The P2P protocol can be divided into two categories: Detection based on the Protocol Feature codes (DoPF) and Detection based on the Network Streams(DoNS). Out of these threats botnet is one of the biggest threat faced by the cyber network because they provide several illegal activities. Like phishing, distributed denial of service attacks against critical targets, malware dissemination, click fraud etc. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. The target of the botnet attacks on the integrity and resources of users might be multifarious; including the teenagers evidencing their hacking skills to organized criminal syndicates, disabling the infrastructure and causing financial damage to organizations and governments. In this context, it is crucial to know in what ways the system could be targeted. The major advantage of this classification is to identify the problem and find the specific ways of defense and recovery. In this paper we will survey out the actual cause of botnet, their attacks, how they are detected and prevented. Doing so we will be able to see the challenges found during the cyber surf. The botnet can be designed to download different modules to exploit the specific things that it finds on the victim. Like this new explicit techniques can be discovered from exploring the machines of the victim and added. Due to this the job of the antivirus will become more tedious. Getting on component of botnet does not deduce the whole nature of the botnet and its other component because the first component can choose to download from any number of modules to perform the functionality of each phase in the life cycle of the botnet. Botnet attacks are targetable they are made to target. The hacker can target a market or a company to steal the information and this information can be used against the company or market. Botnets are developing at a very fast rate making it difficult to detect and recover from their side effects. However, some of their types extensively deployed can be classified to provide for their remedy. Botnets have developed several techniques in their malware and infrastructure that make them robust to typical mitigation techniques. Due to their sheer volume, diverse capabilities, and robustness they pose a significant and growing threat to the Internet as well as enterprise networks. The threats undermine the reliability and utility of the Internet for commerce and critical applications, and therefore, better understanding of the structure of individual botnets is needed to formulate appropriate mitigation strategies. Intrusion detection systems are basically based on two types namely network based system and host based system. A network based system should focus on local and outgoing traffic flows as well as incoming internet traffic, whereas a host intrusion detection system can pick up symptoms of bot activity at a local level that can’t be seen over the network. At either level an in IDS will focus on either anomaly detection or signature detection, though some are more or less hybrid. For real-time detection of botnet activity in the network, a module was deployed on a system which was receiving mirrored traffic from the entire network, as shown in figure 5. This module utilizes tshark to read the packets and stores them in libpcap format in chunks of 200 MB each. The stored packet Captures are converted into conversations (or flows). Each flow is an instance which is to be monitored for malicious activity. Botnet is very typical technology used by hackers which is very waste in nature , hence due to this the botnet research is still in its infancy. This paper surveys the state-of-art of the botnet research that can be classified into two major areas namely, 1. understanding botnet, 2. detecting & tracking botnets . In understanding botnet research, it is proposed to learn botnet behaviors and characteristics through their nature. Some formal models are also proposed to predict botnet advancement. In detecting & tracking botnet researches, honeynet and traffic monitoring approaches are proposed to detect botnets based on some of their unique behavior. Finally, the research on defending against botnet proposes to simply shut down botmaster after they are identified. Those current botnet study is still in a preliminary stage. Earlier work analyses the majority of botnet traditionally used IRC for their command and control. But we believe the botnets will advance to new communication architectures, for example, P2P-based botnet. And currently the defense against botnet is not very efficient, so much more work needs to be done in this field.