On wired networks or wpa enterprise networks you need to do a mitm first.
WiFi networks work like a hub, everyone receives the traffic(you can't direct those radiowaves to every client individually), so on open networks you can get those cookies(and all other traffic of course!), on WEP networks you can do the same if you know/crack the password, and on WPA networks you can do the same if you know/crack the password AND capture the handshake of the user(s) who you are trying to sniff.
The cookie itself is just sent in plain text(you can verify this with wireshark), so if you can see the traffic, you can see the cookie.