Diagnosing and Fixing Linux Network Packet Loss: A Step‑by‑Step Guide
This article walks through how packet loss can occur at any layer of the Linux network stack, demonstrates using ethtool, netstat, iptables, tc and tcpdump to locate the issue, and shows how adjusting MTU and removing a netem rule fully resolves the problem.
1. Background
Packet loss can happen anywhere in the protocol stack, from VM link failures to application errors.
Transmission failures between two VMs (congestion, line errors, etc.)
Ring‑buffer overflow after NIC receives packets
Link‑layer frame checksum failures or QoS drops
IP‑layer routing failures or MTU oversize
Transport‑layer port not listening or kernel limits exceeded
Socket‑buffer overflow
Application‑layer process crashes
iptables filtering rules
2. Link layer
When the NIC drops packets because of buffer overflow, Linux records error counters. Use ethtool or netstat -i to view them. netstat -i The example shows no errors on the virtual NIC, but a tc qdisc with a 30% loss rate is present. tc -s qdisc show dev eth0 Removing the netem rule eliminates this loss.
tc qdisc del dev eth0 root netem loss 30%3. Network and transport layers
Run netstat -s to see per‑protocol statistics. The output reveals TCP connection failures, retransmissions and SYN resets, indicating many three‑way‑handshake failures.
netstat -s4. iptables
Besides protocol counters, iptables and the kernel connection‑tracking subsystem can cause drops. Check connection‑track limits and filter‑table statistics.
sysctl net.netfilter.nf_conntrack_max
sysctl net.netfilter.nf_conntrack_countThe counts show the issue is not connection‑tracking. The DROP rules using the statistic module with a 30% probability are responsible for the loss. iptables -t filter -nvL Delete the two DROP rules.
iptables -t filter -D INPUT -m statistic --mode random --probability 0.30 -j DROP
iptables -t filter -D OUTPUT -m statistic --mode random --probability 0.30 -j DROP5. tcpdump
Capture traffic on port 80 to verify that packets are being dropped.
tcpdump -i eth0 -nn port 806. MTU
The NIC MTU is set to 100, far below the Ethernet default of 1500. Increase it to 1500 to stop fragmentation‑related loss. ifconfig eth0 mtu 1500 After the change, a curl request succeeds and Nginx returns the expected HTML page.
curl --max-time 3 http://192.168.0.30/Linux Tech Enthusiast
Focused on sharing practical Linux technology content, covering Linux fundamentals, applications, tools, as well as databases, operating systems, network security, and other technical knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.