So I've recently made a small breakthrough on the scanning side of things. I've managed to send raw ARP requests and sniff the replies off the wire. The nice thing about this is that I no longer need to hard code MAC addresses for my target hosts into my code. W00t! This has larger implications as it verifies that the actual packet sniffing functions in libnet don't block, so I can start sniffing and call the packet processing functions that DO block at a convenient time, or maybe a different thread? Good food for thought! This also lays out the basic structure of the code I need to write to send a SYN packet and wait for the reply.
I've also been thinking of how to start integrating this network code into my wxWidgets code for the VNCAdmin rewrite. It feels awkward since the wxWidgets code is nice and tidy in their C++ classes, however the network code is some down and dirty C splattered all over the place. Oh well, we'll get there.