New home network and adminstrating it

so around next week i am moving to a new home and i need to lay down a new network there. i am planning to have the network like this:

modem- 8 port switch (tp-link tl-sg108e)
and then connect my pc, my parents pc, the wifi router's and the xbone to the switch. and the laptop and mobile phone's to the wifi. 
is this a effecient setup and what should i change to make it better? 

but how it is now is that al the devices exept my pc are full of adware, spyware and other bloatware. and i am always the person to fix it but they always give it to me when the device is already gone to hell.

so what i wanted to do is setup one old pc to analyse the packets that are going to the network and let me see wich computers are sending out suspicious packets. so i can remove the problem causing software before its getting worse. does anybody know how to set a pc up so i can see the suspicious packets and figure out whats happening. 

info:

the old pc: i believe it has a pentium 4 2.66 ghz aint 100% sure about it with one onboard lan chip so i definitely need to buy one pcie one to monitor the packets i think? btw this pc has no os yet 
the wifi router: em4570 gigalink 300n works pretty wel but i need to turn off the dhcp i believe? if i am going to have the setup like explained above.

thanks in advance for all the answers 
and sorry for all the grammer and spelling mistakes wich i am sure i have made  
and i am pretty new to networking so if i am having too wild idea's just let me know.

Several things I wish to clear up here.

You can not go straight from a modem to a switch. As a modem is entirely a traversal device for going from one connection medium (Co-ax, fibre, ADSL, 4G etc) to another (in most cases RJ45 Ethernet). As no routing takes place, putting a switch essentially puts all your machines on the internet with no firewall. (But that wouldn't work due to IP issues.

You need to go from a modem to a router and then on to a switch. The router being just that or a firewall device of some kind (like pfSense for example). This is to entirely provide a border (where NAT occurs) between your LAN and WAN.

Secondly, why are your machines not adequately protected if they are full of shit? Step one to good security is making sure the users know what is good and what is not. (Seriously, it is a huge part of IT in business) But AV wouldn't harm in terms of catching what the user hasn't.

Due to the operation method of a switch, putting a monitor somewhere on the network will not help. A hub when it receives a packet, sends it out to all connected devices (this is horribly in-efficient and slow). But a switch only sends packets where they are destined and nowhere else. So say computer on port 1 talks to another machine on port 2, a machine on port 3 will not be aware that they are communicating.

You can easily monitor wireless networks, due to their broadcast design.

If you want to monitor packets, you need to intercept them between the sender and receivers. Whether this be using wiretaps or as a PC acting as the routing device.

Software like wireshark will allow you to look at what packets are arriving at the machine it is being run from.

pfSense as the routing device will aid (and allow for monitoring) in network security if used as a firewall (as you can run live virus scans on all incoming traffic).

And yes, if you have two DHCP servers on the same network, distributing in the same IP range you will need to get rid of one. (due to conflicting IPs being assigned)

Zanginator is exactly correct about the modem, router, switch config.  Routers are used to connect one network to another, in this case, your LAN to the internet.  Most routers also provide a firewall to protect the systems behind it from unauthorized access.

If you have a lot of viruses and crap on your systems, I would advise you to make sure they are clean before you reconnect them to the network.  This is for two reasons.  First, once malware is on a system inside of the LAN, the only thing stopping it from spreading to other systems is compatibility, anti-virus software, and sometimes internal firewalls.  Second, the need to use some type of packet sniffer becomes a moot point.  If there is no malware on the LAN, there is no need to sniff the packets, unless you want to add additional security. 

The problem is, due to the complexity of modern viruses, that it can take an obscene amount of time to clean infected systems, if it is possible at all.  If you have good backups, I would think about doing a wipe and reload of the OS on the affected systems if removal efforts are unsuccessful.

I would also look at assigning static IP's to your infected systems.  I do this through my router config.  This should make any packet sniffing easier, as you will know exactly which system you are looking at.

I have not used PfSense's packet sniffer, snort I believe it is called.  So I cannot comment on its use.  However, PfSense is a great piece of software, just be prepared for a steep learning curve if you are not already familiar with it.

And again, Zanginator is absolutely correct.  You only want one device on the network handling DHCP.  Most home networks are set up to have the default gateway router provide DHCP, though other methods may be used.

yes sorry you are right about the router and firewall part, but the switch i got is actualy a router. but is advertised as an switch and even on the device itself stands switch so i always call it a switch while it is actualy a router sorry for the confusion.

about that they are not adequately protected they all have anti virus but they always get turned off so i wanted to come up with something that was idiot-proof

and i found a setting on my switch/router that lets me configure it to mirror a specific port to another port like this:
 port 1 and 2 are comunicating to each other and if i mirror port 1 to port 3 and setup wireshark on port 3 could i then see what is happening to port 1? 

If your switch supports port mirroring like you say then yes, you can connect it to a computer running wireshark and see all the traffic on the mirrored port. You need to be able to put the network card on your monitoring machine in to promiscuous mode but that shouldn't be a problem.

I use a set up like this to keep an eye on my public wifi network.

 

To be more specific, you want to mirror the port which connects to your router, then on the monitoring machine you can use wireshark to see all the traffic between your computers and the internet. As long as the network card can be put in to promiscuous mode. You won't be able to see the traffic between individual machines this way, only between them and the internet. If you want to see the traffic between lan devices you could mirror the port of the device you want to see, or just install wireshark on each device.

If you can put DD-WRT on your router or use pfSense, I would put your infected PCs (I assume they belong to your family) on their own isolated network. You can make firewall rules so they can't touch your stuff, and vice versa. That doesn't eliminate the issue of keeping them virus free, but it keeps your important PCs safe from anything malicious coming over the network.