Each platform
has a default number of bytes that
tcpdump
captures.
The PA-220 firewalls capture 68 bytes of data from each packet and
anything over that is truncated. The PA-7000 Series firewalls and
VM-Series firewalls capture 96 bytes of data from each packet. To
define the number of packets that
tcpdump
will
capture, use the
snaplen
(snap length) option
(range 0-65535). Setting the
snaplen
to 0
will cause the firewall to use the maximum length required to capture
whole packets.