Typically admins get suspicious if they see a NIC set to promiscous mode, when a NIC is set to promiscous mode, it grabs all the packets that are being sent from other machines, ALL. A lot of bandwidth gets comes to you, my one experience using a packet sniffer choked my computer.
It is a small computer lab (3 computers) of which I am the Admin. What suprised me the most about my tests were that when I started viewing logs I could pull (plain text) user names and passwords like the ones used for this forum along with the HTTP info.

So this gets me to thinking that any admin from any network could possibly read any text based messages from any of the users on the network. So I go to another computer and send an email with a few keywords that I can search the logs for later. I couldn't find it so I am guesing that is because email client may package the data differently then HTTP packets.

Although I still not sure of that, I did one more experiment I posted to a message board using computer number two and then went back to the computer with the sniffer running to check for words in the message I posted. I couldn't find them so I started RTFM and find that the NIC has to be in promiscous mode.

The best place to sniff for packets is at the "entrance" to a network, before it gets broken up into different segments, I know we have one set up there, with a program called Etherpeak to monitor bandwidth usage, and to see "what is going on" with our network, this is one of those cases where packet sniffing is useful tool, and legal.
OK I understand that and will have to change a few things in my lab to achieve that. But I am still curious about setting a NIC on a remote machine in the same network to promiscous mode to scan other traffic. Any ideas?

Thanks for the information!