I see the problem with the version installed with fedora 30 (wireshark 3.0.3). With fedora 27 using wshark 2.6.2 the imap frames decoded perfectly. With 3.0.3 the response for imap fetch of message bodies fails to decode as imap and shows as TCP in the "Proto" column. I downgrade back to ws 2.6.2 on fedora 30 (using RPMs from fedora 27) and it works correctly again. All imap packets are decoded and displayed correctly, including fetch responses. I also noticed that with ws 3.0.3 on fedora 30 that memory usage by ws fairly quickly went up; per "top" it would show >50%. With 2.6.2 running on f30, it hovers around 3% and doesn't ramp up quickly.
Note: I use non-standard ports for imap: 142 and 146 and have set them to "decode as" imap. The filter I use is this: imap && (tcp.port==146 || tcp.port==142)
