# Above this are DB queries to OpenAanval
# idsMain.event.eid and idsMain.event.sid correspond
# to snort.data.cid and snort.data.sid respectfully

$dbh->do("use snort") or die "$!\n";
my $plh = $dbh->prepare("SELECT data_payload FROM data WHERE cid = '$eid' AND sid = '$sid' LIMIT 1");
$plh->execute() or die "$!\n";;

while( my @rows = $plh->fetchrow_array ){
        $ea = $rows[0];
}
$plh->finish;

my $bit = 2;      # size of gouping
for (my ($j,$i) = 0; $i < length($ea);$j+=$bit, $i++) {
        if( $j+$bit <= length($ea) ) {  #put into an array
                $pd[$i] = substr($ea,$j,$bit);
        } else { next; }  # skip any errors
}

my $count = 0;    # count for number of tuples in a row
foreach my $this (@pd){
        next if (length($this) != 2); # skip errors from above
        $eb .= "\n" if( (($count % 16) == 0) && ($count != 0) ); # insert cr/lf when 16 chars are printed
        $eb .= "$this "; #cat this array entry
        $count++; 
}

##### Sample output (padded in comments ;)
#30 XX 02 01 00 04 08 73 33 35 XX 37 31 XX 62 A0 
#2E 02 04 BE 41 XX 34 02 01 00 02 01 00 30 20 30 
#0E 06 0A 2B 06 01 02 01 02 XX 01 0A XX 05 00 30 
#0E XX 0A 2B 06 01 XX 01 02 02 01 10 03 05 00 
##### XX inserted to protect the innocent


##</code><code>##

$dbh->do("use snort");
my $plh = $dbh->prepare("SELECT data_payload FROM data WHERE cid = '$eid' AND sid = '$sid' LIMIT 1");
$plh->execute();
while( my @rows = $plh->fetchrow_array ){
        $ea = $rows[0] =~ s/([a-fA-F0-9]{2,2})/chr(hex($1))/exg;
}
$plh->finish;

##</code><code>##

303D02010004087333357537316162A02E0204BE41C8340201000201003020300E060A2B060102010202010A030500300E060A2B0601020102020110030500