MAC TFTP Software (OS X )

Mac TFTP KB ID 0001247

Problem

Every time I go to a networking event theres a sea of MacBooks in the audience, If techs like MacBooks so much why is there such a lack of decent Mac TFTP software?

Solution

The thing is, I’m looking at the problem with my ‘Windows User’ head on. When I have a task to perform I’m geared towards looking for a program do do that for me. OS X is Linux (There I said it!) Linux in a pretty dress, I’ll grant you, but scratch the surface a little bit and there it is.

Why is that important? Well your already holding a running TFTP server on your hand, your MAC is already running a TFTP server, you just need to learn how to use it.

MAC TFTP Server (OS X Native)

As I said it’s probably running anyway, but to check, open a Terminal window and issue the following command;

[box]netstat -atp UDP | grep tftp[/box]

If it’s not running you can manually start and stop the TFTP server with the following commands;

[box]Start TFTP

sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist

Stop TFTP

sudo launchctl unload -F /System/Library/LaunchDaemons/tftp.plist[/box]

Note: In macOS Catalina, it’s disabled by default, so if you don’t manually start it, you will see errors like;

[box]

%Error reading tftp://192.168.1.20/cisco-ftd-fp1k.6.6.0-90.SPA (Timed out attempting to connect)
[/box]

It would normally go without saying, but If I don’t say it, the post will fill up with comments! Make sure your Mac is physically connected to the same network as the network device, and has an IP address in the same range.

And make sure the device, and the Mac can ‘ping’ each other.

Use Mac TFTP Deamon To Copy a File To a Network Device

I’ve got a Cisco ASA 5505, but whatever the device is, does not really matter. You will have a file that you have downloaded, and you want to ‘send’ that file to a device. This file will probably be in your ‘downloads’ folder, the TFTP deamon uses the /private/tftpboot folder so we are going to copy the file there. Then set the correct permissions on the file.

[box]

cd ~/Downloads
cp FILENAME /private/tftpboot
cd /private/tftpboot
chmod 766 FILENAME

[/box]

Note: You can also use;

sudo chmod 777 /private/tftpboot
sudo chmod 777 /private/tftpboot/*

To set permissions on ALL files in this directory.

You can then execute the command on your device to copy the file across;

[box]

ciscoasa# copy tftp flash

Address or name of remote host []? 192.168.1.5

Source filename []? asa825-59-k8.bin

Destination filename [asa825-59-k8.bin]? {Enter}

Accessing tftp://192.168.1.5/asa825-59-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa825-59-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
15482880 bytes copied in 12.460 secs (1290240 bytes/sec)
ciscoasa#

[/box]

Use Mac TFTP Deamon To Copy a File From a Network Device

There is a gotcha with the TFTP daemon, which is you cant copy a file to the TFTP daemon if that file does not already exist there.  Which at first glance sort of defeats the object, but what it really means id you have to have a file there with the same name and the correct permissions on it. In Linux you can create a file with the ‘Touch’ command.

[box]

cd /private/tftpboot
touch FILENAME
chmod 766 FILENAME

[/box]

You can then sent the file to your Mac from the device;

[box]

ciscoasa# copy flash tftp

Source filename []? asa825-59-k8.bin

Address or name of remote host []? 192.168.1.5

Destination filename [asa825-59-k8.bin]? {Enter}

Writing file tftp://192.168.1.5/asa825-59-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
15482880 bytes copied in 9.940 secs (1720320 bytes/sec)
ciscoasa#

[/box]

I Want Mac OS X TFTP Software!

Well you have a limited choice, if you don’t like using the Mac TFTP Daemon. You can install and use a GUI front end that uses the built in TFTP software. 

But if you want a ‘stand-alone’ piece of software then the only other one I’ve found is PumpKIN, you will need to disable the built in TFTP daemon or it will throw an error.

