How to Diagnose and Fix Network Packet Loss in an Nginx Environment

1. Where packet loss may occur

Packet loss happens when transmitted data packets are discarded before reaching the application, and the loss rate (lost packets ÷ total packets) is a key network performance metric. It can severely degrade TCP performance, causing congestion, retransmissions, higher latency, and lower throughput.

2. Analyzing loss with Nginx as an example

Using the reverse‑proxy server Nginx, we run hping3 -c 10 -S -p 80 192.168.0.30 to test TCP connectivity. The output shows 10 packets sent but only 5 replies, a 50% loss, and large RTT variations, indicating packet loss and possible retransmissions.

3. Link‑layer inspection

Linux records receive‑side errors in the NIC statistics. Running netstat -i shows no errors, but tc -s qdisc show dev eth0 reveals a netem qdisc with loss 30%, which explains the loss. Deleting the netem rule with tc qdisc del dev eth0 root netem loss 30% eliminates the loss for SYN packets.

4. Network and transport layers

Running netstat -s displays protocol statistics. TCP shows failed connection attempts, retransmitted segments, SYN retransmissions, and timeouts, confirming that the loss originates in the transport layer.

5. iptables inspection

iptables rules can also drop packets. The iptables -t filter -nvL output shows two DROP rules using the statistic module with a 30% random drop probability, which matches the observed loss. Removing these rules with:

iptables -t filter -D INPUT -m statistic --mode random --probability 0.30 -j DROP
iptables -t filter -D OUTPUT -m statistic --mode random --probability 0.30 -j DROP

stops the intentional drops.

6. Verifying HTTP response with curl

After fixing netem and iptables, hping3 shows 0% loss, but curl --max-time 3 http://192.168.0.30 still times out. Capturing traffic with tcpdump -i eth0 -nn port 80 reveals that the TCP three‑way handshake succeeds, but the client closes the connection after 3 seconds without sending an HTTP GET request.

7. MTU misconfiguration

Inspecting netstat -i shows the NIC MTU is set to 100, far below the Ethernet default of 1500. This small MTU causes fragmentation and loss of larger packets (such as HTTP GET). Adjusting the MTU with ifconfig eth0 mtu 1500 resolves the issue.

8. Final verification

Running curl --max-time 3 http://192.168.0.30/ now returns the expected HTML page, confirming that packet loss has been eliminated and Nginx serves HTTP correctly.