Internet Message Access Protocol (IMAP)
This protocol is widely use to manage e-Mail at a mail server and receive e-Mail from it.
An alternative to receive mail is the former POP protocol, which doesn't allow to manage the mails on the server.
Sending mail to a server - on the other hand - is done using SMTP.
The "former" POP protocol offers less features, but both IMAP and POP protocols are still widely used today.
IMAP uses MIME_multipart to transfer attachments.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The IMAP dissector is fully functional (is this true?).
There are no IMAP specific preference settings.
Example capture file
imap.cap (libpcap) A short IMAP session using Mutt against an MSX server.
File: imap-ssl.pcapng (10 KB, from https://git.lekensteyn.nl/peter/wireshark-notes/commit/tls/imap-ssl.pcapng?id=1123e936365c89d43e9f210872778d81223af36d, SSL keys in capture file comments)
A complete list of IMAP display filter fields can be found in the display filter reference
Show only the IMAP based traffic:
You cannot directly filter IMAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
RFC 2060 INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1 (obsolete)
RFC 3501 INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1
RFC 3502 Internet Message Access Protocol (IMAP) - MULTIAPPEND Extension
RFC 3503 Message Disposition Notification (MDN) profile for Internet Message Access Protocol (IMAP)