Enable HTTPS with certbot, Let's Encrypt, and DuckDNS

Nevets · November 22, 2022, 3:38pm

I am a noob, so please go slow…

Nextcloud version (eg, 20.0.5): Nextcloud Hub II (23.0.0)
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04.1 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.52 (Ubuntu)
PHP version (eg, 7.4): PHP 8.1.12 (cli)

I’ve managed to install Nextcloud on Ubuntu 22.04.1 LTS using MANY tutorials. I just need to enable SSL. I can access the Nextcloud server from the internet using http. But when I try httpS I get an ‘ERR_SSL_PROTOCOL_ERROR’ error in my browser.

I’ve created a sub domain name using DuckDNS, so it’s accessible on http://xxx.duckdns.org. Its IP address automatically updates should my public IP of my router change.

I can also access the site on http:// PuplicIPAddress

When I run certbot --apache -d xxx.duckdns.org I get the following message:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: xxx.duckdns.org
Type: connection
Detail: PublicIPAddress: Fetching http://xxx.duckdns.org/.well-known/acme-challenge/###LONGCODEHERE###: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Please advise where I’m getting stuck and how I can overcome what should be a simple step in my opinion.

Many Thanks

KarlF12 · November 22, 2022, 6:00pm

Most often this is either a port forward issue or a wrong DNS entry. Probably the former since you use DDNS, but I’d check it anyway.

Can you confirm you get to your Apache from the internet using HTTP port 80?

Nevets · November 23, 2022, 8:55am

While on the same LAN, I can access the Nextcloud login screen and sign in on these URLs:
http:// LocalIP
http:// PublicIP
http:// xxx.duckDNS.org

When my I connect from a different network (ie: from the internet), I can not access the above URLs (ERR_CONNECTION_TIMED_OUT).
Open Port Check Tool - Test Port Forwarding on Your Router shows 443 is open, but 80 is not. Although I’ve configured my router to forward port 80 traffic to the local IP the same way I have for port 443.

Could my ISP be blocking something? Or is there perhaps another Ubuntu firewall setting I’m unaware of?

EDIT: Adding :443 after the URLs show the Ubuntu Apache2 Default Page
http:// PublicIP:443
http:// xxx.duckDNS.org:443

sfphoton · November 23, 2022, 11:48am

I would try and check if I could access my nextcloud from some mobile internet connection or anything that is not on your LAN, using the address http://xxx.duckdns.org. If you can’t reach it that way but can reach it from your LAN, it signals a firewall issue, maybe your router is configured to drop traffic on port 80.

(Hint: http traffic uses the port 80 by default, https uses the port 443.)

Your certbot error message means that your server does not respond when queried via http, so on port 80, from the Internet.

sfphoton · November 23, 2022, 11:59am

And some not-so-important notes about this part:

EDIT: Adding :443 after the URLs show the Ubuntu Apache2 Default Page
http:// PublicIP:443
http:// xxx.duckDNS.org:443

Port 80 is the default for http, port 443 is the default for https. This can be overridden in the browser with this notation: http://mysite.com:443/anything. This makes the browser use http but on port 443.

Different ports also allow you to set up different servers, because if one server bind to one port on your computer and another program binds to another, the operating system forwards requests for them based on which port they arrived to. Apache is a web server program, but it can serve multiple “servers” at once, on multiple ports. Nowadays most websites use this feature, and they work differently on port 80 and 443 - most frequently, http://something.com will just redirect the browser to the website https://something.com and https://something.com will serve the actual content.

This is also the setup certbot would configure for you. It would set xxx.duckdns.org:443 to use https (now it only uses http, as you could see,) and it would configure xxx.duckdns.org:80 to use http but tell the browser that the content is on port 443, https.

devnull · November 23, 2022, 12:17pm

@sfphoton
Maybe you can use parts of this installation guide for setting up apache2 with Lets Encrypt.

Make sure that apache2 is listening on port 80 and 443 and the forwarding on the router incl. firewall is working or deactivate all firewalls.

Nevets · November 23, 2022, 2:39pm

I’ve put the server now onto it’s own internet connection and can not connect to it via http Public IP or domain name. The opposite is also true when it’s on my LAN/home network and I try connecting via my mobile data.

Open Port Check Tool - Test Port Forwarding on Your Router still shows port 80 is closed on the public, despite it being set up correctly on both my routers from all I can tell.
So is there something on the server blocking port 80?

