Ethereal-users: Re: [Ethereal-users] Problem in viewing IMAP Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sat, 29 Jan 2005 02:54:48 -0800
Sudhakar Godithi wrote:
I am not able view the packets properly. It is displaying hexadecimal values directly instead of command names.
Are you certain that the packets in question really *are* IMAP packets? The standard TCP port for IMAP is 143, but the selected packet is going between ports 8600 and 2111.
The fact that the first byte of many of those TCP segments is 5 makes me suspicious that it might be MAPI traffic, not IMAP traffic. MAPI isn't IMAP, even though they use the same four letters :-); MAPI is a DCE RPC-based protocol (the first byte of a connection-oriented DCE RPC call is 5, which is the major version number of the connection-oriented DCE RPC protocol, and the second byte is probably 0 or 1, which is the minor version).
Presumably you explicitly asked Ethereal to dissect that traffic as IMAP. What happens if you *don't* ask it to do so? Does it dissect it as DCE RPC traffic? If so, then that's probably what it is, and, as it's *NOT* IMAP traffic, there isn't a way to view it as IMAP traffic.