In order to monitor a router, we can use the following:

Case 1: Monitoring the switch port that the router is connected to:

1. In this case, numbered 2 in the previous drawing, we connect our laptop to the switch that the router is connected to
2. On the switch, configure the port mirror from the port that the router is connected to, to the port that the laptop is connected to

Case 2: Router with a switch module

1. In this case, numbered 5 and 6 in the previous diagram, we have a switch module on the router (for example, Cisco EtherSwitch® or HWIC modules), we can use it the same way as a standard switch (numbered 5 for the LAN port and 6 for the WAN port, in the previous diagram)

2. In this case, you will be able to monitor only those ports that are connected to the switch module

Case 3: Router without switch module

1. In this case you can connect a switch between the router port and the Service Provider (SP) network, and configure the port monitor on this switch, as in the following diagram:

• In this case, configure the port monitor from the port the router is connected to, to the port your laptop is connected to.

Case 4: Router with embedded packet capture

In routers from recent years, you will have also an option for integrated packet capture in the router itself. This is the case, for example, in Cisco IOS Release 12.4(20)T or later, Cisco IOS-XE Release 15.2(4)S-3.7.0 or later, and also from SRX/J-Series routers from Juniper, Stealhead from Riverbed, and many other brands.

When monitoring a router, don't forget this: it might happen that not all packets coming in to a router will be forwarded out! Some packets can be lost, dropped on the router buffers, or routed back on the same port that they came in from, and there are, of course, broadcasts that are not forwarded by the router.