@devnull , thank you. I will work through this guide and see if there’s a nugget I can pick up. Will update you in due course.

sfphoton · November 23, 2022, 3:41pm

I suspect it is some firewall, then. Either the server’s firewall or one on the router. tcpdump or wireshark are great tools for network traffic monitoring, if you run it on your server and filter for port 80, you can determine if requests arrive to the server or get dropped before it.

If you can see those port 80 packets on your server, check the server’s firewall. If you run Linux on your server, probably iptables does the filtering for you. You can list its rules using sudo iptables -L. I recommend looking up some iptables tutorial, but you will be looking for the INPUT chain’s default policy and rules.

If not the server itself, look through your router(s). In that case, maybe share your network topology and see if someone has an idea.

Nevets · November 26, 2022, 9:36am

I’ve checked the Uncomplicated Firewall in Ubuntu and ports 80 and 443 are allowed.
I ran the iptables -L and the results are below. I also ran tcpdump -n port 22

Unfortunately it’s all Greek to me. Can someone have a look at advise if I’m any closer to finding where I’m getting blocked?

IPTABLES

Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all – anywhere anywhere
ufw-before-input all – anywhere anywhere
ufw-after-input all – anywhere anywhere
ufw-after-logging-input all – anywhere anywhere
ufw-reject-input all – anywhere anywhere
ufw-track-input all – anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-logging-forward all – anywhere anywhere
ufw-before-forward all – anywhere anywhere
ufw-after-forward all – anywhere anywhere
ufw-after-logging-forward all – anywhere anywhere
ufw-reject-forward all – anywhere anywhere
ufw-track-forward all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all – anywhere anywhere
ufw-before-output all – anywhere anywhere
ufw-after-output all – anywhere anywhere
ufw-after-logging-output all – anywhere anywhere
ufw-reject-output all – anywhere anywhere
ufw-track-output all – anywhere anywhere

Chain ufw-after-forward (1 references)
target prot opt source destination

Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp – anywhere anywhere udp dpt:netbios-ns
ufw-skip-to-policy-input udp – anywhere anywhere udp dpt:netbios-dgm
ufw-skip-to-policy-input tcp – anywhere anywhere tcp dpt:netbios-ssn
ufw-skip-to-policy-input tcp – anywhere anywhere tcp dpt:microsoft-ds
ufw-skip-to-policy-input udp – anywhere anywhere udp dpt:bootps
ufw-skip-to-policy-input udp – anywhere anywhere udp dpt:bootpc
ufw-skip-to-policy-input all – anywhere anywhere ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all – anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all – anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target prot opt source destination

Chain ufw-after-output (1 references)
target prot opt source destination

Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp – anywhere anywhere icmp destination-unreachable
ACCEPT icmp – anywhere anywhere icmp time-exceeded
ACCEPT icmp – anywhere anywhere icmp parameter-problem
ACCEPT icmp – anywhere anywhere icmp echo-request
ufw-user-forward all – anywhere anywhere

Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-logging-deny all – anywhere anywhere ctstate INVALID
DROP all – anywhere anywhere ctstate INVALID
ACCEPT icmp – anywhere anywhere icmp destination-unreachable
ACCEPT icmp – anywhere anywhere icmp time-exceeded
ACCEPT icmp – anywhere anywhere icmp parameter-problem
ACCEPT icmp – anywhere anywhere icmp echo-request
ACCEPT udp – anywhere anywhere udp spt:bootps dpt:bootpc
ufw-not-local all – anywhere anywhere
ACCEPT udp – anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp – anywhere 239.255.255.250 udp dpt:1900
ufw-user-input all – anywhere anywhere

Chain ufw-before-logging-forward (1 references)
target prot opt source destination

Chain ufw-before-logging-input (1 references)
target prot opt source destination

Chain ufw-before-logging-output (1 references)
target prot opt source destination

Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-user-output all – anywhere anywhere

Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all – anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all – anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all – anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all – anywhere anywhere ADDRTYPE match dst-type LOCAL
RETURN all – anywhere anywhere ADDRTYPE match dst-type MULTICAST
RETURN all – anywhere anywhere ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all – anywhere anywhere limit: avg 3/min burst 10
DROP all – anywhere anywhere

