My setup:
Single interface bridge unmanagement connecting WAN port and LAN1 port.
No use firewall on this interface.
After that, I use a Script to mirror LAN1 port to LAN2 port.
On the computer, install Wireshark and enable the network interface in promiscuous mode.
Connect this computer to LAN2 and monitor all running traffic.
WAN -> ISP, LAN1 -> client, LAN2 -> attacker.