today I want to show you how to find out the PPPoE password on a Sophos SG/XG if you don’t have it documented.
This only works if the SG/XG itself establishes the connection.
Start a TCPDump on the hardware interface via the shell. In this example eth1.
tcpdump -i eth1
Then press the reconnect button in the webgui.
Now you just have to look in the dump for the line that contains your PPPoE username. And directly behind it is the password in plain text. 😀
08:49:12.384612 PPPoE [ses 0xdc82] PAP, Auth-Req (0x01), id 1, Peer firstname.lastname@example.org, Name Password123
Have a nice day!