TheTrivial File Transfer Protocol (TFTP) was standardized in 1981, according to the RFC 1350. The goal of the designers was to build an FTP that is small in size and memory footprint, yet easy to implement. For that reason it has found extensive usage in many applications, such as the network booting protocols PXE and BOOTP.
Its simplicity comes with some serious tradeoffs. This command is not able to list, delete, or rename files like more advanced FTP services can do. More importantly it’s INSECURE! All data is transferred unencrypted over UDP, so don’t use it to transfer any sensitive information or receive date from unverifiable sources.
By1981 network standards, this wasn’t so much of a concern; that’s why today, this command is mostly used in LANs where you have control over all of the parameters that could compromise security. Think about it as the ‘telnet’ of remote access protocols.
There are a few implementations of this command. You can search Debian repositories for TFTP packages by using the following command:
netbeez.net$ apt-cache search tftp tftp - Trivial file transfer protocol client tftp-hpa - HPA's tftp client tftp-hpa-dbg - HPA's tftp (debug) tftpd - Trivial file transfer protocol server tftpd-hpa - HPA's tftp server
This may give a long list, but you can easily identify the ones that are actual TFTP packages.
You can install the server with:
netbeez.net$ apt-get install tftpd-hpa
If you are on Windows or MAC OS, you can find online TFTP clients or servers for your machine.
Once you install the server, it will start running as a daemon and ready to receive and send files. By default the server uses port 69. tftpd-hpa uses the directory “/srv/tftp” for uploading and downloading. To change that, you must edit the following configuration file:
netbeez.net$ cat /etc/default/tftpd-hpa # /etc/default/tftpd-hpa TFTP_USERNAME="tftp" TFTP_DIRECTORY="/srv/tftp" TFTP_ADDRESS="0.0.0.0:69" TFTP_OPTIONS="--secure"
The “- -secure” option adds security to TFTP by limiting all transactions in the TFTP_DIRECTORY. In addition, files can be uploaded in “/srv/tftp” only if they already exist in that directory and are publicly writable. If you want to allow clients to upload new files in “/srv/tftp” then you need to add the “- -create” option like this: TFTP_OPTIONS=”- -secure – -create”. After you edit “/etc/default/tftpd-hpa”, restart the tftp server with “service tftpd-hpa restart”.
I created the following text file in “/srv/tftp”:
netbeez.net$ cat hello_server.txt Hello world from TFTP server!
On the client side I start an interactive session and I download it as follows:
netbeez.net$ tftp tftp> connect 172.31.0.154 tftp> get hello_server.txt Received 31 bytes in 0.0 seconds tftp> quit netbeez.net$ cat hello_server.txt Hello world from TFTP server!
On the client side, I can upload a file with the following commands:
netbeez.net$ tftp tftp> connect 172.31.0.154 tftp> put hello_client.txt Sent 31 bytes in 0.0 seconds tftp> quit
If you get the following error when uploading:
tftp> put hello_client.txt Error code 1: File not found
It can mean one of the following:
- The file “hello_client.txt” doesn’t exist on the servers “/srv/tftp” directory
- The “- -create” option is not enabled on the server (see above)
- The file “hello_client.txt” exists on the server but it’s not publicly writable
This handy and lightweight server is useful to upload and download files, but it comes with some important limitations that you have to keep in mind. You may have used it if you’ve ever remotely booted a machine with PXE or BOOTP.