Netbooting Mac Links from Head Page:

Webspace Sponsored by:

In this section, I will discuss the non-standard options sent back to the Mac NC client after its request.

It makes the most sense to describe the different options being sent back to the client as if they were read from a dhcpd.conf file. Here is a sample file with an entry for one network booting Mac:

default-lease-time 600;
max-lease-time 7200;
option subnet-mask;
option broadcast-address;
option routers;
option domain-name "";
option domain-name-servers,,;
allow bootp;
subnet netmask
host mac-nc01 {
hardware ethernet 0:50:e4:59:2e:43;
filename "/private/tftpboot/Mac OS ROM";
server-name "";
#Likely Server Version Information: found to be 0:0:0:0 from sniffer.
option option-230 0:0:0:0;
#Username used to authenticate against the AFP/IP Server
option option-232 "Mac NC #1";
#Machine name to call the client, also would be used in 238 for dir
# with specialized settings for this client's booting hard disk.
option option-237 "Mac NC #1";
#Password for use with the Username above when authenticating against
# AFP/IP server for 3 images in 234, 235, and 238
option option-233 "PassWooD";
#Used to grab initial BOOT HD Image from server over AFP/IP for mounting
option option-234 ac:11:0:9:2:24:a:4D:61:63:20:48:44:5F:4E:42:53:0:0:0:0:
#Used to grab Applications HD Image from server over AFP/IP for mounting
option option-235 ac:11:0:9:2:24:a:4D:61:63:20:48:44:5F:4E:42:53:0:0:0:0:
#Used to grab Special Client HD Image from server over AFP/IP for
# mounting
option option-238 ac:11:0:9:2:24:a:4D:61:63:20:48:44:5F:4E:42:53:0:0:0:0:
  1. default-lease-time 600; specifies that a client shall have its IP address for 600 seconds (10 minutes) by default before assuming it has timed out. See the man pages for dhcpd.conf for more information.
  2. max-lease-time 7200; specifies that a client shall have its IP address for a maximum of 7200 seconds (120 minutes/2 hours) before assuming it has timed out. See the man pages for dhcpd.conf for more information.
  3. option subnet-mask; specifies the subnet mask that the client will be using when it configures its own TCP/IP information. In this case, this specifies that the network will be a class B type of network (ignoring CIDR for now) where I control the last 2 octets of any IP address for any machine on my subnet. Any IP address reference on the network that has any part of the first two octets that is different than the IP address I am assigned will cause me to contact the router on my network to continue delivery.
  4. option broadcast-address; specifies the broadcast address for my subnet. In this case I will be using the reserved network as specified by rfc1918.txt. Since my subnet mask is, and this states I am controlling the last two octets, the first two octets are static, and remain. The max IP value for my subnet is equal to my broadcast address. (I am using to where the very first, and very last addresses are reserved for special broadcasts for all network devices on the same subnet.)
  5. option routers; specifies what machine (by IP address) will deal with IP packets that have destinations that are not on my subnet. In this case, and packet with a destination that starts as "172.17." will be on my subnet. If it starts with anything different, then the router will be needed to deal with routing the packet to the proper destination.
  6. option domain-name ""; specifies the domain name to be appended for looking up host names. This is used to complete the name for hosts that are being looked up. An example for its use: while in Netscape, if I type "www" as my location, my machine will first look for www, then, then Netscape would do its own thing and convert www into If any one of those lookups succeed, then the remaining checks are short circuited, and not performed.
  7. option domain-name-servers,,; tells the client what DNS are willing to offer it Domain Name to IP address translation. These servers convert names like, "" into IP addresses used by TCP/IP like, "" for you to browse their web site.
  8. allow bootp; is normally set by default. This just means that the server will offer responses to clients that send bootp requests.
  9. host mac-nc01 is a unique identifier used by dhcpd to maintain unique settings for each client. It may be the DNS value for the IP address being given, or something you make up on your own, just so long as it is unique, and does not use characters that are unacceptable. (For example unprintable characters, or tabs and spaces...)
