The authors present a monitoring system which detects repeated packets in network traffic, and has applications including detecting computer worms. It uses bloom filters with counters. The system analyzes traffic in routers of a network. Their preliminary evaluation of the system involved traffic from their internal lab and a well known historical data set. After appropriate configuration, no false alarms are obtained under these data sets and they expect low false alarm rates are possible in many network environments. They also conduct simulations using real Internet service provider topologies with realistic link delays and simulated traffic.