If you need to run monitoring equipment looking for threats or whatever on your network, you need to have a way to get a copy of the traffic flowing through a switch or router to your monitoring doo-dad, usually either a Linux server or Linux-based appliance. If you were hooking up an IDS, you’d want a mirror port somewhere tied via Cat5/6 cable to your server which would listen on a spare ethernet port configured to just listen (which is also called promiscuous mode).
It can be tricky to get your router to create a mirror port, or SPAN port in Cisco world, but you have to select a SOURCE port or ports, and ask the switch/router to copy those packets to your DESTINATION port, which will hook back into your network monitoring thing
basic linux bridge config:
Setting up a virtual linux switch with mirroring (advanced):
commercial tap thing: