False negative on anti sniffing programme.

[asharma () ita hsr ch]

Hi all,
 I have a problem and I would be honoured and grateful if some of you could find
some time to guide me to the solution.
I wanted to detect machines running in promiscuous on the network. I folowed the
approach of sending arp request packets to the IP of the machine with the arp
address resembling but not equal to a broadcast address . I am receiving good
responses from most of test runs, however some linux based machines -
with Kernel 2.4.20-8 and 2.4.18 seem to responding to these packets despite not
being in promiscuous mode.
I fail to understand why this should be possible.
Your comments would be invaluable.
Thanking You
Ashish



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------