Bootstrap Protocol

S Abhishek
4 min readJul 7, 2021
  • The term bootstrap protocol (or boot protocol) comes from the idea of lifting yourself up by your own bootstraps, something that is obviously difficult to do.
  • In other words, how does a client machine startup when it initially has neither an IP address nor an operating system?
  • BOOTP makes this difficult task possible.
  • BOOTP (Bootstrap Protocol) is the successor of RARP (Reverse ARP) and the predecessor of DHCP ( Dynamic Host Configuration Protocol ).
  • BOOTP is a TCP/IP protocol and service that allows diskless workstations to obtain their IP address, other TCP/IP configuration information, and their boot image file from a bootstrap protocol (BOOTP) server.
  • The Network Interface Card (NIC) on these diskless workstations contains a Programmable Read-Only Memory (PROM) chip containing code necessary to initialize the client.

1. Client Creates Request

  • When a BOOTP client is started, it has no IP address, so it broadcasts a message containing its MAC address onto the network.
  • This message is called a BOOTP request and it is picked up by the BOOTP server.
  • The client machine begins the procedure by creating a BOOTP request message.
  • In creating this message, it fills in the following information,
  1. It sets the message type (Op) to the value 1, for a BOOTREQUEST message.
  2. If it knows its own IP address that it plans to keep using, it specifies it in the CIAddr field. Otherwise, it fills this field with zeroes.
  3. It puts its own layer-two hardware address in the CHAddr field. This is used by the server to determine the right address and other parameters for the client.
  4. It generates a random transaction identifier and puts this in the XID field.
  5. The client may specify a particular server that it wants to send a reply to and put that into the SName field.
  6. It may also specify the name of a particular type of boot file that it wants the server to provide in the File field.
  7. The client may specific vendor-specific information if programmed to do so.

2. Client Sends Request

  • The client broadcasts the BOOTREQUEST message by transmitting it to address
  • Alternately, if it already knows the address of a BOOTP server, it may send the request unicast.

3. Server Receives Request and Processes It

  • A BOOTP server, listening on UDP port 67, receives the broadcasted request and processes it.
  • If a name of a particular server was specified and this name is different than the name of this server, the server may discard the request.
  • This is especially true if the server knows that the server the client asked for is also on the local network.
  • If no particular server is specified, or this particular server was the one the client wanted, the server will reply.

4. Server Creates Reply

  • The BOOTP server replies to the client with the following information that the client needed,
  1. The client’s IP address, subnet mask, and default gateway address.
  2. The IP address and hostname of the BOOTP server.
  3. The IP address of the server that has the boot image, which the client needs to load its operating system.
  • The server creates a reply message by copying the request message and changing several fields.
  1. It changes the message type (Op) to the value 2, for a BOOTREPLY message.
  2. It takes the client’s specified hardware address from the CHAddr field and uses it in a table lookup to find the matching IP address for this host.
  3. It then places this value into the YIAddr (Your IP address) of the reply.
  4. It processes the File field and provides the filename type the client requested, or if the field was blank, the default filename.
  5. It puts its own IP address and name in the SIAddr and SName fields.
  6. It sets any vendor-specific values in the Vend field.

5. Server Sends Reply

  • The server sends the reply, the method depending on the contents of the request,
  1. If the B (Broadcast) flag is set, this indicates that the client can’t have the reply sent unicast, so the server will broadcast it.
  2. If the CIAddr field is non-zero, the server will send the reply unicast back to that CIAddr.
  3. If the B flag is zero and the CIAddr field is also zero, the server may either use an ARP entry or broadcast.

6. Client Processes Reply

  • When the client receives this information from the BOOTP server, it configures and initializes its TCP/IP protocol stack, and then connects to the server on which the boot image is shared.
  • The client stores the information and parameters provided.

7. Client Completes Boot Process

  • The client loads the boot image and uses this information to load and start its operating system.
  • Once configured, the client proceeds to phase two of the bootstrapping process, by using a protocol such as TFTP to download its boot file containing the operating system software, using the filename the server provided.

In Short,

  • BOOTP assigns IP addresses to host with a BOOTP server.
  • BOOTP uses the UDP protocol and IP so it’s routable.
  • The BOOTP server uses a database with MAC addresses, IP addresses, etc.
  • You need to add this information yourself to the database.



S Abhishek

Data Engineer Intern @Rolls-Royce | Computer Science Undergraduate | Amrita Vishwa Vidyapeetham | Former Member of security research & CTF team — @teambi0s.