Another proof of concept of ARP-spoofing causing the ability to sniff traffic is ettercap. This utility allows an unprecedented level of ability to listen and inject network traffic.

The default behaviour of Ettercap is as follows:
It first ARP-storms the local subnet it is run off of, gathering MAC addresses of all hosts on the subnet.
It then uses an NMAP-style OS-detection and gathers all of the information for the subnet into a large list.
At this point, the user is left with the selection of a source and destination address to sniff traffic off of.

Ettercap found here:
http://ettercap.sourceforge.net/

Keep in mind that many network admins don't like it if you do this sort of thing without permission, so ask first.