[Snort-users] ERROR: Can't initialize DAQ pcap (-1) - truncated dump file; tried to read 4 file header bytes, only got 0
scott_pin at ...131...
Wed Nov 30 07:29:14 EST 2016
This may be from being a newbie, but I see other indications of folks with a similar issue, but no solutions that have solved it for me.
I have searched the list via web and found a post of 5 October 2016 with a similar subject, but no resolution. I am running almost the identical setup.
Snort is on a Debian Jessie (8.6.0) vm (kvm).
I have configured my system per the doc Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf (except for some path differences).
When I start snort inline (with sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0) it starts as expected, silently listening. I ping the IP of the vm system from another box, but there is no output on the console.
Checking the log:
sudo snort -r /var/log/snort/snort.log
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
pcap DAQ configured to read-file.
ERROR: Can't initialize DAQ pcap (-1) - truncated dump file; tried to read 4 file header bytes, only got 0
Fatal Error, Quitting..
As with the poster in the prior thread, I can find nothing in the archives or an online search that helps me solve this.
Thank you in advance,
More information about the Snort-users