Internet Message Access Protocol (IMAP)

This protocol is widely use to manage e-Mail at a mail server and receive e-Mail from it.

An alternative to receive mail is the former POP protocol, which doesn't allow to manage the mails on the server.

Sending mail to a server - on the other hand - is done using SMTP.


The "former" POP protocol offers less features, but both IMAP and POP protocols are still widely used today.

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


The IMAP dissector is fully functional (is this true?).

Preference Settings

There are no IMAP specific preference settings.

Example capture file

imap.cap (libpcap) A short IMAP session using Mutt against an MSX server.

File: imap-ssl.pcapng (10 KB, from, SSL keys in capture file comments)

Display Filter

A complete list of IMAP display filter fields can be found in the display filter reference

Show only the IMAP based traffic:


Capture Filter

You cannot directly filter IMAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

External links


Imported from on 2020-08-11 23:15:05 UTC