/ / (FC 3)... - PDF Free Download

Modbus/TCP 1.0 1999 3 29 Andy Swales Schneider aswales@modicon.com

... 2 1.... 3 2.... 3 2.1.. 3 2.2..4 2.3..4 2.4... 5 3.... 5 3.1 0... 5 3.2 1... 5 3.3 2... 6 3.4 / /... 7 4.... 7 5.... 8 5.1 0... 9 5.1.1 (FC 3)... 9 5.1.2 (FC 16)... 9 5.2 1... 10 5.2.1 (FC 1)... 10 5.2.2 (FC 2)... 10 5.2.3 (FC 4)... 11 5.2.4 (FC 5)... 11 5.2.5 (FC 6)... 12 5.2.6 (FC 7)... 12 5.3 2... 13 5.3.1 (FC 15)... 13 5.3.2 (FC 20)... 14 5.3.3 (FC 21)... 15 5.3.4 (FC 22)... 16 5.3.5 / (FC 23)... 16 5.3.6 FIFO (FC 24)... 17 6.... 17... 19 A.... 19 A.1... 19 A.2... 19 A.2.1...20 A.2.2... 20 A.3.. 21

B.... 22 B.1... 22 B.2... 23 B.2.1 984... 23 B.2.2 IEC-1131... 24 1997 9 3 1999 3 29 1.0 A B MODBUS/TCP MODBUS MODBUS/TCP TCP MODBUS

2. MODBUS/TCP MODBUS TCP/IP Intranet Internet MODBUS PLC s I/O I/O MODBUS/TCP MODBUS MODBUS MODBUS PLC s PLC s 2.1 MODBUS Modbus Plus MODBUS/TCP TCP MODBUS TCP UDP TCP 80 2.2 MODBUS big-endian 16 - bits 0x1234 0x12 0x34 32 - bits 0x12345678L 0x12 0x34 0x56 0x78 2.3 MODBUS

I/O 16 I/O 16 65536 PLC s 32 PLC MODBUS Modicon PLC s 1 MODBUS 0 0 Modbus 4 00001 4= 00001 2.4 MODBUS Modbus TCP CRC-32 3. MODBUS 0 2 MODBUS

3.1 0 (fc 3) (fc 16) 3.2 1 (fc 1) (fc 2) (fc 4) (fc 5) (fc 6) (fc 7) 3.3 2 HMI (fc 15) (fc 20) 32 584 984PLC s 6 (fc 21) 32 584 984PLC s 6 (fc 22) / (fc 23) MODBUS I/O 3 16 23 23 3 16 FIFO (fc 24) FIFO 584/984 FIN FOUT

3.4 / / MODBUS (fc 8) (484) (fc 9) (484) (fc 10) (Modbus) (fc 11) (Modbus) (fc 12) (584/984) (fc 13) (584/984) (fc 14) ID (fc 17) (884/u84) (fc 18) (884/u84) (fc 19) ( ) (fc 40) (fc 125) (584/984) (fc 126) (Modbus) (fc 127) 4. MODBUS/TCP MODBUS MODBUS MODBUS - ASCII MODBUS - RTU ( ) MODBUS PLUS TCP 502 TCP A MODBUS IP

byte 0: 0 byte 1: 0 byte 2: = 0 byte 3: = 0 byte 4: = 0 ( 256) byte 5: ( ) = byte 6: ( ) byte 7: MODBUS byte 8 on: 4 UI 9 1 5 00 00 00 00 00 06 09 03 00 04 00 01 00 00 00 00 00 05 09 03 02 00 05 0-2 MODBUS MODBUS/TCP CRC-16 LRC TCP/IP 5. MODBUS/TCP 7 ref ref 00 00 00 len unit ref ref 0 03 00 00 00 01 => 03 02 12 34 TCP 09 00 00 00 00 00 06 09 03 00 00 00 01 00 00 00 00 00 05 09 03 02 12 34 ( Modicon Quantum PLC

5.1 0 5.1.1 (FC 3) Byte 0: FC = 03 Byte 1-2: Byte 3-4: (1-125) Byte 0: FC = 03 Byte 1: (B=2 x ) Byte 2-(B+1): Register values Byte 0: FC = 83 (hex) Byte 1: = 01 or 02 0 (Modicon 984 40001) 1 1234 03 00 00 00 01 => 03 02 12 34 5.1.2 (FC 16) Byte 0: FC = 10 (hex) Byte 1-2: Byte 3-4: (1-100) Byte 5: (B=2 x word count) Byte 6-(B+5): Byte 0: FC = 10 (hex) Byte 1-2: Byte 3-4: Byte 0: FC = 90 (hex) Byte 1: = 01 or 02

0(Modicon 984 40001) 1 1234 10 00 00 00 01 02 12 34 => 10 00 00 00 01 5.2 1 5.2.1 (FC 1) Byte 0: FC = 01 Byte 1-2: Byte 3-4: (1-2000) Byte 0: FC = 01 Byte 1: (B=( +7)/8) Byte 2-(B+1): (!) Byte 0: FC = 81 (hex) Byte 1: exception code = 01 or 02 0 (Modicon 984 00001) 1 1 01 00 00 00 01 => 01 01 01 big-endian 16 5.2.2 (FC 2) Byte 0: FC = 02 Byte 1-2: Byte 3-4: (1-2000) Byte 0: FC = 02 Byte 1: (B=( +7)/8) Byte 2-(B+1): (!)

