TFTP is a simplified data transfer protocol (as evidenced by the first letter of the protocol abbreviation, Trivial), characterized by simplicity of implementation and having a number of limitations, the main one of which is the lack of authentication. For this reason, it is not as common as FTP, but there are many examples where its use is preferred.
For example, in a closed local network for loading the operating system on workstations, for security reasons or for other reasons, do not contain their own hard disk. While there are some risks, they can be mitigated by IP filtering using the UDP transport protocol.
How to install a TFTP server on Windows
The Trivial FTP protocol, as you already know, is very simple to implement, and if we talk about low-level file transfer, provided there are no strict security requirements, then it has been and remains very popular.
In addition to loading the OS onto workstations, it is widely used to load and modify the configurations of many embedded devices that are part of home networks and the Smart Home system.
In particular, this protocol can often be found on routers, mobile phones, and popular media streamers. It is used to transfer single files over relatively short distances. But in global networks, the same Internet, the use of TFTP is unacceptable due to low security. FTP reigns there, and if increased security requirements are required, then SFTP.
If using FTP, which requires entering a username / password, you can perform a whole range of operations with files (transfer in both directions, renaming, deleting, viewing), then in TFTP you can only download files, and only one at a time. But here the UDP stack is used, which is distinguished by its simplicity of code, in contrast to the common, but rather complex TCP / IP.
TFTP makes up for in poor functionality and reliability, so the server-side portion of the protocol code takes up very little disk or memory space, making it an ideal candidate for use in embedded devices where memory shortages are common.
So, if we summarize what a TFTP client is for, then it can be argued that the main advantage of the protocol is the ease of implementation of its client part.
Although a TFTP server is most often found in Linux, there are many solutions designed for Windows and even macOS (TFTPD32 / 64, haneWIN, WhatsUp, WinAGents, etc.).
Let’s look at the procedure for installing a TFTP server using the very popular TFTPD32 utility, created under the terms of open source code, as an example. In addition to the TFTP server itself, it also includes other server protocols (DHCP, DNS, SNTP) and allows you to manage a pool of IP addresses. Of course, situations where all of the listed functions are required are difficult to come up with even in theory, but adding TFTP to one of them may well be useful.
When downloading the program, you can choose the portable version if you don’t want to mess with the installation.
When launching the utility, you will need to specify a couple of parameters:
- the directory where the files will be downloaded (the default path is the location where the program is installed);
- The IP address of the server that clients will need to contact.
This will be enough for performing the simplest operations. But in some cases, additional configuration of the program will be required.
Configuring TFTP Server
If you need to use a DHCP server, for example, to issue dynamic IP addresses within a small network, you need to go to the Setting section and select the DHCP tab.
Here we need to specify:
- source IP address (obtained on the router);
- the range of addresses issued to clients;
- specifying the network gateway is optional;
- the fourth parameter is the subnet mask.
We confirm the changes by clicking OK.
Since TFTP is based on the use of the lower layer transport protocol UDP, in which the establishment of a connection is not provided, the task of emulating a connection becomes the prerogative of an external protocol, in our case, TFTP. The problem is that firewalls in most cases do not know how to identify connections initiated by the TFTP protocol, so it is not able to pass this type of traffic.
But if the TFTP server is located within the protected network, and the client devices are in front of the firewall, then there should be no problems, but you will need to make changes to the firewall settings:
- you need to add a rule for transporting data packets from an external IP address to the TFTP server address specified in the program configuration (via port 69 of the TFTP server);
- allow traffic redirection from the internal network to the external IP address.
In most routers, when transferring data from a more secure network to a less secure network, there are no problems, but when you need to perform the opposite task, you just need to perform the steps listed above.
The problem is that not all network routers / routers allow such settings. But many of them are equipped with the function of viewing traffic directed using the TFTP protocol, while they are able to dynamically change the translation table, allowing you to pass packets from the outside going to the local network. For example, to configure the Cisco PIX router firewall, you must issue the fixup protocol tftp command.
There is an alternative way to solve the problem: you can force the TFTP server to use port 69 in two directions, not only to receive requests from clients, but also to forward responses to them. Then the firewall will be able to correctly process both types of requests, guided by the entries in the translation table.
So, in order to configure WinAGents TFTP Server in this way, you need to check the box next to the Enable firewall support option in the program settings.
Checking TFTP server performance
To check if the TFTP server is working, you just need to copy the file from the server to the client equipment.
To do this, start the console on the client, and then execute the tftp 192.168.1.35 GET <name of the copied file> command. If everything is configured correctly, after a pause during which data transfer occurs, the specified file should appear on the client equipment.
Note that copying will be made to the directory in which the console was launched, unless another path is specified in the program settings. But not all utilities have such settings. For example, if you are using WinAGents TFTP Server, you will need to execute two commands in sequence:
- cd <destination path>;
- tftp168.1.35 GET <name of the copied file>.
In this case, copying will be made to the directory you specified.
In the TFTPD32 utility, copying will look slightly different. On the client machine, start the application, open the TFTPClient tab in it, and then specify the server IP address, and then the name of the file that we intend to download. You can save it under a different name by specifying it in the corresponding line of settings. After completing all the preparations, press the GET button and wait for the results of the operation.
As you can see, the use of a TFTP server does not pose unsolvable tasks for the user, except for cases when access outside the local network is required. But for these cases, there are other, more secure and secure network protocols.