What is Port 69?

by Colin Cohen | Published on October 20, 2023

Assigned to TCP port 69, Trivial File Transfer Protocol (TFTP) lets you read and write files to or from a remote host. Its primary use is booting nodes from a local area network (LAN).


Trivial File Transfer Protocol Explained

Specified through RFC 1350, Trivial File Transfer Protocol (TFTP) has a simple design and requires little memory. It also has limited functionality. You can only use it to read or write a file. You cannot use it to rename, delete, or even list files. Nor does it provide any form of user authentication or encryption.

RELATED: 12 Important Protocols Every Aspiring Network Pro Should Learn

What Devices Use TFTP Port 69?

Because of TFTP’s limitations, it's not likely to be used for transferring files across the Internet. Instead, you you're more likely to use it for booting devices from a LAN. Booting protocols such as BSDP and BOOTP use TFTP specifically for this. You can also use TFTP for transferring firmware files to network appliances.

How Port 69 Works

A TFTP client makes a request over dedicated port 69 to either read or write a file to or from a TFTP server. The request includes the name of the file and the transfer mode. It can also include optional transfer parameters. If the request is successful, the protocol transfers the file in blocks of 512 bytes by default, though you can alter this number through one of the transfer parameters.

There are three possible transfer modes in TFTP: 

  • Netascii: Netascii transfer mode uses an 8-bit extension of standard 7-bit ascii to transmit the data.

  • Mail: Mail transfer mode uses netascii but sends the file over email.

  • Octet: Octet transfer mode transmits the data using raw 8-bit bytes.

While you always make TFTP transfer requests over port 69, the actual data transfers happen using User Datagram Protocol (UDP) over ephemeral ports chosen randomly by the TFTP client and server.

Here's the process flow of TFTP:

  • The TFTP client sends the TFTP server a request to read or write a file over port 69, along with the file name, its transfer mode, and any transfer parameters.

  • If the TFTP server approves the request, it does one of two things. If the client makes a write request, it sends an acknowledgment packet that signals the client can begin transferring the file. If the client makes a read request, it sends the first data packet of the requested file. Either way, it sends the packets using UDP over an ephemeral port.

  • The file sender transmits to the file receiver a set of 512 byte (or the specified block size) packets, and the file receiver transmits back numbered acknowledgment packets for each of these. The file receiver knows that the transmission is complete when it receives a packet smaller than the block size. If, during the transmission of the file, its sender doesn’t receive an acknowledgment of a packet it sent from the file receiver, it resends the packet.

Configuring Port 69 Open or Closed

You can configure port 69 to allow or block TFTP transfers through your firewall settings.

Vulnerabilities and Security Concerns of TFTP

TFTP provides no means of user authentication or encryption. It also includes no inherent mechanisms for access control and transfers all data in plain text. So you should not use TFTP for transferring sensitive files or data.

DDoS Vulnerability in Port 69

You should also understand that attackers have used TFTP in DDoS attacks. This means that you should strongly consider only allowing it for trusted sources.

TFTP Port 69 Uses UDP Transport Protocol

The low overhead and simplicity of Port 69 make it an attractive choice for network communication. TFTP uses UDP to perform the actual transfer of files. The reason that it uses UDP is that, unlike TCP, UDP is connectionless. This makes it perfect for simple messaging transmissions with low overhead.

Concerns About Port Conflicts And Overlaps with Port 69

1. Are Other TFTP Servers Listening?

At times, you may run into the issue of not being able to bind port 69 to your TFTP server. This is likely because port 69 has already been bound to another application. To discover what application is bound port 69, you can run the following command from your terminal: 

 netstat -aon

The output of this command will indicate the process bound to port 69, which you will need to stop before you can properly start your TFTP server.

2. Did You Misconfigure Your TFTP Port?

You can also misconfigure your TFTP clients and server in many ways that will prevent transmissions. Common misconfigurations include:

  • Blocking port 69 in your TFTP server’s firewall

  • Blocking requests to the TFTP server from the router

  • Specifying an incorrect pathname for the file you are transferring (paths are relative to the TFTP root directory).

Differences And Similarities Between Port 69 and Port 20/21, 80/443

FTP, which uses ports 20 and 21, may seem similar to TFTP, as you use both to transfer files. But you use FTP specifically to upload and download files over the Internet. Unlike TFTP, FTP transfers files over TCP and requires authentication. You can look at TFTP as a very simplified version of FTP.

HTTP, which uses ports 80 and 443, also has similarities with TFTP, as it transfers files as well. But you generally use it to transfer web pages over TCP.

Conclusion

While TFTP has limited functionality and security, its simplicity and small memory footprint make it an ideal choice for booting devices from a LAN and making simple firmware transfers.

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522