Ask Your Question

MAPI filter and dissector documentation?

asked 2022-04-05 03:25:56 +0000

D157 gravatar image

When capturing, the protocol is shown as "MAPI" for some traffic. Does that mean that there is a MAPI dissector, or MAPI filter, or is the labeling a feature of the parent protocol (DCE/RPC)?

There was only a stub about MAPI in the Wiki, but I see many many fields in the MAPI filter. Is there any place in the wiki, or on the web, where the filter is documented?

And ... please explain to me, as if I was a child, where to find the MAPI filter (and dissector?) in the git file hierarchy?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-04-05 07:35:12 +0000

grahamb gravatar image

MAPI is the Microsoft Messaging API used for communication between mail clients and Exchange servers and is an MS RPC protocol so based on DCE/RPC.

As Wireshark has a dissector for MAPI, that dissector adds the "MAPI" entry to the protocol column. The dissector adds many display filter fields and these can be seen in the appropriate part of the Wireshark Display Filter Reference.

The source for the dissector can be found in the Wireshark GitLab Repository here. Like other DCE/RPC dissectors the dissector code is generated using PIDL from the protocol IDL file and a dissector specific interface configuration file.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2022-04-05 03:25:56 +0000

Seen: 175 times

Last updated: Apr 05 '22