This post is to document a behavior that may have made you stand back and ask, How does that work?
Scenario:
An internet connection consists of a coax cable plugged into a Cable Modem (CM) in turn connected to the WAN port of a Small Office/Home Office (SOHO) router, via a CAT5 cable. A person is able to access their cable modem on the IP address 192.168.100.1 using a web browser in order to view diagnostic details.
So what would be confusing about that? Nothing at first glance; but if you are familiar with networking then you realize that WAN interface of the router, has a public IP address and yet somehow is able to communicate with a private IP address which is on the “outside” of the router. Furthermore, there are likely other users on the same ISP that use the same IP address to reach their own modems.
Equipment:
Dlink DIR-825 router running OpenWRT
Motorola Surfboard SB6121
MAC Addresses:
00:01:11:00:00:d8 Home router WAN 00:01:5c:ab:cd:ef ISP default Gateway 94:cc:b9:fe:dc:ba Cable Modem
IP Addresses:
1.1.1.23 Home router WAN 1.1.1.1 ISP default gateway 192.168.100.1 Cable Modem
Packet Capture:
09:31:30.072256 00:01:11:00:00:d8 > 00:01:5c:ab:cd:ef, ethertype IPv4 (0x0800), length 74: 1.1.1.23 > 192.168.100.1: ICMP echo request, id 1, seq 688, length 40 09:31:30.072594 94:cc:b9:fe:dc:ba > 00:01:11:00:00:d8, ethertype IPv4 (0x0800), length 74: 192.168.100.1 > 1.1.1.23: ICMP echo reply, id 1, seq 688, length 40
Finding:
When attempting to deliver communications to the IP address 192.168.100.1, the router uses its default gateway. This is because the IP address 192.168.100.1 does not belong to any of the known routes for the router. The first line in the capture shows the router sending the packet to the ISP (the default gateway’s MAC address). As can be seen in the second line, the cable modem responded to the ping. Essentially the cable modem intercepted the packet destined for the gateways MAC address and responded.