Who cares as long as it is not on your network, right?
The trouble with the Dark Web it is that all data is encrypted from endpoint to endpoint so it becomes very difficult to detect if it is being used on your network. When people refer to the Dark Web they are generally referring to The Onion Routing network, which is used by the TOR browser.
However the Tor browser uses plain old SSL to pass its encrypted information to the first node on the network, so as far as a network administrator can tell it is plain old encrypted web traffic, nothing unusual about that.
Detecting that is needle in the haystack territory
Also, encrypted web traffic (SSL/https) is fast becoming the norm, especially since Google appears to favour websites encrypted with SSL over non-encrypted websites (at time of this writing).
To the average network administrator the Tor browser may be extremely difficult to detect
However, with NetScope and its deep packet inspection you get clues as to who on your network is running the Tor browser.
When the Tor browser starts up it appears to ‘leak’ its protocol information, and that is detectable by NetScope’s deep packet inspection technology. So if we use NetScope to have a look at our top applications.
We can see, as indicated in the top applications diagram above, the TOR application protocol. Every time the Tor browser is initiated from a PC it’s leaked application data is detected by NetScope.
We can then zoom in on TOR by clicking on that segment and find out which local PC is generating traffic to the dark Web.
Deep packet inspection helps you track down the Dark Web.
This level of detail enables a network administrator to track down possible misuse of Internet resources on the network. NetScope does this in a way that is otherwise not possible due to the clever way the Tor browser tunnels and encrypts its data.
If you would like to detect people using the Dark Web or other applications on your network shoot on over to the download section of NetScope.com and grab yourself a copy.