If you are running the Network IPS appliance on Windows, you can use Bonjour to browse for services that are being broadcast on the local network.
The DNS Service Discovery (DNS-SD) protocol identifies and discovers devices on the network that are enabled with the zero configuration standard. DNS-SD uses multicast DNS (mDNS). mDNS sends packets to every node on the network to resolve duplicate host names and to query the network for services.
From a Windows command line, you can use the dns-sd command to browse for services that are being broadcast on the local network by mDNSResponder (a Bonjour system service that uses Multicast DNS Service Discovery for discovery of services on the local network).
The range for the link-local address space is reserved from 169.254.0.0 - 169.254.255.255. However, 69.254.0.1 - 169.254.0.255 and 169.254.255.0 - 169.254.255.255 are reserved for future use.
DNS queries that end in .local are sent to the address 224.0.0.251 (for IPv6: FF02::FB / FF02:0:0:0:0:0:0:FB) which is reserved for mDNS. Any packets that are sent to these addresses are not forwarded beyond the local link or forwarded to the local link from outside the network. Any link-local multicast packet that is sent remains on the local link. Any link-local multicast packets that are received must originate from the local link.
Type dns-sd -B _ssh._tcp at the command line. All SSH services are broadcasted on the network.