I want to test an applications ability to deal with randomly or systematically dropped packets. I'd like to intentionally drop a packet only on a specific port at various intervals.... could be based on time or count I suppose.

Anyone know how I might do this?

Try an iptables rule such as:

iptables -A INPUT -i eth0 -m limit 20 -p tcp --dport 20000 -j DROP

I've been reading the netfilter docs thinking iptables might provide what I'm looking for. Apparently -m limit doesn't take arguments. I get this message when trying the rule suggested.

Bad argument `20'

Upon further review... looks like there are a couple of optional arguments
--limit and --limit-burst. From reading the docs I don't really understand what these do but I'll experiment with the --limit argument and see what happens.

The limit module is used to match only a certain amount of packets.
-m limit --limit 5 would match the first 5 packet then ignore the rest.
This is usually used for logging purposes. For example log the first 5 packets of a DoS attack, then ignore the rest or maybe drop then to prevent the attack from succeeding.

That depends on what you set the limits at. Obviously it wouldn't make much sense to accept 5 packets and then drop the rest forever. The limit burst recharges over time to allow the pakcets back in, and if set low enough, like --limit 10/s which would have a default --limit-burst 5 the first 5 would match the rule, then only 1 every 6sec would match.
If nothing comes in within 6sec then the --limit-burst is raised from 0 to
1, and so on every 6sec.

So a commands like:

iptables -A INPUT ACCEPT
iptables -A INPUT -i eth0 -m limit --limit 10/s -p tcp --dport 20000 -j DROP

Would drop the first 5 packets, and then drop 1 packet every 6 seconds provided the packets are coming in at 10/second or more.

Please someone correct me if I am wrong about this.