The tcpdump CLI command
enables you to capture packets that traverse the management interface
(MGT) on a Palo Alto Networks firewall.
Each platform
has a default number of bytes that tcpdump captures.
The PA-220 firewalls capture 68 bytes of data from each packet and
anything over that is truncated. The PA-7000 Series firewalls and
VM-Series firewalls capture 96 bytes of data from each packet. To
define the number of packets that tcpdump will
capture, use the snaplen (snap length) option
(range 0-65535). Setting the snaplen to 0
will cause the firewall to use the maximum length required to capture
whole packets.