Problems with broadcast TFTP requests

[hailandnammer]

We've got a TFTP server running on a win2k box here at work and winxp/win2k/linux clients requesting a binary file. Seems the linux client's requests are ignored by the TFTP server; using a packet sniffer the request is received at the server's NIC but is never serviced by the TFTP software. Looking at the packet received, the IP/MAC of the client and the IP of the server are provided, but the MAC of the server is set to the broadcast MAC of FF:FF:FF:FF:FF:FF. The windows clients seem to send out an ARP request before teh TFTP request so the server's MAC is resolved first. I can't modify the way the TFTP request is sent out from the Linux box, unfortunately that is one of the restrictions. If I replace the win2k server box with a Linux box, all is fine and dandy. But does anybody know a way for windows to receive and recognize UDP broadcast mac requests? I don't know much about windows networking and pretty much nothing about Linux, but any help would be great.

 

[Nothinman]

You said that the packet is indeed received by the Windows server but that the tftp software ignores it so it seems like the tftp software is at fault and not Windows itself.

 

[spidey07]

What is exactly in the first packet from the linux box?

Is it a bootstrap or dhcp packet looking for the ADDRESS of the dhcp server?

 

[hailandnammer]

Originally posted by: spidey07
What is exactly in the first packet from the linux box?

Is it a bootstrap or dhcp packet looking for the ADDRESS of the dhcp server?

The single packet is just a TFTP request (both the server and the client are set to static IP's); in the TFTP request is the source (client's) static IP address and defined MAC address, and the destionation (server's) static IP address. The server's MAC address is unknown to the client so it is shown in the packet as the broadcast MAC FF:FF:FF:FF:FF:FF. I'm not familar with the packet structure of bootstrap or dhcp packets. The request is just a UDP packet of 47 bytes requesting for the binary image filename in octet form.

 

[spidey07]

Originally posted by: hailandnammer

Originally posted by: spidey07
What is exactly in the first packet from the linux box?

Is it a bootstrap or dhcp packet looking for the ADDRESS of the dhcp server?

The single packet is just a TFTP request (both the server and the client are set to static IP's); in the TFTP request is the source (client's) static IP address and defined MAC address, and the destionation (server's) static IP address. The server's MAC address is unknown to the client so it is shown in the packet as the broadcast MAC FF:FF:FF:FF:FF:FF. I'm not familar with the packet structure of bootstrap or dhcp packets. The request is just a UDP packet of 47 bytes requesting for the binary image filename in octet form.

See if you can find the RFCs on TFTP. This sounds like microsoft not adhering to standards...not that they ever do.

Just make sure that this first packet is not a bootp/dhcp packet. udp 47 sounds awefully familiar, check protocol that is.

eitherway this is not expected behavior by the client or the server AFAIK. TFTP is a layer 7 protocol that depends on other layers (specifically layer3/4) and the setup of those layers is not complete if it is broadcasting at layer2/3.