  10. hardware ethernet 0:50:e4:59:2e:43; is the hardware address that the DHCP server is looking for so that it can offer it a DHCP response. These are supposed to be unique, and burned into the NICs at the factories. To find one on a Mac OS 7.6.1 System or later, go to the Control Panels folder and choose the TCP/IP control panel. After it opens, do a Get Info which may be in the File pull down menu. There should be 6 hexadecimal values for an Ethernet hardware address, and for dhcpd.conf, they should be colon delimited.
  11. fixed-address; tells the client that it will be using as its IP address on this subnet.
  12. filename "/private/tftpboot/Mac OS ROM"; tells the client it will need to connect up to a TFTP (Trivial File Transfer Protocol) server to get a file called "Mac OS ROM" located in a directory and subdirectory of "/private/tftpboot/". This file contains the Boot ROM information necessary for the mac NC to mount up images over AFPFS/IP.
  13. server-name ""; tells the client the IP address of the server from which it is booting.
  14. next-server; tells the client what the TFTP server's IP address is so that it can act upon the "filename" specified above.
  15. option option-230 0:0:0:0; The purpose of this is unknown to me as of present. I have a theory that it may be a server version number, and may be returned to the client in the options described below immediately after the volume name.
  16. option option-232 "Mac NC #1"; specifies the username to use for authentication with the AFPFS/IP file server to get its images for mounting.
  17. option option-237 "Mac NC #1"; specifies the directory name from which to grab its own writable image file for keeping track of things like preferences that may change.
  18. option option-233 "PassWooD"; specifies the password to use (in plain text) when connecting to the AFPFS/IP file server and using the above username for authentication. (Mac OS X appears to use a One Time Password.)
  19. option option-234 contains many things to tell the client where to get an initial boot network disk image for booting.
    1. ac:11:0:9 IP Address of the AFPFS/IP file server that holds the images that this option needs. In this case, the decimal values would offer and IP address of ""
    2. 2:24 Harry Johnston found the purpose and meaning of this. (I incorrectly thought it might have been an escape sequence or field separator, but his suggestion seem much more logical. :-) It is the Hexadecimal value of the port for AppleShare over IP. (0x0224: 2*512 + 2*16 + 4 = 548d)
    3. a appears to be the total number of characters to be read by the client that follow this value to use as the volume name from which to find images from the AFPFS/IP file server. In this case, a value of 10 in decimal,which is exactly how many bytes long the next item is shown to be:
    4. 4D:61:63:20:48:44:5F:4E:42:53 specifies the volume name being shared on the AFPFS/IP file server that holds images required by the client for net booting. In this case, the ASCII string would become "Mac HD_NBS"
    5. 0:0:0:0 has an unknown purpose. Guesses: This string is returned to the client based on the option-220 field it offers. If it sends a "0:0:0:0" during it's boot, then maybe the server is supposed to send this back too. I am accepting suggestions for what this is, and what purpose it serves. If it is the 220 field, then it may be a versioning scheme.
    6. 1b or 20 or 27 appears to be the number of bytes left after this byte to the end of the option. For 234 it is hex 1b which is decimal 27. For 235 it is hex 20 which is decimal 32. For 238 it is 27 which is decimal 39.
    7. 1b:53:68:61:72:65:64:49:6D:61:67:65:73 specifies the folder that contains an image that is desired. In this case, this maps out the the ASCII value of "SharedImages"
    8. 0 The null is a directory/filename separator. For each null, a "/" may be substituted on the *NIX file system. It is a delimiter to tell the client where this part ends, so that it can be prepared for reading in the next part.
    9. 4E:65:74:42:6F:6F:74:20:48:44:2E:69:6D:67 appears to be the name of the very first image to be mounted that will allow the mac to boot itself up. This image is on the server as a read-only file. If it is indeed mounted initially, then it is replaced with the image in option 238 listed below so that the user may say preferences. This maps out to an ASCII string of "NetBoot HD.img"
  20. option option-235 contains many things to tell the client where to get an Application network disk image for booting.
  21. option option-238 contains many things to tell the client where to get a writable (by this client) boot disk image for keeping preferences between boots.

