(01-19-2026, 03:34 PM)Dany40 Wrote: Thank you; here I am sending you the WhireShark log.
Why did you export it as a CSV file and not as a PCAP file? The CSV file is completely useless as it only shows TCP packet headers but not any of the actual TCP payload data. So I can't see any of the FTP traffic.
(01-19-2026, 07:27 PM)Dany40 Wrote: Sorry, I think this one is much better log.
Thank you, yes. For future reference, forget the CSV files, and also you don't need both PCAP and PCAPNG files, just one will suffice (preferably PCAPNG).
In any case, looking at this 2nd log, the file transfer itself progressed fine (0x00 bytes and all), but at the end of the transfer when TIdFTP closed the data transfer connection, there was no FIN packet from TIdFTP to the server (well, the log shows the packet, but says "previous segment not captured"!). So, if that FIN did not actually get transmitted to the server, that would mean the server did not know the transfer was finished, which would account for the timeout when TIdFTP then tried to read the server's final response for the transfer, since the data connection was still open.
(01-22-2026, 01:16 PM)Dany40 Wrote: Hello; Let me add here a new set of log files in where we can see what happen when a FileZilla client send the same file to the same FileSilla server, so we can compare.
That 3rd log is encrypted with TLS, so the FTP traffic is not viewable, and difficult to match up the data transfers with the data commands. The TIdFTP client did not use TLS, but the FileZilla client did. At the very least, you should be able to export a plain-text command log from the FileZilla client alongside a Wireshark capture, if you don't want to disable TLS.