Identification of the "Tor" Network https-Connection Version tls v1.3

Purpose of the study: compilation of a set of features that allow to detect and identify the establishment of a connection between the client and the anonymous network Tor in conditions of using encryption of the data stream using the TLS v1.3 protocol. Method: software analysis of the data flow, frequency methods, decomposition of the content of data packets according to their number, sequence, finding frames in a packet and sizes, a comparative method in point of different versions of the encryption protocol and resources making the connection were used. Results: a set of features of the Tor network connection established using TLS v1.3 encryption was compiled, allowing to detect and identify in the data stream a “handshake” between the client and the Tor network in order to legally block the connection; a comparative analysis of the data of the Tor network and the VKontakte social network during the establishment of an encrypted connection was carried out; studied and described the structure and differences of the “handshake” of the TLS protocols v1.2 and v1.3; the structure, size and arrangement of frames and data packets of the Tor network and a connection of other network type, both using TLS v1.3 encryption, has been revealed.