That's correct. To avoid overloading the local network, the initial scan has a built-in safeguard:

1. It only scans the subnet of the configured network interface.

2. The scan is limited to a maximum size of a /16 subnet.

3. It runs just once every 5 minutes (this interval should be made configurable, currently still hardcoded).

If a subnet larger than /16 is configured, whosthere will log a warning and only scan the first /16 portion of that subnet. As of now the network interface itself is configured via the YAML file. I agree it would be a good idea to add command-line flags for more of these settings to make them easier to adjust.