This protocol is widely use to manage e-Mail at a mail server and receive e-Mail from it.
An alternative to receive mail is the former POP protocol, which doesn't allow to manage the mails on the server.
Sending mail to a server - on the other hand - is done using SMTP.
The "former" POP protocol offers less features, but both IMAP and POP protocols are still widely used today.
IMAP uses MIME_multipart to transfer attachments.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The IMAP dissector is fully functional (is this true?).
There are no IMAP specific preference settings.
imap.cap (libpcap) A short IMAP session using Mutt against an MSX server.
File: imap-ssl.pcapng (10 KB, from https://git.lekensteyn.nl/peter/wireshark-notes/commit/tls/imap-ssl.pcapng?id=1123e936365c89d43e9f210872778d81223af36d, SSL keys in capture file comments)
A complete list of IMAP display filter fields can be found in the display filter reference
Show only the IMAP based traffic:
You cannot directly filter IMAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
RFC 2060 INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1 (obsolete)
RFC 3501 INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1
RFC 3502 Internet Message Access Protocol (IMAP) - MULTIAPPEND Extension
RFC 3503 Message Disposition Notification (MDN) profile for Internet Message Access Protocol (IMAP)
Imported from https://wiki.wireshark.org/IMAP on 2020-08-11 23:15:05 UTC