Find all active network devices that are using a specific TCP port using windows cmd, by exploiting a possible firewall weakness

This guide use telent windows tools. If you haven’t enable it yet, look at this: How to enable telent on Windows 10

This guide is based on windows Find all active network devices article

  1. open cmd
    tip: WIN + R, then type “cmd“, then press ENTER
  2. ping your broadcast address, this allow you to populate Address Resolution Protocol (ARP) cache
    example: ping 192.168.1.255
    tip: some firewall blocks this action because could be used to perform an attack on network
  3. use arp command to look into cache redirecting output to file
    example: arp -a > network.log
  4. your network file looks like this:
Interface: 192.168.1.6 --- 0x10
  Internet Address      Physical Address      Type
  192.168.1.1           aa-bb-cc-dd-ee-ff     dynamic
  192.168.1.2           aa-bb-cc-dd-ee-ff     dynamic
  192.168.1.3           aa-bb-cc-dd-ee-ff     dynamic
  192.168.1.4           aa-bb-cc-dd-ee-ff     dynamic
...
...
  192.168.1.255         ff-ff-ff-ff-ff-ff     statico   
  
  1. open ” network.log” file and edit it in order to get a plain list of ip addresses, like this one:
  
  192.168.1.1
  192.168.1.2
  192.168.1.3
  192.168.1.4
...
...
  192.168.1.255
  
  1. run telent command for each line of network.log file:
    example: for /F "tokens=*" %i in ({path_to}\network.log) do telnet %i {port}
    tip: change {path_to} and {port} according to your needs
  2. Wait for execution: if telnet is able to connect to ip:port it means that in that ip there is a service listening on the desired port.