Start Trial
Glossary / T / Trivial file transfer protocol (TFTP)

Trivial file transfer protocol (TFTP)

Trivial file transfer protocol (TFTP) is a basic protocol designed to operate in low-memory and low-processing-power environments. It is most often used in controlled environments like local networks, where small files such as device firmware, configuration files or boot images need to be transferred without requiring a complex setup. It is also commonly embedded into network devices, such as routers and switches, to facilitate firmware updates or system recovery.

Operating over UDP on port 69, TFTP provides minimal features compared to a more robust protocol such as FTP or SFTP. It supports only read and write operations, lacks directory listing capabilities and does not offer authentication or encryption. Because it uses UDP, it also lacks the reliability guarantees built into TCP, such as retransmission and packet ordering.

How TFTP works

TFTP runs in a client‑server model using UDP as its transport. 

Each transfer starts with a request to read or write one file. The peers then swap data packets. Each packet waits for a matching acknowledgment. The protocol relies on a simple timer for this acknowledgement, it and repeats a packet if the timer expires.

TFTP also:

  • Performs two actions only: read or write a remote file
  • Relies on preset server permissions; no authentication mechanism exists
  • Sends 512‑byte blocks
  • Starts on UDP port 69; it then moves data through an ephemeral port

Key features of TFTP

TFTP is defined by its minimal feature set, which makes it lightweight and easy to implement in resource-constrained environments. While this simplicity limits its use in secure file transfer systems, it does offer a few technical advantages for specific low-risk scenarios.

Other core features of TFTP include:

  • 16-bit block numbering that limits file size and transfer capabilities 
  • Extremely basic error handling through acknowledgment timeouts and retries
  • No built-in user authentication, encryption or access control mechanisms
  • Support for only two commands: read and write
  • Uses UDP for transport, which reduces overhead and simplifies communication

Common TFTP use cases

TFTP is used in specific technical scenarios where simplicity and minimal configuration are more important than security or advanced control. These environments are usually contained within secure networks or managed infrastructure where other safeguards are already in place.

Here are five common use cases for TFTP:

  • Backing up or restoring configuration files on network appliances
  • Booting diskless workstations via PXE
  • Loading software images during system recovery or initial provisioning
  • Supporting basic file distribution in embedded systems with limited storage
  • Transferring firmware updates to routers, switches or embedded devices

TFTP security considerations

TFTP lacks security by design. It should not be used for tasks that require data confidentiality, integrity or access controls. 

Here are five security issues TFTP encounters when being used outside its core function:

  • No encryption; everyone on the path can read the data
  • No file integrity check; corrupt or hostile content can slip through
  • No user authentication; any device that reaches the server may start a transfer
  • Limited logging and audit capabilities 
  • Subject to spoofing and tampering due to its use of UDP and the absence of session controls

Trivial file transfer protocol FAQs

What is the difference between FTP and TFTP?

Both protocols move files across networks, but the file transfer protocol (FTP) was designed to provide users with more command flexibility. FTP runs on TCP. When combined with FTPS, it allows user logins, directory changes, file listings and encrypted sessions. As a result, FTP suits enterprise workflows and MFT platforms. It gives IT administrators control, reliability and security features. 

TFTP relies on UDP. It has no authentication and allows only simple read or write commands. It offers no browsing or encryption. As a result, TFTP fits closed or trusted networks. Typical uses in this case include pushing firmware to switches or starting diskless clients.

What does the trivial file transfer protocol do?

TFTP is a lightweight protocol that lets devices move files across a network using very little memory, bandwidth or data. IT administrators keep TFTP inside trusted networks where low overhead matters more than other factors. Typical tasks include loading firmware into routers, copying configuration files or starting diskless machines. Organizations avoid using TFTP on public networks because it cannot protect sensitive data.

What are the weaknesses of TFTP?

TFTP has several limitations that restrict its use to specific environments. It does not support authentication, which means any device with access to the server can initiate a file transfer. It also lacks encryption and makes all data readable during transit. These gaps present security risks when used outside of isolated or trusted networks.

The protocol supports only simple read or write actions. It cannot browse directories or manage other files. TFTP uses UDP without delivery guarantees or strict ordering. It relies on basic retransmissions for error control. These limits make it a poor choice for secure or reliable production transfers.

Keep file transfers lean and fast

Find out when fast, no-frill file transfers work best for firmware and more.
Blog

Every file transfer protocol: Explained

Read Blog
Blog

Evaluating methods to securely transfer Cisco firmware updates

Read Blog
Blog

Best file transfer method for CUCM backups and firmware updates

Read Blog
Blog

The next step in secure, scalable file transfers

Read Blog

Start a 25-day free trial

Try Cerberus Enterprise Edition for free

  • 25-Day Free Trial
  • Installs in minutes
  • No credit card required
Start Trial Now