Since the dawn of human communications, there have been people that have wished to correspond secretly with others. Some people have desired the content of their communication to be kept confidential; some wish the very fact that they are communicating to remain unknown. As the mediums for communication have evolved, so too have the manners of covert communication over those mediums. Regardless of purpose, some party will inevitably wish to detect, and subsequently limit or prohibit, any such covert communication. Traditionally covert channels in computers have been studied within an autonomous system. However, with the explosive growth of the Internet, the potential for covert channels have become possible between countless distantly connected systems and users. In this thesis we consider the nature of network covert channels more generally than is customary in the literature and propose a particular structure for analysis. We argue that not only is detection desired, but that no single mechanism is appropriate for detecting all possible covert channels. We offer a new framework for choosing a method to detect the use of network covert channels of many varieties. Using the knowledge one has about the network, covert sender, covert receiver, overt channel, and covert channel, we explain how to use our framework to reason about detecting the use of network covert channels.