At the network layer, encrypted tunnels are typically seen as black boxes. Network traffic however, leaks side channel information that can often be analyzed to determine what the tunnel is being used for and the type of content being sent over it. Probabilistic algorithms will be explored that can analyze this side channel information and identify application protocols within the tunnel. An open-source toolkit containing the algorithms/attacks presented will be released.