Networking Requirements
Enterprise Edition Enterprise
The Enterprise VM requires only a single outbound port:
| Direction | Destination | Purpose |
|---|---|---|
| Inbound | Any internal host | Honeypot traffic (configured ports) |
| Outbound | <domain_id>.trapster.cloud 443/TCP | Dashboard sync, event forwarding and updates |
Static IP: The VM uses DHCP by default. If your network does not have DHCP, configure a static IP from the VM local menu. See Network Configuration.
Community Edition Community
The community edition only needs inbound access on the ports you configure in trapster.conf. No outbound connectivity is required unless you use the API logger to forward events.
Recommended placement:
- A dedicated IP on your internal network
- Reachable from all VLANs you want to monitor
- Not behind a host-based firewall that would block the honeypot ports
Placement strategy
Best placement
Deploy Trapster where attackers are likely to look:
- User VLANs - catch lateral movement from compromised endpoints
- Near NAS/file servers - attract credential reuse attempts
- DMZ - catch inbound attackers before they reach internal systems
- Server VLAN - mimic a production server to attract targeted attacks
The more network segments Trapster is visible from, the wider its detection coverage. You can deploy multiple VMs on different segments and manage them all from a single Enterprise dashboard.
Whitelist your own scanners
If you run internal vulnerability scans, add your scanner's IP to the whitelist to avoid false positives:
{
"whitelist_ips": ["192.168.1.10", "10.0.0.5"]
}