Is there a way to sniff packets of a remote IP address?

If you have control over the network, you can sniff traffic remotely by using a vlan as the destination for a span port and then trunking that to where you need it. You can do this over routed networks as well using GRE tunnels but you must control the network.

1) If you have control of the network you should be able to capture 100%

2) You can encrypt WAN connections using IPSec either from host to host or at the routers that connect to the service provider to prevent the service provider from viewing the data.

3) This sounds more like you are worried about spyware on your workstation. If you have malware on the box, it really doesn't matter what else you do. You need to clean the box.

IP is an addressing mechanism that sits at layer 3 of the OSI model. By definition, the only way you can "sniff" these packets is if you lie in the path of the router itself.

So you can successfully sniff packets on your LAN as long as you are on a broadcast medium such as certain ethernet topologies or wifi without directional security capabilities. Unless you are sitting at a core router in a telecommunication facility or you successfully introduce routes into the Internet, you have no chance to capture random packets across multiple networks.

The linked story here is interesting in that it shows how dynamic these routes are. The Internet is supposed to be tolerant to route failure so it is constantly shifting around. The ability to accidentally or maliciously create a core route does exist. You could essentially capture 100% of the traffic flowing over that route, which is not the same as capturing 100% of the specific packet stream. Individual IP packets can arrive along different routes. Once your packets leave your computer, they are subjected to the whims of the intermediate routers.

Always use encryption protocols such as SSL/TLS when you are given the option.

A way to capture remote traffic across the internet, when you're not on the same LAN as receiver or sender, is using BGP hijacking. Kapela and Pilosov gave a great presentation on this topic at Defcon 16: http://www.securitytube.net/video/173

The attack requires the attacker to have control over an AS. He can send false prefix announcements with favorable properties to his peers so that they will choose to route traffic for the victim via him. These announcements will propagate, and the attacker can capture a large portion of traffic (or even all) that was intended for his victim. To get the traffic delivered to the victim, the attacker needs to keep one of his peers 'clean' so he can hand the traffic off there.

The attack is complex and depends on a lot of factors. The internet is not a predictable place in terms of traffic flow. However, Kapela and Pilosov give a successful live demonstration of capturing traffic of the Defcon venue. Another famous example is Pakistan accidentally hijacking YouTube traffic in 2008 (http://www.circleid.com/posts/82258_pakistan_hijacks_youtube_closer_look). China has been accused of hijacking large portions of US internet traffic (http://bgpmon.net/blog/?p=282).

A way to secure against this is by using end-to-end encryption, like using SSL or IPSec. There are also some initiatives that attempt to make BGP more secure (SBGP, SOBGP).