alt Hacker NewsOverall good work. I'd request an `-i` command-line parameter to specify the interface to scan (and I'd prefer ALL params being able to be read from command line params). I think it just performs a full scan initially on my laptop, following scans either didn't success or didn't involve TCP connect scan (I don't see ARP requests after the initial scan).
That's correct. To avoid overloading the local network, the initial scan has a built-in safeguard:
1. It only scans the subnet of the configured network interface.
2. The scan is limited to a maximum size of a /16 subnet.
3. It runs just once every 5 minutes (this interval should be made configurable, currently still hardcoded).
If a subnet larger than /16 is configured, whosthere will log a warning and only scan the first /16 portion of that subnet. As of now the network interface itself is configured via the YAML file. I agree it would be a good idea to add command-line flags for more of these settings to make them easier to adjust.