Lab – analyzing TFTP packets
In this hands-on lab, you will explore how TFTP packets learn to reconstruct data and extract files from captured TFTP packets on a network. To get started with this exercise, follow these steps:
- Go to https://wiki.wireshark.org/SampleCaptures and download the
tftp_rrq.pcap
file, as shown here:
Figure 6.47 – TFTP packet capture file
- Next, open the
tftp_rrq.pcap
file using Wireshark to view all the packets:
Figure 6.48 – TFTP packets
As shown in the preceding screenshot, packet #1 is a Read Request message from the client to the TFTP server on the network and it’s requesting the rfc1350.txt
file. Next, the file is transferred in multiple data blocks from the server at 192.168.0.10
to the client at 192.168.0.253
over the network.
- Within a total of 99 packets, the entire text file is transferred from the server to the client. To view the entire
rfc1350...