MAPI filter and dissector documentation?

retag add tags

When capturing, the protocol is shown as "MAPI" for some traffic. Does that mean that there is a MAPI dissector, or MAPI filter, or is the labeling a feature of the parent protocol (DCE/RPC)?

There was only a stub about MAPI in the Wiki, but I see many many fields in the MAPI filter. Is there any place in the wiki, or on the web, where the filter is documented?

And ... please explain to me, as if I was a child, where to find the MAPI filter (and dissector?) in the git file hierarchy?

MAPI is the Microsoft Messaging API used for communication between mail clients and Exchange servers and is an MS RPC protocol so based on DCE/RPC.

As Wireshark has a dissector for MAPI, that dissector adds the "MAPI" entry to the protocol column. The dissector adds many display filter fields and these can be seen in the appropriate part of the Wireshark Display Filter Reference.

The source for the dissector can be found in the Wireshark GitLab Repository here. Like other DCE/RPC dissectors the dissector code is generated using PIDL from the protocol IDL file and a dissector specific interface configuration file.

23.8k

grahamb

answered 2022-04-05 07:35:12 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

MAPI filter and dissector documentation? edit

Comments

1 Answer

Comments