Skip to content

Networking Requirements

Enterprise Edition Enterprise

The Enterprise VM requires only a single outbound port:

DirectionDestinationPurpose
InboundAny internal hostHoneypot traffic (configured ports)
Outbound<domain_id>.trapster.cloud 443/TCPDashboard sync, event forwarding and updates

Static IP: The VM uses DHCP by default. If your network does not have DHCP, configure a static IP from the VM local menu. See Network Configuration.

Community Edition Community

The community edition only needs inbound access on the ports you configure in trapster.conf. No outbound connectivity is required unless you use the API logger to forward events.

Recommended placement:

  • A dedicated IP on your internal network
  • Reachable from all VLANs you want to monitor
  • Not behind a host-based firewall that would block the honeypot ports

Placement strategy

Best placement

Deploy Trapster where attackers are likely to look:

  • User VLANs - catch lateral movement from compromised endpoints
  • Near NAS/file servers - attract credential reuse attempts
  • DMZ - catch inbound attackers before they reach internal systems
  • Server VLAN - mimic a production server to attract targeted attacks

The more network segments Trapster is visible from, the wider its detection coverage. You can deploy multiple VMs on different segments and manage them all from a single Enterprise dashboard.

Whitelist your own scanners

If you run internal vulnerability scans, add your scanner's IP to the whitelist to avoid false positives:

json
{
  "whitelist_ips": ["192.168.1.10", "10.0.0.5"]
}