ERROR: Can't initialize DAQ pcap (-1) - truncated dump file; tried to read 4 file header bytes, only got 0

[Scott Thomas <scott_pin () yahoo com>]

This may be from being a newbie, but I see other indications of folks with a similar issue, but no solutions that have 
solved it for me.

I have searched the list via web and found a post of 5 October 2016 with a similar subject, but no resolution. I am 
running almost the identical setup.

Snort is on a Debian Jessie (8.6.0) vm (kvm).

I have configured my system per the doc Snort_2.9.8.x_on_Ubuntu_12-14-15.pdf (except for some path differences).

When I start snort inline (with sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0) it starts 
as expected, silently listening. I ping the IP of the vm system from another box, but there is no output on the console.

Checking the log:

sudo snort -r /var/log/snort/snort.log 
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
pcap DAQ configured to read-file.
ERROR: Can't initialize DAQ pcap (-1) - truncated dump file; tried to read 4 file header bytes, only got 0
Fatal Error, Quitting..

As with the poster in the prior thread, I can find nothing in the archives or an online search that helps me solve this.

Please help!

Thank you in advance,

Scott
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!