Chain ufw-reject-forward (1 references)
target prot opt source destination

Chain ufw-reject-input (1 references)
target prot opt source destination

Chain ufw-reject-output (1 references)
target prot opt source destination

Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all – anywhere anywhere

Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all – anywhere anywhere

Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all – anywhere anywhere

Chain ufw-track-forward (1 references)
target prot opt source destination

Chain ufw-track-input (1 references)
target prot opt source destination

Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp – anywhere anywhere ctstate NEW
ACCEPT udp – anywhere anywhere ctstate NEW

Chain ufw-user-forward (1 references)
target prot opt source destination

Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp – anywhere anywhere tcp dpt:https
ACCEPT tcp – anywhere anywhere tcp dpt:https
ACCEPT udp – anywhere anywhere udp dpt:https
ACCEPT tcp – anywhere anywhere multiport dports http,https
ACCEPT tcp – anywhere anywhere tcp dpt:http
ACCEPT udp – anywhere anywhere udp dpt:80
ACCEPT tcp – anywhere anywhere tcp dpt:http

Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all – anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all – anywhere anywhere reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all – anywhere anywhere

Chain ufw-user-logging-forward (0 references)
target prot opt source destination

Chain ufw-user-logging-input (0 references)
target prot opt source destination

Chain ufw-user-logging-output (0 references)
target prot opt source destination

Chain ufw-user-output (1 references)
target prot opt source destination

TCPDUMP

11:19:41.397514 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [P.], seq 351:436, ack 486, win 3888, options [nop,nop,TS val 241160 ecr 3661899956], length 85: HTTP
11:19:41.397541 IP 192.168.8.100.52594 > 192.168.8.1.80: Flags [.], ack 436, win 501, options [nop,nop,TS val 3661899966 ecr 241160], length 0
11:19:41.410296 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 32640:33130, ack 56212, win 2916, options [nop,nop,TS val 3661899978 ecr 241160], length 490: HTTP: GET /api/monitoring/traffic-statistics HTTP/1.1
11:19:41.411311 IP 192.168.8.100.52594 > 192.168.8.1.80: Flags [P.], seq 486:963, ack 436, win 501, options [nop,nop,TS val 3661899979 ecr 241160], length 477: HTTP: GET /api/net/current-plmn HTTP/1.1
11:19:41.424994 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 56212:56563, ack 33130, win 18628, options [nop,nop,TS val 241163 ecr 3661899978], length 351: HTTP: HTTP/1.1 200 OK
11:19:41.424994 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 56563:56996, ack 33130, win 18628, options [nop,nop,TS val 241163 ecr 3661899978], length 433: HTTP
11:19:41.425175 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 56996, win 2950, options [nop,nop,TS val 3661899993 ecr 241163], length 0
11:19:41.442409 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [.], ack 963, win 4156, options [nop,nop,TS val 241165 ecr 3661899979], length 0
11:19:41.497663 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [P.], seq 436:787, ack 963, win 4156, options [nop,nop,TS val 241170 ecr 3661899979], length 351: HTTP: HTTP/1.1 200 OK
11:19:41.497727 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [P.], seq 787:966, ack 963, win 4156, options [nop,nop,TS val 241170 ecr 3661899979], length 179: HTTP
11:19:41.497885 IP 192.168.8.100.52594 > 192.168.8.1.80: Flags [.], ack 966, win 501, options [nop,nop,TS val 3661900066 ecr 241170], length 0
11:19:44.335931 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 33130:33608, ack 56996, win 2950, options [nop,nop,TS val 3661902904 ecr 241163], length 478: HTTP: GET /api/monitoring/status HTTP/1.1
11:19:44.336495 IP 192.168.8.100.52594 > 192.168.8.1.80: Flags [P.], seq 963:1442, ack 966, win 501, options [nop,nop,TS val 3661902904 ecr 241170], length 479: HTTP: GET /api/cradle/status-info HTTP/1.1
11:19:44.336909 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [.], ack 1442, win 4424, options [nop,nop,TS val 241454 ecr 3661902904], length 0
11:19:44.366230 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [P.], seq 966:1317, ack 1442, win 4424, options [nop,nop,TS val 241457 ecr 3661902904], length 351: HTTP: HTTP/1.1 200 OK
