Tcpdump packet capture on the management interface, by default, captures 68 bytes or 96 bytes of data from each packet, depending on the platform. The PA-200, PA-500, and PA-2000 series captures 68 bytes of data from each packet. Any amount over the default gets truncated. All other platforms, which include PA-3000, PA-4000, PA-5000, PA-7000 and VM series capture 96 bytes of data from each packet. Any amount above 96 bytes gets truncated, because you might not capture the whole packet.
For example, when capturing LDAP, this message appears in the packet capture: "[Packet size limited during capture: LDAP truncated]"
Note: Setting snaplen to '0' means that you will use the required length to catch whole packets. In this example, it will be set to 65535 bytes. It is a good practice to limit the Snaplen to the smallest number possible to capture the protocol or packet.