Configuration King Modbus TCP datagram format

When you read through the Modbus protocol, you will always encounter some easily confusing nouns, resulting in the interpretation of the agreement problems, in this article, I
We explain the terms that may cause confusion in the Modbus protocol.

1. Function code: function code in Modbus protocol is used to represent the function of information frame, commonly used function code has 03,04,06,16 and so on, of which 03 function code is made
With the content of the read-hold register, the function of the 04 function code is to read the input register contents (the difference between the input register and the hold register), 06
The content of the code is to preset a single hold register, and the content of the 16 function code is to preset multiple hold registers.

2. Input register and hold register: the function of 04 function code is read input register, and the function of 03 function code is read hold register, many people
When you see these two function codes, you always want to find the difference between these two function codes, and what is the difference between keeping registers and input registers
The Modbus protocol was first used to solve the communication protocol problem of PLC, mainly used for input and output digital signal and analog signal, so-called transmission
The register is derived from the analog signal input, that is, the input register can only change the register from the analog signal input, and the host cannot
By issuing instructions to change the input register data, while the holding register is used to output analog signals, the host can change the register data,
This means that for the host, the input register is read-only, and the hold register is readable and writable, when the host uses the 06,16 function code to pre-
When the input register is placed, the device returns an error code of 0X81 that attempts to write a read-only register.

Data address format in 3.Modbus: In Modbus protocol, it often appears similar to the 3XXXX,4XXXX register, which represents the Register support
Type of data held. We use the list to illustrate, and the Modbus data address format starting from 0, such as one of the following register 40009, that is, the warranty
The register address is 00 08, and similar data address formats are often used in configuration software and PLC systems.

Map address Use function code address type access Method description
0xxxx01,05,15 discrete output read/write each volume represents a single switch bit
1XXXX02 discrete input read-only each volume represents a single switch bit
2xxxx03,04,06,16 floating-point register read-only/read-write two consecutive 16-bit registers represent a floating-point number
3xxxx04 Input Register read-only each register represents a 16-bit unsigned integer
4XXXX03,06,16 hold register read/write each register represents a 16-bit unsigned integer
5xxxx03,04,06,16ascii characters read/write each register represents two ASCII codes
The 4.Modbus Rtu/ascii/tcp:modbus protocol was first used for communication between programmable logic controllers (PLCs) due to its openness
, a large number of on-site smart meters. The Modbus protocol has multiple variants, the most notable of which is Modbus rtu/modbus ASCII and Modbus TCP
Communication protocols. Where the RTU/ASCII protocol is based on serial port communication, and the TCP protocol is based on Ethernet communication. The difference between them and the connection please
Test Site Other page content: Modbus RTU/TCP Protocol resolution and Modbus RTU/ASCII communication protocol similarities and differences.

5.Modbus error Code table, Modbus has function code, check code, abnormal function code and error code, where the abnormal function code and error code is very easy
Confusion, in general, abnormal function code refers to a function code when the execution of the corresponding abnormal function code, usually on the basis of the function code to add
On the 0x80, such as 03 function code appears the exception code is 0x83 abnormal function code, 16 function code corresponding to the exception function code is 0X90, and the error code
Is the case of an error, such as a register address does not exist, whether it is read or write, if the register address does not exist, the error
The code is 02. Please refer to the other pages of this site for details.

/*************************** from http://www.485-can-tcp.com/technology/232485/themodbus.htm******************** ************/

The following actual results are as follows:

Test Condition: Configuration King Select Modbus-tcp to do client, server for Raspberry Pi 3b,ip 192.168.1.200, Port 6000

Group too King set communication parameters: 192.168.1.200:6000 22/30//ip 192.168.1.200 PORT 6000 DEVICE 22

Define three variable registers is 40001 40002 40005, the main interface defines three text boxes, select analog input + analog output, update time 1000ms connected

Configuration Wang FA Send
00 00 00 00 00 06 16 03 00 00 00 05//Read the value of the analog amount

00 00 for this communication transaction processing identifier, generally after each communication will be required to add 1 to distinguish between different communication data messages; The actual test does not change the value has been 00 00
00 00 represents the protocol identifier, 00 00 is the Modbus protocol;
00 06 is the data length, which indicates the length of the next data, the unit bytes;
16 Address Code device address 22
03 Read function code
00 00 Start Address Code The configuration king counts from 1, 00 00 is 40001
00 05 Data Length 5 16-bit values (number of words)

Response
XX, XX, 0d 0a 00 01 00 02 00 03 00 04 00 05
00 00 for this communication transaction processing identifier, the response message request is consistent with the previous corresponding request;
00 00 is the protocol identifier, consistent with the previous corresponding request;
0d is the data length, which indicates the length of the next data, the unit bytes
16 The Device Address response message request is consistent with the previous corresponding request;
03 is the function code, normally the response message request is consistent with the previous corresponding request, if the error returns 80h+ previous function code;
0a indicates the byte length of the next data; Should be the number of data bytes requested x2 corresponds to 10 bytes
00 01 00 02 00 03 00 04 00 05 data High and low position values

Result configuration Wang Wen this box shows 01 02 05 respectively

In the configuration of the Kings, write to 40001 registers 33

Configuration Wang FA Send

00 00 00 00 00 06 16 06 00 00 00 21
00 00 for this communication transaction processing identifier, generally after each communication will be required to add 1 to distinguish between different communication data messages; Actual Test hold 00 00
00 00 represents the protocol identifier, 00 00 is the Modbus protocol;
00 06 is the data length, which indicates the length of the next data, the unit bytes;
06 Write single-Hold register function code
16 Address Code device address 22
00 00 single hold register address, here is 40001
00 21 single-Hold register data, 00 21 or 33

Response
00 00 00 00 00 06 16 06 00 00 00 21
00 00 for this communication transaction processing identifier, the response message request is consistent with the previous corresponding request;
00 00 is the protocol identifier, consistent with the previous corresponding request;
00 06 is the length of the data, which indicates the length of the next data, per byte
16 The Device Address response message request is consistent with the previous corresponding request;
06 is the Write function code, the normal response message request is consistent with the previous corresponding request, if the error returns 80h+ previous function code
00 00 single hold register address, here is 40001
00 21 single-Hold register data, 00 21 or 33

Send the data back intact.

No communication errors occurred during the test, and the Raspberry Pi detects the data sent from the Wang FA and does not find any unreasonable data.

In the event that the configuration Wang FA is not sent data or the error data has been sent, the configuration king will be interrupted to send the number of the FF FF 00 01, I do not know why, 01 is read the command code of the coil, after parsing is read address for FFFF a coil state, do not understand is heartbeat detection or other Did not find the relevant information, in the detection of this message I sent back intact, nothing unusual. Hope to have expert guidance!

Configuration King Modbus TCP datagram format