My TFTP client only seems to be getting responses from the TFTP server to its RRQ (download requests) if I watch the traffic in wireshark.
If I shut down wireshark (running on the TFTP server), the server does not respond to the RRQs from the client.
I cannot verify whether the RRQs are reaching the TFTP server or what (I'm just using Tftp32d), but I see the RRQ packets in wireshark...
So, what is different from the perspective of the TFTP server when I'm observing the transfer in wireshark?
When you're running wireshark, the NIC will be running in promiscuous mode, meaning all network packet will be received, even if it's not addressed to your NIC mac address.
My suggestion would be to isolate your TFTP server and TFTP client in an individual LAN setup to test it out. My guess would be that there might be another server running in the same network segment, with possible same IP address that received your TFTP client RRQ request preemptively, but not doing anything with it.
When you run wireshark, all packet is received on the TFTP server, and therefore it was able to do a response to client request packet, it wouldn't have received the packet if it's not running in promiscuous mode.
p.s.: I can't add comment to the original post, that's why I am posting it here.
I had the same problem and wanted to share my experience. Promiscuous mode allows client RRQ packets with protocol problems to reach the destination (TFTP server). In my case there was a problem in ARP and the Ethernet header of the RRQ was using all zero's for the destination MAC. With promiscuous mode on, the packets were being received by the TFTP server, but when turned off the packets were dropped because the MAC did not match.