11:19:44.366230 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [P.], seq 1317:1641, ack 1442, win 4424, options [nop,nop,TS val 241457 ecr 3661902904], length 324: HTTP
11:19:44.366444 IP 192.168.8.100.52594 > 192.168.8.1.80: Flags [.], ack 1641, win 501, options [nop,nop,TS val 3661902934 ecr 241457], length 0
11:19:44.366500 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 56996:57348, ack 33608, win 18628, options [nop,nop,TS val 241457 ecr 3661902904], length 352: HTTP: HTTP/1.1 200 OK
11:19:44.366567 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 57348:58437, ack 33608, win 18628, options [nop,nop,TS val 241457 ecr 3661902904], length 1089: HTTP
11:19:44.366593 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 58437, win 2990, options [nop,nop,TS val 3661902935 ecr 241457], length 0
11:19:44.382229 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 33608:34099, ack 58437, win 2990, options [nop,nop,TS val 3661902950 ecr 241457], length 491: HTTP: GET /api/monitoring/check-notifications HTTP/1.1
11:19:44.384211 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [F.], seq 1641, ack 1442, win 4424, options [nop,nop,TS val 241459 ecr 3661902934], length 0
11:19:44.384492 IP 192.168.8.100.52594 > 192.168.8.1.80: Flags [F.], seq 1442, ack 1642, win 501, options [nop,nop,TS val 3661902952 ecr 241459], length 0
11:19:44.384971 IP 192.168.8.1.80 > 192.168.8.100.52594: Flags [.], ack 1443, win 4424, options [nop,nop,TS val 241459 ecr 3661902952], length 0
11:19:44.392484 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 58437:58788, ack 34099, win 18628, options [nop,nop,TS val 241460 ecr 3661902950], length 351: HTTP: HTTP/1.1 200 OK
11:19:44.392484 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 58788:58968, ack 34099, win 18628, options [nop,nop,TS val 241460 ecr 3661902950], length 180: HTTP
11:19:44.392709 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 58968, win 3024, options [nop,nop,TS val 3661902961 ecr 241460], length 0
11:19:44.405301 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 34099:34589, ack 58968, win 3024, options [nop,nop,TS val 3661902973 ecr 241460], length 490: HTTP: GET /api/monitoring/traffic-statistics HTTP/1.1
11:19:44.410935 IP 192.168.8.100.37338 > 192.168.8.1.80: Flags [S], seq 3150501751, win 64240, options [mss 1460,sackOK,TS val 3661902979 ecr 0,nop,wscale 7], length 0
11:19:44.411413 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [S.], seq 3242495773, ack 3150501752, win 14480, options [mss 1460,sackOK,TS val 241461 ecr 3661902979,nop,wscale 2], length 0
11:19:44.411502 IP 192.168.8.100.37338 > 192.168.8.1.80: Flags [.], ack 1, win 502, options [nop,nop,TS val 3661902979 ecr 241461], length 0
11:19:44.411805 IP 192.168.8.100.37338 > 192.168.8.1.80: Flags [P.], seq 1:486, ack 1, win 502, options [nop,nop,TS val 3661902980 ecr 241461], length 485: HTTP: GET /api/dialup/mobile-dataswitch HTTP/1.1
11:19:44.412312 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [.], ack 486, win 3888, options [nop,nop,TS val 241462 ecr 3661902980], length 0
11:19:44.422499 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 58968:59319, ack 34589, win 18628, options [nop,nop,TS val 241463 ecr 3661902973], length 351: HTTP: HTTP/1.1 200 OK
11:19:44.422499 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 59319:59752, ack 34589, win 18628, options [nop,nop,TS val 241463 ecr 3661902973], length 433: HTTP
11:19:44.422617 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 59752, win 3058, options [nop,nop,TS val 3661902991 ecr 241463], length 0
11:19:44.422752 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [P.], seq 1:351, ack 486, win 3888, options [nop,nop,TS val 241463 ecr 3661902980], length 350: HTTP: HTTP/1.1 200 OK
11:19:44.422792 IP 192.168.8.100.37338 > 192.168.8.1.80: Flags [.], ack 351, win 501, options [nop,nop,TS val 3661902991 ecr 241463], length 0
11:19:44.422812 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [P.], seq 351:436, ack 486, win 3888, options [nop,nop,TS val 241463 ecr 3661902980], length 85: HTTP
11:19:44.422824 IP 192.168.8.100.37338 > 192.168.8.1.80: Flags [.], ack 436, win 501, options [nop,nop,TS val 3661902991 ecr 241463], length 0
11:19:44.431350 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 34589:35079, ack 59752, win 3058, options [nop,nop,TS val 3661902999 ecr 241463], length 490: HTTP: GET /api/monitoring/traffic-statistics HTTP/1.1
