Why Is Your Linux Server Dropping Packets? A Step‑by‑Step Diagnosis

1. Background

The analysis starts by noting that packet loss can occur anywhere in the network stack, from the virtual machines’ link to the application layer, making the entire path a potential failure point.

2. Link Layer

When the NIC experiences buffer overflow or other errors, Linux records error counters. The ethtool -i or netstat -i commands reveal statistics such as RX‑ERR , RX‑DRP , and TX‑ERR . In the example, the eth0 interface shows a high RX‑DRP count, indicating drops at the driver level.

netstat -i

Kernel Interface table
Iface   MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0   100   31      0      0      0    8      0      0      0      0  BMRU
lo    65536   0      0      0      0    0      0      0      0      0

Further inspection shows a tc qdisc netem rule that introduces a 30 % random loss, which explains the observed packet drops.

tc -s qdisc show dev eth0
qdisc netem 800d: root refcnt 2 limit 1000 loss 30%

Removing the netem rule with tc qdisc del dev eth0 root netem eliminates this artificial loss.

tc qdisc del dev eth0 root netem loss 30%

3. Network and Transport Layers

Running netstat -s provides per‑protocol counters. The output shows TCP retransmissions, failed connection attempts, and SYN‑RECV resets, confirming that the primary failures are three‑way‑handshake timeouts.

netstat -s
...
Tcp:
    11 failed connection attempts
    4 segments retransmitted
    11 resets received for embryonic SYN_RECV sockets
    4 TCPSynRetrans
    7 TCPTimeouts

These metrics indicate that the loss is not due to protocol bugs but to underlying link‑layer issues.

4. iptables

iptables rules can also drop packets. The filter table shows two DROP rules using the statistic module with a 30 % probability, matching all source and destination addresses.

iptables -t filter -nvL
Chain INPUT (policy ACCEPT 25 packets)
 pkts bytes target prot opt in out source destination
   6 240 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.29999999981

Chain OUTPUT (policy ACCEPT 15 packets)
 pkts bytes target prot opt in out source destination
   6 264 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.30

Deleting these rules stops the random packet loss.

iptables -t filter -D INPUT -m statistic --mode random --probability 0.30 -j DROP
iptables -t filter -D OUTPUT -m statistic --mode random --probability 0.30 -j DROP

5. tcpdump

Capturing traffic on port 80 with tcpdump -i eth0 -nn port 80 confirms that the interface is listening but that packets are being dropped before reaching the application.

tcpdump -i eth0 -nn port 80

6. MTU Misconfiguration

The netstat -i output also reveals that eth0 has an MTU of only 100 bytes, far below the Ethernet default of 1500. This tiny MTU causes fragmentation and drops for larger TCP payloads such as HTTP GET requests. ifconfig eth0 mtu 1500 After increasing the MTU and removing the offending iptables and tc rules, a simple curl --max-time 3 http://192.168.0.30/ request succeeds, returning the expected HTML page and confirming that packet loss has been fully resolved.

curl --max-time 3 http://192.168.0.30/
<!DOCTYPE html>
<html>
...<p><em>Thank you for using nginx.</em></p>
</html>