This is the only solution that works for VPNs with the client machine being Windows Vista or Windows 7, as other listed answers simply do not function. This answer was previously deleted and should not have been, as this is the only solution for a real-world common case. Since there is no appeal available for the delete, I am reposting it to save others the frustration I had with trying to use the other answers.
The example below finds which IPs on the VPN that have VNC/port 5900 open with the client running on Windows 7.
A short Python (v2.6.6) script to scan a given list of IPs and Ports:
from socket import * fTimeOutSec = 5.0 sNetworkAddress="192.168.1" aiHostAddresses = range(1,255) aiPorts =  setdefaulttimeout(fTimeOutSec) print "Starting Scan..." for h in aiHostAddresses: for p in aiPorts: s = socket(AF_INET, SOCK_STREAM) address = ('%s.%d' % (sNetworkAddress, h)) result = s.connect_ex((address,p)) if ( 0 == result ): print "%s:%d - OPEN" % (address,p) elif ( 10035 == result ): #do nothing, was a timeout, probably host doesn't exist pass else: print "%s:%d - closed (%d)" % (address,p,result) s.close() print "Scan Completed."
Results looked like:
Starting Scan... 192.168.1.1:5900 - closed (10061) 192.168.1.7:5900 - closed (10061) 192.168.1.170:5900 - OPEN 192.168.1.170:5900 - closed (10061) Scan Completed.
The four variables at the top would need to be changed to be appropriate to whatever timeout, network, hosts, and ports that are needed. 5.0 seconds on my VPN seemed to be enough to work properly consistently, less didn’t (always) give accurate results. On my local network, 0.5 was more than enough.