Internet Message Access Protocol (IMAP)

This protocol is widely use to manage e-Mail at a mail server and receive e-Mail from it.

An alternative to receive mail is the former POP protocol, which doesn't allow to manage the mails on the server.

Sending mail to a server - on the other hand - is done using SMTP.

History

The "former" POP protocol offers less features, but both IMAP and POP protocols are still widely used today.

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The IMAP dissector is fully functional (is this true?).

Preference Settings

There are no IMAP specific preference settings.

Example capture file

imap.cap (libpcap) A short IMAP session using Mutt against an MSX server.

File: imap-ssl.pcapng (10 KB, from https://git.lekensteyn.nl/peter/wireshark-notes/commit/tls/imap-ssl.pcapng?id=1123e936365c89d43e9f210872778d81223af36d, SSL keys in capture file comments)

Display Filter

A complete list of IMAP display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter IMAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

Discussion

IMAP (last edited 2020-06-11 14:54:24 by nathanr)