[Designed for use with LYNX!]

[Simple Network Analysis for Mac OS X Net Boot Server]
[ DHCP v 2.0 ]

Main Links From Head Page:

Comments and/or suggestions?: Email me at: that I am very busy, and may not have time to respond to all E-mail messages. If you include NETBOOT MACNC (all Caps) as beginning it is more likely to get my attention... ;-)
DISCLAIMER:With the understandings for the use of a tool comes the responsibility in knowing how to use it without causing damage or harm. A tool can be used for good or evil, and you are responsible for your choice and the consequences of that choice in the use of any tool at your disposal.
I do not claim this to be free of bugs or defects, and you use this at your own risk.
I take no responsibility for any user's actions or inactions in following or not following any part or whole of any suggestions found on this page. If any user finds a loss of data, destruction of hardware, Alien Cattle mutilations, sightings of Elvis (ghost or body), loss of sanity, loss of insanity, worldly possessions, or non-worldly possessions as a result of following in part, or in whole any of the preceding or proceeding information, they assume any risks or responsibilities in whole for their decision(s). So, if you break something with one of your decisions that was in part or whole derived from information on this page, do not blame me or find me responsible or accountable for it in any way.
There should be no charge requested from me to you for this information, and so if you decide that you want any money back for deciding later that you did not really want this information after all, you will need to take that up with the person that charged you money. I will not offer you any compensation for your purchase since I was never compensated by you.`
It should be restated that *you* take all of the risks, and assume all of the responsibility for following, in part or in whole any information obtained from this document. I do not care if your dog continuously barks at you, or the sky becomes too blue, or nuclear war breaks out as a result of you following any of this information. It will all be your fault since you assume all of the risks, so neeener, neeener-neeeener. :-P
(C)1999,2000,2001,2002,2003,2004 By Michael Egan extended to all works not explicitly credited to other people within these documents. Permission to duplicate content on these pages not explicitly credited to others is granted so long as you give me credit for the work I have contributed and links are provided to refer to this original site if it is still available. I cannot extend permission to you to re-re-publish quoted words from people who have submitted solutions, posed questions or added clarification. If you wish to use their content, you should contact each person for permission to re-re-publish their included comments. (I have retained their permission, but never asked to extend it for others.)
(C)1999,2000,2001,2002,2003,2004 By respective noted authors/admins for included questions or answers. Permission to publish their comments granted to me for this website. I cannot grant permission for you to duplicate their work as I am not in control of any copyrights they may retain. (I expect, most would be fine with allowing their content to be republished, but I cannot speak for them.)
Apple Computers is a registered trademark of Apple computers.
Macintosh OS X, Macintosh OS 8, Mac OS X, Mac OS 8, Mac OS 9 All refer to Operating Systems created and controlled by Apple Computers. (No disk image files for net booting, or other proprietary programs legally controlled by Apple are available for download from this collection of pages made by me. No links are knowingly created on these pages that direct users to other pages that offer copyrighted software being distributed illegally. If you find a link on pages with this diclaimer that take you to a site that offers software that is illegally offered, feel free to let me know so that I may update my links to not include them.)
Other mentioned systems and products may be owned, patented, copyrighted, trademarked, or in some way legally controlled by their respective owners.
This information is provided with intent to inform users of protocols, procedures used in Net Booting a Macintosh Client, and solutions to the problems defined in this document.
If you have complaint about content provided, and wish to have trademark, copyright, patent, or other legal information explicitly provided here where a product you produce is listed, or have other complaints about this that may be legal, let me know before calling your lawyer: I am flexible.