It this passive or active FTP mode?
Using 4.3.5 on Win 2008 Server R2. File transfers are unusually slow. With Wireshark sniffer we see packets using tcp ports 5001 and 5011 in-between the ftp-data packets on the wire. In the past these were associated with a trojan or backdoor. We have a vendor that set this up - could use of these port numnbers be customized port numbers? Or something we should be concerned about?
5001 [commplex-link] Back Door Setup, Sockets des Troie
5011 [telelpathattack] One of the Last Trojans - OOTLT, One of the Last Trojans - OOTLT, modified
On a gig link each 3000 byte chunk of data takes about 45ms to transfer where 5001 and 5011 are doing ACKS between chunks.