How to Identify and Diagnose Packet Drops on Linux
This article explains how to detect whether inbound or outbound packets are being dropped on a Linux system, shows how to use netstat, dropwatch, and perf to pinpoint the cause, and provides step‑by‑step commands and example outputs for debugging packet loss.
When a server experiences packet loss, the article examines two common situations: an incoming packet that never reaches the application (RX drop) and an outgoing packet that never leaves the machine (TX drop), while explicitly ignoring end‑to‑end network tracing.
To determine if packets are being dropped locally, the author suggests running netstat -i and interpreting the interface statistics. An example output shows RX drops on the enp0s25 wireless interface but no TX drops.
If further details are needed, ethtool -S can provide additional counters, though it may not be available on all systems.
To discover why packets are dropped, the article introduces the dropwatch tool. Installation steps are provided:
sudo apt-get install -y libnl-3-dev libnl-genl-3-dev binutils-dev libreadline6-dev
git clone https://github.com/pavel-odintsov/drop_watch
cd drop_watch/src
vim Makefile # comment out the -Werror argument to gcc
makeRunning sudo ./dropwatch -l kas yields output that identifies kernel functions responsible for drops, such as tcp_v4_do_rcv+cd and sk_stream_kill_queues+57 .
An alternative method uses perf to monitor the kfree_skb event, revealing where in the kernel stack packets are freed:
sudo perf record -g -a -e skb:kfree_skb
sudo perf scriptThe article concludes with links to further reading on monitoring and tuning the Linux networking stack for both receiving and sending data, and provides a reference to the original English blog post.
High Availability Architecture
Official account for High Availability Architecture.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.