Most likely would be a VPS or VLAN bug at a place like Digital Ocean, Linode, etc, that let you spy on neighbor VPS traffic. Not that it happens often, but there are historical bugs to escape VMs and/or containers. Once out, you could sniff traffic for the whole physical box.

Or a router/switch exploit. Create a monitor port and dump the traffic wherever you want.