11:19:44.432993 IP 192.168.8.100.37338 > 192.168.8.1.80: Flags [P.], seq 486:963, ack 436, win 501, options [nop,nop,TS val 3661903001 ecr 241463], length 477: HTTP: GET /api/net/current-plmn HTTP/1.1
11:19:44.442538 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 59752:60103, ack 35079, win 18628, options [nop,nop,TS val 241465 ecr 3661902999], length 351: HTTP: HTTP/1.1 200 OK
11:19:44.442538 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 60103:60536, ack 35079, win 18628, options [nop,nop,TS val 241465 ecr 3661902999], length 433: HTTP
11:19:44.442693 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 60536, win 3092, options [nop,nop,TS val 3661903011 ecr 241465], length 0
11:19:44.472201 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [.], ack 963, win 4156, options [nop,nop,TS val 241468 ecr 3661903001], length 0
11:19:44.519222 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [P.], seq 436:787, ack 963, win 4156, options [nop,nop,TS val 241472 ecr 3661903001], length 351: HTTP: HTTP/1.1 200 OK
11:19:44.519285 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [P.], seq 787:966, ack 963, win 4156, options [nop,nop,TS val 241472 ecr 3661903001], length 179: HTTP
11:19:44.519439 IP 192.168.8.100.37338 > 192.168.8.1.80: Flags [.], ack 966, win 501, options [nop,nop,TS val 3661903087 ecr 241472], length 0
11:19:47.333447 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 35079:35567, ack 60536, win 3092, options [nop,nop,TS val 3661905901 ecr 241465], length 488: HTTP: GET /api/monitoring/converged-status HTTP/1.1
11:19:47.335586 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [F.], seq 966, ack 963, win 4156, options [nop,nop,TS val 241754 ecr 3661903087], length 0
11:19:47.335879 IP 192.168.8.100.37338 > 192.168.8.1.80: Flags [F.], seq 963, ack 967, win 501, options [nop,nop,TS val 3661905904 ecr 241754], length 0
11:19:47.336597 IP 192.168.8.1.80 > 192.168.8.100.37338: Flags [.], ack 964, win 4156, options [nop,nop,TS val 241754 ecr 3661905904], length 0
11:19:47.372589 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [.], ack 35567, win 18628, options [nop,nop,TS val 241758 ecr 3661905901], length 0
11:19:47.450814 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 60536:60887, ack 35567, win 18628, options [nop,nop,TS val 241765 ecr 3661905901], length 351: HTTP: HTTP/1.1 200 OK
11:19:47.450814 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 60887:61054, ack 35567, win 18628, options [nop,nop,TS val 241765 ecr 3661905901], length 167: HTTP
11:19:47.451046 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 61054, win 3126, options [nop,nop,TS val 3661906019 ecr 241765], length 0
11:19:48.331021 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 35567:36045, ack 61054, win 3126, options [nop,nop,TS val 3661906899 ecr 241765], length 478: HTTP: GET /api/monitoring/status HTTP/1.1
11:19:48.331508 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [.], ack 36045, win 18628, options [nop,nop,TS val 241853 ecr 3661906899], length 0
11:19:48.332618 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [S], seq 3214769166, win 64240, options [mss 1460,sackOK,TS val 3661906901 ecr 0,nop,wscale 7], length 0
11:19:48.333146 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [S.], seq 2159539421, ack 3214769167, win 14480, options [mss 1460,sackOK,TS val 241853 ecr 3661906901,nop,wscale 2], length 0
11:19:48.333178 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [.], ack 1, win 502, options [nop,nop,TS val 3661906901 ecr 241853], length 0
11:19:48.333314 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [P.], seq 1:480, ack 1, win 502, options [nop,nop,TS val 3661906901 ecr 241853], length 479: HTTP: GET /api/cradle/status-info HTTP/1.1
11:19:48.334014 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [.], ack 480, win 3888, options [nop,nop,TS val 241853 ecr 3661906901], length 0
11:19:48.360048 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [P.], seq 1:352, ack 480, win 3888, options [nop,nop,TS val 241856 ecr 3661906901], length 351: HTTP: HTTP/1.1 200 OK
11:19:48.360095 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [.], ack 352, win 501, options [nop,nop,TS val 3661906928 ecr 241856], length 0
11:19:48.360048 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [P.], seq 352:676, ack 480, win 3888, options [nop,nop,TS val 241856 ecr 3661906901], length 324: HTTP
