Debug Modbus TCP Finishing Baidu library documents are as follows
Example analysis of modbus-tcp-messages
"MODBUSTCP Communication Message"
About Modbus messages
Client Request:
B2 00 00 00 06 06 03 00 27 00 02
The above is the Modbus client sent the message content, for the Modbus TCP/IP protocol format, the front of the six bytes is the first byte (header handle);
B2 00 00 00 06
B2 Two bytes is the test information sent by the client, sever only need to copy the contents of the two bytes later to the corresponding seat of the response message can be
00 2 Bytes is the Modbus protocol that represents the Protocol of TCP/IP;
00 62 Bytes is the number of bytes after the header handle, that is, the byte length after the byte (LENGCH), you can see that after 00 06 there is also "06 03 00 27 00 02" Six bytes, so this two bytes represents 6;
Pdu:
"06 03 00 27 00 02"
61 bytes represents slave address;
03 for fuction Code;
00 27 indicates the register address of the client request;
00 02 Indicates the length of the request register; (Number of registers)
Server Response:
B2 00 00 00 07 06 03 04 00 00 00 00
Header handle: "B2 00 00 00 07"
B2 The verification code returned by the server, copy from Client request;
The other representation is the same as the client's representation
Pdu:
"06 03 04 00 00 00 00"
06 is slave address, from the number of addresses;
03 is function code;
04 represents the number of registers that need to be read to reply to the client request, because the primary address reads 2 registers (2 characters) to the slave address, which is 4 bytes, because 2 characters are 4 bytes, and 04 This byte represents the length of the register bytes from the address to be restored to the primary address,
00 00 00 00 Represents a value of 4 bytes
The modbustcp is consistent with the data domain of the serial link Modbus, and the specific data domain can refer to the serial modbus. Here are a few modbustcp links to explain the explanation, to assist the new analysis of the message.
1. Data request
In the 7D xx 7D |
||||
Example |
Length |
Description |
Note |
|
Map message Header |
0x97 |
1 |
Transaction identifier HI |
Client initiated, server replication, for transaction pairing |
0x96 |
1 |
Transaction identifier Lo |
||
0x0000 |
2 |
Protocol identification symbol |
Client initiated, server replication Modbus protocol = 0. |
|
0x0006 |
2 |
Length |
Next to last from this byte |
|
0x04 |
1 |
Unit identifiers |
Client initiated, server replication Remote terminal identification on serial link or other bus |
|
function code |
0x04 |
1 |
function code, read register |
Reference Standard Modbus protocol |
Data |
0x007d |
2 |
Start Address |
|
0x 007D |
2 |
Number of Registers |
||
Check |
||||
2, data request reply
| $7A (FD), FA AB 9E, E1 94 3F E1 7A, 3F 94, 0A 3D 3F 98 cc CD C0 6C C0 E3 cc CD C0 EC EB F1 D7 0A (E9) AE (ED EB) F1 + 9A D0 E6 4C CD CF EB F3 5 0F CC cd C2 E6-A3 0A 1E B8-FB + D7-0C CC CD (BC C0) 0A B8 F6 C 0F AE D1 C6, 0A, XX, C9 9E ff 7F C9 9E FF 7F C9 9E FF 7F C9 9E FF 7F C9 9E FF 7F C9 9E FF 7F C9 9E FF 7F C9 9E ff 7F C9 9E FF 7F 05 16 00 00 04 11 00 00 05 16 00 00 04 11 00 00 05 16 00 00 04 11 00 00 00 00 00 00 00 00 The xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, 0A, 0A 00 0, XX, xx, xx, xx (xx) at the xx xx xx xx xx xx xx xx xx |
||||
Example |
Length |
Description |
Note |
|
Map message Header |
0x97 |
1 |
Transaction identifier HI |
Client initiated, server replication, for transaction pairing |
0x96 |
1 |
Transaction identifier Lo |
||
0x0000 |
2 |
Protocol identification symbol |
Client initiated, server replication Modbus protocol = 0. |
|
0x00FD |
2 |
Length |
Next to last from this byte |
|
0x04 |
1 |
Unit identifiers |
Client initiated, server replication Remote terminal identification on serial link or other bus |
|
function code |
0x04 |
1 |
function code, read register |
Reference Standard Modbus protocol |
Data |
0x FA |
1 |
Number of bytes |
|
0x---- |
Data |
|||
Check |
||||
3. Write Multiple registers
97 79 00 00 00 09 04 10 00 00 00 01 02 00 01 |
||||
Example |
Length |
Description |
Note |
|
Map message Header |
0x97 |
1 |
Transaction identifier HI |
Client initiated, server replication, for transaction pairing |
0x79 |
1 |
Transaction identifier Lo |
||
0x0000 |
2 |
Protocol identification symbol |
Client initiated, server replication Modbus protocol = 0. |
|
0x0009 |
2 |
Length |
Next to last from this byte |
|
0x04 |
1 |
Unit identifiers |
Client initiated, server replication Remote terminal identification on serial link or other bus |
|
function code |
0x10 |
1 |
function code, read register |
Reference Standard Modbus protocol |
Data |
0x0000 |
2 |
Start Address |
|
0x 0001 |
2 |
Number of Write registers |
||
0x 02 |
1 |
Number of Write sections |
||
00 01 |
2 |
Target value |
||
Check |
||||
4. Write Multiple Register responses
97 79 00 00 00 06 04 10 00 00 00 01 |
||||
Example |
Length |
Description |
Note |
|
Map message Header |
0x97 |
1 |
Transaction identifier HI |
Client initiated, server replication, for transaction pairing |
0x79 |
1 |
Transaction identifier Lo |
||
0x0000 |
2 |
Protocol identification symbol |
Client initiated, server replication Modbus protocol = 0. |
|
0x0006 |
2 |
Length |
Next to last from this byte |
|
0x04 |
1 |
Unit identifiers |
Client initiated, server replication Remote terminal identification on serial link or other bus |
|
function code |
0x10 |
1 |
function code, read register |
Reference Standard Modbus protocol |
Data |
0x0000 |
2 |
Start Address |
|
0x 0001 |
2 |
Number of Registers |
||
Check |
||||
Modbus TCP Sample Message
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
