Master Linux TCP Settings: Tuning /proc/sys/net/ipv4 and Core Parameters

Linux TCP Parameters Overview

The /proc/sys/net/ipv4/ directory contains files that control TCP behavior. Adjusting these values can improve security, prevent certain attacks, and fine‑tune network performance.

/proc/sys/net/ipv4/ key parameters

tcp_syn_retries

: Number of SYN retransmissions before giving up on a new outbound connection. Default 5 (≈180 ms). Recommended 1 – 2 for low‑latency environments. tcp_synack_retries: Number of SYN‑ACK retransmissions for inbound connections. Default 5 (≈180 s). Recommended 1. tcp_keepalive_time: Interval (seconds) between keepalive probes. Default 7200. Suggested 600. tcp_keepalive_probes: Number of keepalive probes before declaring the connection dead. Default 9. Suggested 3. tcp_keepalive_intvl: Seconds between successive keepalive probes after the first one. Default 74. Suggested 15 for web servers. tcp_retries1: Retransmissions for the first data segment of an established connection. Minimum RFC value 3. tcp_retries2: Retransmissions for later data segments. Default 15 (≈13‑30 min). Suggested 5 for high‑load servers. tcp_orphan_retries: Retransmissions before discarding an orphaned socket. Default 7 (≈50 s‑16 min). Suggested 3 on busy web servers. tcp_fin_timeout: Time (seconds) a socket stays in FIN‑WAIT‑2. Default 60. Suggested 2 for fast cleanup. tcp_max_tw_buckets: Maximum number of TIME‑WAIT sockets. Default 180000. Suggested 36000 to mitigate DoS. tcp_tw_recycle / tcp_tw_reuse: Fast recycling and reuse of TIME‑WAIT sockets. Default 0. Enable with caution; useful for NAT. tcp_max_syn_backlog: Size of the SYN queue for half‑opened connections. Default 1024 (or 128 on <128 MiB RAM). Increase to 16384 on high‑traffic servers. tcp_window_scaling: Enables variable TCP window size. Default 1 (enabled). Important for high‑speed links. tcp_timestamps: Enables RFC 1323 timestamps for better RTT calculation and protection against sequence‑number attacks. Default 1. tcp_sack, tcp_fack, tcp_dsack: Selective ACK options that improve loss recovery. Default 1; keep enabled for WAN. tcp_ecn: Explicit Congestion Notification. Default 0. tcp_reordering: Maximum reordering depth before triggering fast retransmit. Default 3. Suggested 6 for noisy networks.

/proc/sys/net/core/ parameters

netdev_max_backlog

: Max packets queued per NIC when kernel processing lags. Default 1024. Suggested 16384 for heavy‑load servers. somaxconn: Maximum listen backlog size. Default 128. Suggested 16384 for high‑traffic services. wmem_default / rmem_default: Default send/receive buffer sizes (bytes). Default 129024. wmem_max / rmem_max: Maximum buffer sizes. Default 129024. Suggested 873200 for high‑throughput workloads.

How to Modify Kernel Parameters

Directly write a value to the proc file, e.g. echo "1" > /proc/sys/net/ipv4/tcp_syn_retries. Changes are lost after reboot.

Add the setting to /etc/sysctl.conf and apply with sysctl -p. This makes the change permanent.

Use the sysctl command on the fly, e.g. sysctl net.ipv4.tcp_syn_retries=2. The change persists until the next reboot unless also added to sysctl.conf.

Viewing Linux Network Statistics

Network interface counters are exposed under /sys/class/net/<iface>/statistics/. Example for eth0:

cat /sys/class/net/eth0/statistics/rx_packets   # received packets
cat /sys/class/net/eth0/statistics/tx_packets   # transmitted packets
cat /sys/class/net/eth0/statistics/rx_bytes     # received bytes
cat /sys/class/net/eth0/statistics/tx_bytes     # transmitted bytes
cat /sys/class/net/eth0/statistics/rx_dropped   # dropped inbound packets
cat /sys/class/net/eth0/statistics/tx_dropped   # dropped outbound packets

Additional NIC details such as MAC address, speed, and MTU can be read from the corresponding files in /sys/class/net/<iface>/.