Related Articles, References, Credits, or External Links

FortiGate TFTP : Backup To & Restore From

Backup and Restore Cisco IOS (Switches and Routers)

Backup and Restore a Cisco Firewall

CentOS – Install and Configure a TFTP Server

CentOS – Install and Configure a TFTP Server

KB ID 0000998

Problem

I needed to back up a Cisco firewall, and perform an upgrade remotely, despite my best efforts to use the ASDM and update via http, I had to go ‘old school’ and bring up a TFTP server on one of my CentOS Linux servers.

Solution

1. Log onto the server and install the xinetd TFTP Server. Execute the following command and follow the on-screen prompts.

[box]Using username “root”.
Last login: Thu Aug 7 17:58:10 2014 from midd-8.cable.virginm.net
[root@Web-Test ~]# yum install tftp tftp-server xinetd[/box]

2. Now you need to edit the config file, here I’m using nano, but you could use vi as well.

[box][root@Web-Test ~]# nano /etc/xinetd.d/tftp[/box]

3. When you open the file it will look like this;

[box]

# default: off
# description: The tftp server serves files using the trivial file transfer
#       protocol.  The tftp protocol is often used to boot diskless
#       workstations, download configuration files to network-aware printers,
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /var/lib/tftpboot
        disable                 = yes
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}  

[/box]

4. Edit the file and save it, so it looks like this;

[box]

# default: off
# description: The tftp server serves files using the trivial file transfer
#       protocol.  The tftp protocol is often used to boot diskless
#       workstations, download configuration files to network-aware printers,
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -c -s /var/lib/tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

[/box]

5. Set the permissions on the tftp folder.

[box][root@Web-Test ~]# chmod 777 /var/lib/tftpboot[/box]

Note: if you run SELinux you may also need to execute the following command, ‘setsebool -P tftp_anon_write 1‘.

WARNINIG: This enables anonymous access on the TFTP root folder, if your server is public facing and not firewalled, then I would suggest you do what I do, (stop and start the service manually, and only open the firewall for TFTP when you need to use it – see below).

6. If you use iptables as a firewall, you will need to open the TFTP port (UDP Port 69).

[box][root@Web-Test ~]# iptables -I INPUT -p udp –dport 69 -j ACCEPT[/box]

7. Start the xinetd service.

[box][root@Web-Test ~]# /etc/init.d/xinetd start
Starting xinetd:[ OK ][/box]

8. If you want the service to always be running, (see my warning above) then use the following command.

[box][root@Web-Test ~]# chkconfig xinetd on[/box]

9. Let’s give it a test, from my Cisco device lets see if I can backup the config to this server.

[box]

Petes-ASA# copy run tftp

Source filename [running-config]?

Address or name of remote host []? 123.123.123.123

Destination filename [running-config]?
Cryptochecksum: 9d4006ed 0bb1d39c fe61da22 91222a76
!!!
9284 bytes copied in 2.130 secs (4642 bytes/sec)
Petes-ASA#

[/box]

10. I could SSH into the server and change to the /var/lib/tftpboot directory and see the file. But I’ve got WinSCP installed so I can view the backup with that.

11. Let’s see if we can copy a file off the TFTP server back to the firewall.

[box]

Petes-ASA# copy tftp flash

Address or name of remote host []? 123.123.123.123

Source filename []? asa915-k8.bin

Destination filename [asa915-k8.bin]?

Accessing tftp://123.123.123.123/asa915k8.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa915-k8.bin…
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
27113472 bytes copied in 845.110 secs (32086 bytes/sec)
Petes-ASA#

[/box]

12. Now unless you are leaving xinetd running lets turn it off.

[box][root@Web-Test ~]# /etc/init.d/xinetd stop
Stopping xinetd: [ OK ][/box]

13. If you are running iptables and have opened the TFTP port I like to close that as well.

Note: It its possible to see that that port is open even if there is no service running on it, that’s why I close it down.

[box][root@Web-Test ~]# iptables -D INPUT -p udp –dport 69 -j ACCEPT[/box]

Related Articles, References, Credits, or External Links

NA