PPPOE password sniffing

[Nikolaj <lorddoskias () gmail com>]

I'm playing with pppoe for the time being and I noticed something rather 
peculiar. I'm authenticating against radius server, and the 
Authentication says it is PAP - eg. clear text passwords. I've read 
through rfc 2516 and there is nothing said about the authentication with 
 password. I'm wondering whether there is a way to sniff such 
passwords? I tried sniffing my own connection when I was connecting to 
the pppoe NAS but no luck. Where are the password and username contained 
- in the payload of some of the PAD* packets?

Regards.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------