diff --git a/tcpdump_tools/by_hosts b/tcpdump_tools/by_hosts
index 868ecdd..685ab95 100755
--- a/tcpdump_tools/by_hosts
+++ b/tcpdump_tools/by_hosts
@@ -4,7 +4,7 @@ use strict;
 my %octets;
 
 while (<>) {
-    if (/([\d.:]+) . ([\w:]+) ([\w:]+) ip (\d+): ([\w.]+)\.(\w+) > ([\w.]+)\.(\w+):/) {
+    if (/([\d.:]+) ([\w:]+) ([\w:]+) ip (\d+): ([-\w.]+)\.(\w+) > ([-\w.]+)\.(\w+):/) {
 	# print;
 	# print "-> $1 $2 $3 $4 $5 $6 $7 $8\n";
 	my $octets = $4;
diff --git a/tcpdump_tools/hourly_by_hosts b/tcpdump_tools/hourly_by_hosts
new file mode 100755
index 0000000..21dbe43
--- /dev/null
+++ b/tcpdump_tools/hourly_by_hosts
@@ -0,0 +1,29 @@
+#!/usr/bin/perl -w
+use strict;
+# expect output of tcpdump -e -tt:
+# 1112435754.534889 0:a0:24:b5:24:a4 0:1:2:f9:fa:67 ip 74:
+# posbi.wsr.ac.at.2592 > lipo.at0.net.nntp: S 3984513449:3984513449(0)
+# win 32120 <mss 1460,sackOK,timestamp 3461018906 0,nop,wscale 0> (DF)
+
+my %octets;
+
+while (<>) {
+    if (/([\d.]+) ([\w:]+) ([\w:]+) ip (\d+): ([-\w.]+)\.(\w+) > ([-\w.]+)\.(\w+):/) {
+	# print;
+	# print "-> $1 $2 $3 $4 $5 $6 $7 $8\n";
+	my $ts = int($1/3600)*3600;
+	my $octets = $4;
+	my $sip = $5;
+	my $sport = $6;
+	my $dip = $7;
+	my $dport = $8;
+	# print "-> proto = $proto\n";
+	$octets{"$ts $sip $dip"} += $octets;
+    }
+}
+for my $i (sort keys %octets) {
+    print $i, " ", $octets{$i}, "\n";
+}
+
+#vim:sw=4
+