[Nottingham] Weird Stuff

Paul Sladen nottingham at mailman.lug.org.uk
Fri Sep 6 18:14:00 2002

On Fri, 6 Sep 2002, Guangyue Liu wrote:

Hi Guy!

> -> 

This is a DHCP/BOOTP *reply*.  A "normal" DHCP request from a client to a
server goes out and looks like this: ->   (bootp client -> bootp server)

which gets picked up by the Universal Broadband Router at the cable head-end
and proxied onto the central DHCP/TFTP server.  The reply then comes back
from the a `Known' address to the limited-broadcast address, but with the
correct MAC address of the device that sent the request;  this is what you
are seeing.

As far as the rfc1918 private addresses go, NTL assigns /22 blocks per UBR
to the farside of the cable-modems;  the UBR is just acting as a gateway
for the cable-modems and takes the top address (

The UBR also has a gw address for each /24s of "real IPs" being allocated to
peoples PC's and an a further address bound to the farside--in this case
`'--which helpfully tells us what it is:


So, now you know that there's a second block of addresses there to enable
you to get *at* the cable modem, you can start having fun;  The cable modem
is nothing more than a learning bridge, but it also has two IP addresses
bound to it so that it can be communicated with:  on the *inside*  (your side through the Ethernet port)
  10.???.???.??/22  on the *outside* (DOCSIS cable interface)

You can find out the second address (not that it helps much) by doing an
`snmpwalk public' and querying it from your side where you
already know what IP address it has.  You can also do other groovy things
like run MRTG and see what bandwidth you're using.

The interesting thing to note is the the 10/8 addresses--which are assigned
to the Cable-modem upon bootup--are unique and globally routeable through
NTL's network.  Eg. I can `ping' from the end of this NTL
provisioned leased line here, and it works...

Madness, have fun.

Nottingham, GB