When they say "scanning the whole Internet in 45 min" they mean scanning only one port of every IP address (for example sending a short GET request to port 80/tcp) over a Gigabit link:
2^32 (IP addresses) * 1 (port per IP) * 80 (bytes per packet) * 8 (bits per byte) / 1e9 (throughput in bit/sec) / 60 (sec per min) = 46 minutes (note: excluding multicast space, RFC 1918 space, etc, scanning time would be reduced down to ~35 min)
That's equivalent to "scanning all 65,535 ports of a /16 subnet in 45 min" which does sound less impressive...
I realize lots of people are simply in the habit of saying "Class C" when what they really mean is a /24, "Class B" for a /16, etc. but classless routing[0] has been around for 20 years now and these terms need to go away.
Except that qwerty_asdf wasn't referring to a /24 subnet, (s)he was talking about one of the three address spaces defined in RFC 1918 and described thusly:
"Note that (in pre-CIDR notation) the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and third block is a set of 256 contiguous class C network numbers."
So it is common for crusty old network engineers and sysadmins to refer to 192.168/16 as "the class C" private block, even when they understand that you can subnet it however you'd like.
> ... (s)he was talking about one of the three address spaces defined ...
Right, I realized that when s/he said "reserved Class C range". It was more of a general observation. I always forget I have to be extremely specific here on HN.
Why should the terms go away? Obviously the networks have been widely broken up and shuffled around, but I see nothing wrong with calling 11.5.0.0/16 a class B network.
In order to send a GET request you may want to first establish a TCP connection, so it's going to be at least three packets. Otherwise you're not going to receive any response.
Also, for these scans is quite common to just send a SYN packet and wait for the SYN/ACK to decide if the port is "open" or not.
> That's equivalent to "scanning all 65,535 ports of a /16 subnet in 45 min" which does sound less impressive...
Actually, the above is a much harder problem. Scanning a limited subnet requires congestion control in a way that scanning the whole Internet does not.
2^32 (IP addresses) * 1 (port per IP) * 80 (bytes per packet) * 8 (bits per byte) / 1e9 (throughput in bit/sec) / 60 (sec per min) = 46 minutes (note: excluding multicast space, RFC 1918 space, etc, scanning time would be reduced down to ~35 min)
That's equivalent to "scanning all 65,535 ports of a /16 subnet in 45 min" which does sound less impressive...