In my lan i have a router netgear 192.168.0.1 after it there is a linuxbox 2eths as netfilter,i need to sniff from this machine the wan traffic over 192.168.0.1.

You should be able to use ethereal for this.

If i want to sniff the connection of two really remote hosts,both not in my lan,would that be possible,how do i set ethereal to do this?A so called MITM!
... questions .... ?? ... questions ... ?? ... ... ? ? ? ?

You buy a hub and you put it on the host you want to monitor
Easy

A hub beetwen the 192.168.0.1 router and the linux box behind it.Anything that passes the router's nic is seen by all other hosts in lan,right?But maybe i got it wrong .Let's say i want to sniff all traffic that goes from macrozoz.com in japan to caccanet.com in russia,is that impossible?I'm studing a tool made by some italian geeks called ettercap it has an option that starts by putting two target hosts and by arp poisoning them make a man in the middle attak,they are not going to fisically go in japan and then maybe russia to make this happen,but ....

Hosts on The Internet send traffic targeted to each other through varying routes on The Internet. Even if you wanted to monitor their traffic remotely, unless you are connected to the same LAN as one of them, the data exchange can take multiple paths so you pretty much have to be close to, if not on, one of the end networks to have a chance at grabbing any data.

LAN being a local network, and assumed to be a single IP subnet, can only be "sniffed" for traffic on that LAN. This means traffic coming from, or going to that LAN. If there is a switch (or bridge) between your monitor node and the router then you won't even see all of the LAN traffic, just stuff destined for your system and broadcasts. The simple answer is that no you can't sniff traffic between two remote nodes, unless you can compromise a node that's on the same collision domain as, or a router between, one of them. ARP poisoning has the same limits (ARP = LAN != The Internet) so you can't mess with ARP tables at all unless you have a node on the same LAN. If that confuses you, try a wikipedia or google search for the difference between a hub and switch, what a collision domain is, what Address Resolution Protocol is and how IP routing works.

In theory it's possible to do a Man In The Middle attack over The Internet, but it would require poisoning something like DNS entries or route tables. That's something that could affect the whole Internet which means there could be dire consequences for those actions not to mention it's not a chore for the light at heart.

That's right!Look this scenario:
gabrix:~# tcptraceroute www.google.it
Selected device eth0, address 192.168.1.4, port 33486 for outgoing packets
Tracing the path to www.google.it (66.249.93.99) on TCP port 80 (www), 30 hops max
1 192.168.1.1 1.039 ms 0.178 ms 0.153 ms
2 192.168.0.1 3.114 ms 0.902 ms 0.907 ms
3 192.168.100.1 53.579 ms 57.464 ms 53.439 ms
......................................
...............................................
the firsts two hops are my gateways the 3th is my isp's proxy(a private ip for a public server ... ) it's not in my lan but ... it could became!right?I'm following networking studies for cisco ,just started,so i'm experimenting,i could own that host as like some one could use it to attak me.In the first place i wanted to sniff traffic behind my router which is the 2 hop,i could go even over it and over my isp's proxy,what do you think?
I'm impressed by the powerful features of tools like ethereal or ettercap,i just started making filters,what filters would you use,just to monitor after the last hop??

In theory, an MITM attack can be performed over the net. In reality, it's noisy as hell to do so and would raise some huge red flags with quite a number of information security officers.