Sony-Ericsson W890i: Bluetooth Personal Area Networking (PAN)

Started Wireshark on the Personal Area Networking interface.
Connected to the phone's PAN bluetooth profile.
Wireshark showed that phone acted as DHCP server.
Phone accessed the internet APN using GPRS(EDGE) PPP and got its IP. It gave the a.b.c.d IP (plus DNS servers) to my PC using DHCP (a lease for 5 minutes only, wow), acting as a gateway and assigning itself the IP a.b.c.d+1 and using the netmask 255.255.255.240. Another time the netmask was 255.255.255.248 - I just wonder how is it chosen?..

The phone also reported its MAC when I tried to ping anything from the range that turned out to be on one subnet with the PC. Some IPs responded to PINGs with >2sec delay indicating that the phone translated (NATed) the packets to real IPs via the GPRS(EDGE) PPP session. The PC refused to ping the zero subnet (bug bug bug in Sony-Ericssons's PAN NAT implementation!). And I guess I should be unable to ping the broadcast subnet too (have not tried).

All other packets originated from the PS were sent to the default gateway (a.b.c.d+1) and the communication was OK -- nothing special.

So, why does the phone give such a large subnet - 16 hosts? Maybe it is capable to serve many simultaneous incoming PAN connections -- and to effectively NAT them?
I have not tried this but this would be a bug. This will cause failure to communicate with legitimate IPs owners. The IPs should be given to other incoming PAN clients asking for the address using DHCP and such behavior will cause failure in communication with the real IPs owners. IMHO the phone will refuse >1 incoming PAN connections... Hmm.. this could be very comfortable to use phone's connection with multiplie devices.

Another point. The phone asked for a DHCP address and assigned itself address 169.254.241.104 (netmask 255.255.0.0) after it failed to get the answer from DHCP the DHCP server.

Verdict: PAN implementation should be convinient but it is not 100% working - some addresses (at least two broadcasts) would be not accessible! I checked this by pinging the mensioned addresses from another host on another provider - it worked while I failed to ping the addresses from the mobile phone.