imap - extracts information exchanged in IMAP sessions
A stream containing a field of packet type.
A record each time an IMAP command and a corresponding response have been paired.
The tool listens for IMAP handshakes on a given port and if one is found, starts extracting from the TCP session. Each time a command has been paired with a response an output record will be generated.
Controls the port on which IMAP traffic is detected. The most common value (and the default) is 143, but in some scenarios, IMAP traffic may be exchanged on non-standard ports.
Controls which parts of IMAP messages are extracted. Setting it to Ignore ensures that no part of sent messages is extracted. Header specifies that the header of messages is to be extracted, and Full message specifies that the full messages including the header will be extracted.
If this option is enabled, IMAP account passwords will be extracted.