Some time you need to see what customers are typing in as their password on the server to find typos.
tcpdump -i eth0 port smtp or port imap or port pop3 -l -A | egrep -i ‘pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|userna me:|password:|login:|pass |user ‘
This little command will show you unencrypted passwords on the fly.