Getty Images
How to use TFTP to transfer files across the network
Trivial File Transfer Protocol is one of the oldest and simplest TCP/IP file exchange protocols. Here are use cases and best practices for installation and security.
One of the less commonly known application layer protocols in the TCP/IP stack is Trivial File Transfer Protocol. Its more recognized cousin FTP is used for the reliable transfer of larger files, such as images or formatted documents. TFTP serves a different purpose, however.
This article explains the role of TFTP in network environments, from backups to deployments. It compares TFTP against FTP in more detail and suggests some TFTP use cases. Finally, the article addresses installation, TFTP commands and security.
TFTP versus FTP
To appreciate the difference between TFTP and FTP, it's important to first remember some details about the TCP/IP stack. Both file transfer protocols operate at the application layer, but they rely on different transport layer protocols.
FTP uses TCP, which is a stateful, reliable protocol that accounts for each packet at both the source and destination nodes. While this method generates more management overhead, it ensures that all sent data is received at the destination.
TFTP relies on User Datagram Protocol (UDP) for quick transfers. UDP is a stateless, best-effort protocol that does not check for lost packets at the transport layer. Note that UDP might check for lost packets at a different layer, depending on the application.
The next difference between TFTP and FTP centers on commands. Traditional FTP applications offer quite a bit of functionality, including displaying and manipulating existing files on a remote FTP server. FTP services require some sort of authentication, whether anonymous or using standard user accounts with passwords.
TFTP does not manage files. It only offers the ability to upload (put) and download (get) files without the ability to see which files exist or manage them in any way. TFTP also doesn't use pesky authentication procedures.
TFTP uses port 69/udp to establish the initial connection. The client and server then negotiate other ports for the data transfer process. FTP typically uses port 20/tcp (data) and 21/tcp (management), depending on its mode.
The benefit of TFTP is it's small and easy to use. This makes it useful for transferring configuration files, such as during network device backups, or downloading boot file information to network clients. These circumstances work well for nonauthenticated scenarios. TFTP is also lightweight, making it useful for devices with little storage or compute ability.
FTP does not include any built-in encryption for its data transfers. But variations such as Secure Shell FTP (SFTP) and FTP Secure exist, enabling greater data security in transit.
Common use cases for TFTP
The TFTP standard was defined in 1981, but it's still used today, mainly in special circumstances.
Here are a few TFTP use cases:
- Network booting with Preboot Execution Environment deployments.
- Network booting with diskless workstations.
- Backing up network device configuration files.
- Transferring network device configuration files.
- Transferring firmware images.
- Performing traditional file transfers from a client device to a network server.
Due to its lack of security and authentication, however, TFTP might not pass many current rigorous security requirements.
TFTP installation options
Expect to install TFTP services on most systems and manage TFTP configuration files. Each OS handles TFTP a little differently. The following sections summarize the configurations for each platform.
Linux
You probably have to install TFTP services on the Linux device before editing the configuration file.
Type the following to install the tftpd-hpa server using apt-get:
$ sudo apt-get install tftpd-hpa
Type this command if the Linux distribution relies on a DNF package manager:
$ sudo dnf install tftpd-hpa
Next, create a base directory as the TFTP repository. Use your preferred text editor to configure the /etc/default/tftpd-hpa configuration file, setting the base directory location and IP information. Don't forget to start/enable the service and configure the firewall.
MacOS
Your Mac probably already has a TFTP server and client installed and running, but you need to manage the configuration file. I prefer using Vim on my Macs, but use whichever text editor you want.
Windows
Many Windows administrators add the tftpd64 or SolarWinds TFTP server to their systems when they need a TFTP option. The TFTP interface is similar to PuTTY, which is usually a familiar application. Set options in the interface for the base directory and other information, just like with the Linux and macOS deployments.
Use the following netstat command to verify the status of the TFTP server:
netstat -an | more
You should see udp 0.0.0.0:69.
Windows systems don't include the TFTP client by default, either. On Windows 10 and 11, navigate to Control Panel > Programs and Features, and select Turn Windows features on or off. Tick the TFTP Client checkbox.
You can also run the following cmdlet to add the client:
Enable-WindowsOptionalFeature -FeatureName TFTP -Online
If the TFTP client runs from Windows Server, use this cmdlet instead:
Install-WindowsFeature TFTP-Client
Remember to check the Windows firewall for TFTP settings.
Regardless of the platform, the process for installing TFTP is simple: Install the service, configure it, modify the firewall and provide a client.
How to use TFTP
The primary command for the TFTP service is tftp. This command uses various subcommands that provide additional options. The utftp command is functionally the same but does not overwrite files when uploading.
The two critical subcommands of tftp and utftp are get and put. The put command uploads a file to a remote location, and get retrieves a file from a remote location.
To copy files from a source location, users must have read permission to that directory and file. Users must have the write permission to upload files to a destination repository location.
For example, to retrieve a file named config.file from a remote server named server01, type the following:
tftp server01 get config.file
Subcommands, such as status and verbose, might be helpful when confirming TFTP services. Check the documentation or man page for other choices.
Command | Description |
put | Upload a file |
get | Download a file |
status | Show the TFTP status |
-v | Turn on verbose mode |
-i | Specify an image type, such as ASCII or binary |
TFTP is more limited than FTP. It does not allow users to list, rename or delete files on the remote system. Recall TFTP's function: It mainly exists as a quick way to transfer files, often in an automated or scripted manner.
You can experiment with TFTP using any two lab computers you might have, whether physical or virtual. Do you have an extra Raspberry Pi device? Consider configuring it as a central storage server and transferring files using TFTP. Use the above configuration instructions for Linux to configure the Raspberry Pi device for TFTP.
Secure TFTP
TFTP does not offer any real security, especially in the context of today's zero-trust environments. Still, it might be appropriate in some situations. You can use TFTP over Secure Shell tunnels or other secured connections, such as VPNs. These security measures exist independently of TFTP and should be effective. If a security policy requires secure protocols, you might need to use SFTP or HTTPS instead.
The primary access control method within TFTP is the /etc/tftpaccess.ctl file. This file explicitly lists allowed or denied directories accessible by the TFTP service. The file itself should have 644 permissions to prevent unauthorized changes.
Wrap-up
TFTP is situational; it's not appropriate for every file transfer scenario. Users likely encounter it when managing network device configuration files or with system image deployments. It is quick, easy and effective. But, because it doesn't include authentication or file management features, it is less functional than FTP.
TFTP services are easy to set up on Windows and Linux, and macOS ships with a preconfigured TFTP service. It's also simple to add the client software to systems that don't already have it. Begin using TFTP now if you support remote deployments, diskless systems or network devices.
Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial and CompTIA Blogs.