[CentOS] tftp times out

Fri Dec 29 17:21:22 UTC 2006
mike.redan at bell.ca <mike.redan at bell.ca>

>> Are you seeing it timeout right away, or are there some bytes 
>> transferred, then times out?

> I am not seeing any bytes transferred.  The time out is after the
default 25 sec.

>> I take it that you have checked for errors/duplex problems on both 
>> machines (as well as selinux/iptables)? What about tcpwrappers? 
>> /etc/hosts.allow and /etc/hosts.deny are blank?

> Other than ifconfig how can I check for errors/duplex problems?  I am
not seeing any errors 
> on other services running on either box but am willing to dig further.

These commands can show you more errors:
  netstat -su
  netstat -i

> Neither box has selinux or iptables enabled. tcpwrappers is utilized
for tftp but both 
> hosts.allow & hosts.deny are empty.  When I look a /var/log/secure it
shows START: tftp 
> pid=8144 from=, which is as expected.

*scratches head*
Hmm. Weird.

> I am going to increase the logging level for tftpd and see what I get.

Good, hopefully something useful comes out of that! If you are not
getting enough info, you might want to run a traffic dump:
Run this as root on the client side:
  tcpdump -n -nn -s 1500 -X host 192.168.242.XXX

Where XXX is the last octet of the IP address of your TFTP server. That
command will show *all* traffic between the client and the server. So if
there is other traffic going between the hosts, you will see that too.
To clean that up use something like this:

  tcpdump -n -nn -s 1500 -X host 192.168.242.XXX and not port 22 and not
port 80

The above command will get rid of any SSH and web traffic. Do not try to
cut down traffic by just looking at port 69 traffic. TFTP only uses that
in the first two packets or so, after that it runs on high ports. Just
keep adding on "and not port YYY" until you have clean output. Since
TFTP traffic is all in the clear, it is fairly easy to understand.