agency. Using freeware-Open Audit and SharpPcap library to write sniffer for network traffic monitoring, and to provide public warning message when infected. This allows officials to take immediate disposal to prevent further disaster. List of hosts with suspected infection is presented to IT staff by e-mail and web. To avoid damage in botnet experiments, simulation is built and performed on Testbed@TWISC based on the Emulab system.