MikroTik

Often in the logs I see users from other networks that are mistakenly connected to my network, the log shows me the username but not password.
I'm interested in how see and decrypt the pasword ?
This is only for education purpose.

If its users from other networks i don't see the need for you to receive the passwords, just as a hint most pppoe services can be traced back to the mac, i wouldn't even attempt to try and use any of these, but for educational purposes the way that you would get to these details would be a a L2 packet sniffer, the Mikrotik interface will not allow you to see what the password that was received is.

After you have the packets, then u have to brute force the passwords out of the the encrypted packet, For all intensive purposes any password over 8Chars is not worth cracking due to the time required to do the actual attack.

personally in short, Its not worth it.

Actualy I was found tools for decrypting pasword ... So only way is to sniff traficc ?
I was thinking that there is some easyer way in pppoe server or log to see what is the pasword ...
Ok thanks !

What password are you going to decrypt? If PAP authentication is used, a password is sent over network in plain text, so there is nothing to decrypt. If CHAP authentication is used, a password is not sent over network at all. Instead a password is used to compute a hash of random sequence of bytes on both ends (client and server). So there is nothing to decrypt again.

My ppoe server is configured to allow only chap authentication ... I dont know which type authentication is using that client ... Im think that this is ordinary windows machine which try all types ...
What I now see in my log is something like this:
00:06:09 manager,account 192.168.3.81,xxuser@othernetwork-dsl,auth failed,user <xxuser@othernetwork-dsl> not found
So I was think that I need to enable some logging option which will be show me also which pasword is that user use ...