Need a sniffer/password capture to prove telnet is bad

[Edward Croft]

I have a user I am trying to convince to quit using telnet. I have told
him that his password can be sniffed and that would expose his system.
He laughs and tells me that no one can get his password. So he threw
down the gauntlet for me to get his password. He telnets into his home
machine from work and I want to capture that, so what I am looking for
is something that can be run from my machine, listen to his here at work
and capture his home password without knowing explicitly the address of
that home machine. Any suggestions. I just tried to build dsniff, but it
failed. It would be beneficial to prove this to him. Since I am not a
hacker I am not fully aware of these sniffers and how they function. Not
even sure what I am looking for. I assume it is possible otherwise we
wouldn't be trying to get people to not use telnet and ftp.  
Thanks in advance.
-- 
Edward M. Croft
Sr. Systems Engineer
Open Ratings, Inc.
200 West Street
Waltham, MA 02451-1121