> Program a map to display frequency of data exchange, every thousand megabytes a single pixel on a very large screen. Manhattan and Atlanta burn solid white. Then they start to pulse, the rate of traffic threatening to overload your simulation. Your map is about to go nova...
On top of all of this, I also did a bonus scan of a few APNIC IP blocks every 30 mins for 24 hours. The data from that allows you to see the internet “breathe” as clients come online in the morning and offline at night
Really, I'm surprised there isn't a distributed/crowdsourced system to do this all the time and allow people to study the 'weather' in the datasphere.
It is a good idea, as IP ranges are a simple (discrete) linear range.
However, maybe this is not the best explanation:
> The problem with displaying IP addresses, is that they are a single dimensional, they only move up and down, however humans are not good at looking at a large amount of single dimensional points.
But rather: Hilbert curves are great because it ensures that every two consecutive points are contiguous in space (i.e., no gaps).
I made a github issue for this:
If nothing else his little gif shows that just scanning at different times of day could be used to estimate number of personal devices belonging to individuals there are on a certain subnet.
> On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in under 5 minutes.
Also, I would be remiss if I did not point out that this:
cat ping.txt | pcregrep -o1 ': (\d+\.\d+\.\d+\.\d+)'
is a Useless Use Of Cat.
It should be rewritten:
pcregrep -o1 ': (\d+\.\d+\.\d+\.\d+)' <ping.txt
wow, what a stellar compression ratio
>Useless Use Of Cat
Oh My God No One Cares
It's pretty good when compared to uncompressed RGB of the same size, which would be 48M.
The author also has some other cool d3 visualizations of IPv6 Routes, AS, as well as IPv4 allocations.
There are also large portions of the 13 /8s (218 million IPs!) assigned to the US Department of Defense  that you wouldn't need to scan since there are no routes to them at all: the 188.8.131.52/8, 184.108.40.206/8, 220.127.116.11/8, 18.104.22.168/8, 22.214.171.124/8, 126.96.36.199/8, and 188.8.131.52/8 networks are, for all intents and purposes, "missing" from the public Internet.
Additionally, there are only four /24s in 184.108.40.206/8 that are reachable from the public Internet. Out of the 16,777,216 IP addresses that make up 220.127.116.11/8, only 255 are reachable (18.104.22.168/24) .
There's pretty much no point in scanning -- "mapping" -- this address place (unless you are looking specifically for US government/military stuff).
ETA: In the interest of time, you probably wanna skip over 22.214.171.124/8  also.
 Interestingly, the ASN (27651) that is advertising 126.96.36.199/24 into BGP appears to be registered to a company in Chile -- and they're also advertising 188.8.131.52/24. I would not be surprised to find out that neither of these advertisements are legitimate.
0.0.0.0/8 Local System
10.0.0.0/8 Local LAN
169.254.0.0/16 “Link Local”
172.16.0.0/12 Local LAN
240.0.0.0/4 “Future use”