I was trying to trace a host the other day and i saw that the trace entered an infinite loop between 2 ips. Also the ips was of the same subnet so i smell a firewall or sth. Any ideas?
Not really sure... was it a hostname (DNS) name that you were tracing, or an IP address? If it was a hostname, it could've possibly been bouncing between two DNS servers trying to get the address resolved, but that doesn't seem likely.
IP2 could've possibly been a firewall that was dropping the packets, and IP1 could've been a router that does store-and-forward with data integrity checking features. When a piece of network hardware has data integrity features, it ensures complete delivery of a packet... if the packet doesn't get delivered correctly, it will re-send that one until it makes it. So, to a trace, that could've looked as if the packet hit IP1, hit IP2 (and was dropped), then got re-sent from IP1 (which could've triggered a response loop).
Maybe try using hping or another ping utility that lets you specify a TTL, then set the TTL to the number of hops to IP1. If successful, increment it by 1 and see what happens; it should finish after the first drop. If that's the case, try scoping IP2 with a scanner or try using firewalk.
EDIT: I was close. Here's an excerpt from a site that knows better than I:
'Sometimes you might see a route start “looping” back and forth between two routers, until the 30-hop limit is reached. This is a routing loop. This usually means that one router has lost communication (BGP) with another, and thus has dropped that route. Since the router has lost the route it needs, it sends the packet back where it came from, thinking maybe that is the best route. That router knows better and sends it back to the other one, over and over.'
Edited by on 27-08-08 15:31