11:19:48.360111 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [.], ack 676, win 499, options [nop,nop,TS val 3661906928 ecr 241856], length 0
11:19:48.360137 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 61054:61406, ack 36045, win 18628, options [nop,nop,TS val 241856 ecr 3661906899], length 352: HTTP: HTTP/1.1 200 OK
11:19:48.360257 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 61406:62495, ack 36045, win 18628, options [nop,nop,TS val 241856 ecr 3661906899], length 1089: HTTP
11:19:48.360283 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 62495, win 3166, options [nop,nop,TS val 3661906928 ecr 241856], length 0
11:19:48.367386 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 36045:36536, ack 62495, win 3166, options [nop,nop,TS val 3661906935 ecr 241856], length 491: HTTP: GET /api/monitoring/check-notifications HTTP/1.1
11:19:48.372688 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 62495:62846, ack 36536, win 18628, options [nop,nop,TS val 241858 ecr 3661906935], length 351: HTTP: HTTP/1.1 200 OK
11:19:48.372688 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 62846:63026, ack 36536, win 18628, options [nop,nop,TS val 241858 ecr 3661906935], length 180: HTTP
11:19:48.372801 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 63026, win 3200, options [nop,nop,TS val 3661906941 ecr 241858], length 0
11:19:48.376390 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 36536:37026, ack 63026, win 3200, options [nop,nop,TS val 3661906944 ecr 241858], length 490: HTTP: GET /api/monitoring/traffic-statistics HTTP/1.1
11:19:48.377805 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [P.], seq 480:965, ack 676, win 501, options [nop,nop,TS val 3661906946 ecr 241856], length 485: HTTP: GET /api/dialup/mobile-dataswitch HTTP/1.1
11:19:48.381609 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 63026:63377, ack 37026, win 18628, options [nop,nop,TS val 241858 ecr 3661906944], length 351: HTTP: HTTP/1.1 200 OK
11:19:48.381687 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 63377:63810, ack 37026, win 18628, options [nop,nop,TS val 241858 ecr 3661906944], length 433: HTTP
11:19:48.381789 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 63810, win 3234, options [nop,nop,TS val 3661906950 ecr 241858], length 0
11:19:48.390344 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [P.], seq 676:1026, ack 965, win 4156, options [nop,nop,TS val 241859 ecr 3661906946], length 350: HTTP: HTTP/1.1 200 OK
11:19:48.390345 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [P.], seq 1026:1111, ack 965, win 4156, options [nop,nop,TS val 241859 ecr 3661906946], length 85: HTTP
11:19:48.390592 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [.], ack 1111, win 501, options [nop,nop,TS val 3661906959 ecr 241859], length 0
11:19:48.400990 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [P.], seq 37026:37516, ack 63810, win 3234, options [nop,nop,TS val 3661906969 ecr 241858], length 490: HTTP: GET /api/monitoring/traffic-statistics HTTP/1.1
11:19:48.402547 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [P.], seq 965:1442, ack 1111, win 501, options [nop,nop,TS val 3661906971 ecr 241859], length 477: HTTP: GET /api/net/current-plmn HTTP/1.1
11:19:48.410419 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 63810:64161, ack 37516, win 18628, options [nop,nop,TS val 241861 ecr 3661906969], length 351: HTTP: HTTP/1.1 200 OK
11:19:48.410419 IP 192.168.8.1.80 > 192.168.8.100.43694: Flags [P.], seq 64161:64594, ack 37516, win 18628, options [nop,nop,TS val 241861 ecr 3661906969], length 433: HTTP
11:19:48.410623 IP 192.168.8.100.43694 > 192.168.8.1.80: Flags [.], ack 64594, win 3268, options [nop,nop,TS val 3661906979 ecr 241861], length 0
11:19:48.442552 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [.], ack 1442, win 4424, options [nop,nop,TS val 241865 ecr 3661906971], length 0
11:19:48.491148 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [P.], seq 1111:1462, ack 1442, win 4424, options [nop,nop,TS val 241869 ecr 3661906971], length 351: HTTP: HTTP/1.1 200 OK
11:19:48.491148 IP 192.168.8.1.80 > 192.168.8.100.37352: Flags [P.], seq 1462:1641, ack 1442, win 4424, options [nop,nop,TS val 241869 ecr 3661906971], length 179: HTTP
11:19:48.491422 IP 192.168.8.100.37352 > 192.168.8.1.80: Flags [.], ack 1641, win 501, options [nop,nop,TS val 3661907059 ecr 241869], length 0

Many thanks