How do you know if people are accessing the Dark Web from your network?

The Dark Web, or Deep Web, can be used by people to shop for prohibited items such as illicit drugs or firearms, by hacking/DDoS services and even higher a hitman.

tor-logo

Who cares as long as it is not on your network, right?

The trouble with the Dark Web it is that all data is encrypted from endpoint to endpoint so it becomes very difficult to detect if it is being used on your network. When people refer to the Dark Web they are generally referring to The Onion Routing network, which is used by the TOR browser.

However the Tor browser uses plain old SSL to pass its encrypted information to the first node on the network, so as far as a network administrator can tell it is plain old encrypted web traffic, nothing unusual about that.

Detecting that is needle in the haystack territory

Also, encrypted web traffic (SSL/https) is fast becoming the norm, especially since Google appears to favour websites encrypted with SSL over non-encrypted websites (at time of this writing).

 

needle-in-a-haystack

tor-top-applications

TOR Browser is detected when it The first contacts the Dark Web.

To the average network administrator the Tor browser may be extremely difficult to detect

However, with NetScope and its deep packet inspection you get clues as to who on your network is running the Tor browser.

When the Tor browser starts up it appears to ‘leak’ its protocol information, and that is detectable by NetScope’s deep packet inspection technology. So if we use NetScope to have a look at our top applications.
We can see, as indicated in the top applications diagram above, the TOR application protocol. Every time the Tor browser is initiated from a PC it’s leaked application data is detected by NetScope.

We can then zoom in on TOR by clicking on that segment and find out which local PC is generating traffic to the dark Web.

tor-top-source-addr

With NetScope we have narrowed down the IP address
which we can then track to the PC/user trying to connect to the dark Web.

Deep packet inspection helps you track down the Dark Web.

This level of detail enables a network administrator to track down possible misuse of Internet resources on the network. NetScope does this in a way that is otherwise not possible due to the clever way the Tor browser tunnels and encrypts its data.

If you would like to detect people using the Dark Web or other applications on your network shoot on over to the download section of NetScope.com and grab yourself a copy.

Grab a Download

Hacker

Stay one step ahead of the game