I'm not really sure who else this might benefit, but I thought I'd throw it out into the mix.
At my company, we have hundreds of remote offices, and the Mac representation on the network has grown quickly over the past few years since the advent of iOS devices. Tasked with implementing Casper remotely in many of these offices was complicated by the fact that each office has WiFi that is segmented from the company network, making it difficult to reach or account for many of the computers that were at remote sites, but not tethered to Ethernet.
If you ever need to discover the Macs available on remote networks, and have access to a Mac on that network via SSH, get on it and run the following command:
dns-sd -B _net-assistant._udp . >> /tmp/ARDhosts; cat /tmp/ARDhosts | awk -F"._udp." '{print $2}' | sort | uniq
Let it run for, say 15 seconds, and press ctl-c. You should end up with a list of the Macs on that network. If the computer happens to be connected to both Ethernet and WiFi, then your list has the Macs on both networks.
Using a combination of this discovery process, and a keyed SSH tunneling script, we are able to enroll Macs in our company remotely even when they are on segmented networks on the other side of the world.
If you care to modify that command to search for other services offered on the remote network, replace the "net-assistant" with the name of the service you wish to discover, and change all references of "udp" to "tcp" if appropriate. For instance:
dns-sd -B _ssh._tcp . >> /tmp/SSHhosts; cat /tmp/SSHhosts | awk -F"._tcp." '{print $2}' | sort | uniq
Get the names of the different services per port from the /etc/services file on any Mac.
