TFTP is used to transfer files in a very simple way.
Compared to other file transfer protcols (like: FTP or HTTP), TFTP is much simpler (and much smaller in code size) and therefore easier to implement. Because of this, it's often used in embedded devices (e.g. thin clients) to get files from a server at bootup time (typically in conjunction with BOOTP).
Sometimes TFTP is also used to upload firmware files from the user to an embedded device, but as these devices become more and more advanced, HTTP is more often used for this purpose today.
XXX - add a brief description of TFTP history
- UDP: Typically, TFTP uses UDP as its transport protocol. The well known UDP port for TFTP traffic is 69.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The TFTP dissector is fully functional.
There are no TFTP specific preference settings.
SampleCaptures/tftp_rrq.pcap Capture of a TFTP Read Request.
SampleCaptures/tftp_wrq.pcap Capture of a TFTP Write Request.
A complete list of TFTP display filter fields can be found in the display filter reference
Show only the TFTP based traffic:
You cannot directly filter TFTP protocols while capturing. However, if you know the UDP port used (see above), you could filter on that one; however, as a TFTP server will choose a unique port number from which to send the reponse, and will send it to the port number from which the request came, which is not likely to be a well known port number, a filter checking for UDP port 69 will capture only the initial TFTP request, not the response to that request or any subsequent packets in that TFTP conversation.
RFC 783 THE TFTP PROTOCOL (REVISION 2)
RFC 1350 THE TFTP PROTOCOL (REVISION 2) (obsoletes RFC 783)
RFC 2090 TFTP Multicast Option
RFC 2347 TFTP Option Extension
RFC 2348 TFTP Blocksize Option
RFC 2349 TFTP Timeout Interval and Transfer Size Options
Imported from https://wiki.wireshark.org/TFTP on 2020-08-11 23:26:37 UTC