Byte 0: FC = 82 (16 ) Byte 1: = 01 or 02 0 (Modicon 984 10001) 1 1 02 00 00 00 01 => 02 01 01 big-endian 16 5.2.3 (FC 4) Byte 0: FC = 04 Byte 1-2: Byte 3-4: (1-125) Byte 0: FC = 04 Byte 1: (B=2 x ) Byte 2-(B+1): Byte 0: FC = 84 (hex) Byte 1: = 01 or 02 0 (Modicon 984 30001) 1 1234 04 00 00 00 01 => 04 02 12 34 5.2.4 (FC 5) Byte 0: FC = 05 Byte 1-2: Byte 3: = FF, =00 Byte 4: = 00 Byte 0: FC = 05 Byte 1-2: Byte 3: = FF, =00 ( )

Byte 4: = 00 Byte 0: FC = 85 (16 ) Byte 1: = 01 or 02 1 0 Modicon 984 00001 1 05 00 00 FF 00 => 05 00 00 FF 00 5.2.5 (FC 6) Byte 0: FC = 06 Byte 1-2: Byte 3-4: Byte 0: FC = 06 Byte 1-2: Byte 3-4: Byte 0: FC = 86 (16 ) Byte 1: = 01 or 02 1234 0 Modicon 984 40001 1 06 00 00 12 34 => 06 00 00 12 34 5.2.6 (FC 7) MODBUS PLC s 8 Byte 0: FC = 07 Byte 0: FC = 07 Byte 1: ( 8 )

Byte 0: FC = 87 (16 ) Byte 1: = 01 or 02 16 34 07 => 07 34 5.3 2 5.3.1 (FC 15) Byte 0: FC = 0F (16 ) Byte 1-2: Byte 3-4: (1-800) Byte 5: (B = ( + 7)/8) Byte 6-(B+5): ( = ) Byte 0: FC = 0F (16 ) Byte 1-2: Byte 3-4: Byte 0: FC = 8F (16 ) Byte 1: = 01 or 02 0 Modicon 984 00001 3 0 0 1 0F 00 00 00 03 01 04 => 0F 00 00 00 03 big-endian 16 5.3.2 (FC 20) Byte 0: FC = 14 16 Byte 1: (=7 x ) Byte 2: = 6xxxx 06 Byte 3-6:

= 6xxxx = 4xxxx 32 Byte 7-8: Bytes 9-15: ( 2-8 )... Byte 0: FC = 14 (16 ) Byte 1: (= + ) Byte 2: (B1=1 + (2 x )) Byte 3: Byte 4-(B1+2): Byte (B1+3): (B2=1 + (2 x )) Byte (B1+4): Byte (B1+5)-(B1+B2+2):... Byte 0: FC = 94 (16 ) Byte 1: = 01 02 03 04 1 1 2 Modicon 984 1 2 16 1234 14 07 06 00 01 00 02 00 01 => 14 04 03 06 12 34 ( ) 0 1 16 1234 5 2 16 5678 9abc 14 0E 04 00 00 00 00 00 01 04 00 00 00 05 00 02 => 14 0A 03 04 12 34 05 04 56 78 9A BC 256 04 5.3.3 (FC 21) Byte 0: FC = 15 (16 ) Byte 1: Byte 2: = 6xxxx 06 Byte 3-6: = 6xxxx

= 4xxxx 32 Byte 7-8: (W1) Byte 9-(8 + 2 x W1): ( 2 )... Byte 0: FC = 15 (16 ) Byte 1: Byte 2: = 6xxxx 06 Byte 3-6: = 6xxxx = 4xxxx 32 Byte 7-8: (W1) Byte 9-(8 + 2 x W1): ( 2 )... Byte 0: FC = 95 (16 ) Byte 1: = 01 02 03 04 1 1 2 Modicon 984 1 2 16 1234 15 09 06 00 01 00 02 00 01 12 34 => 15 09 06 00 01 00 02 00 01 12 34 ( ) 0 1 16 1234 5 2 16 5678 9abc 15 14 04 00 00 00 00 00 01 12 34 04 00 00 00 05 00 02 56 78 9A BC?15 14 04 00 00 00 00 00 01 12 34 04 00 00 00 05 00 02 56 78 9A BC 256 04 5.3.4 (FC 22)

Byte 0: FC = 16 (16 ) Byte 1-2: Byte 3-4: AND Byte 5-6: OR Byte 0: FC = 16 (16 ) Byte 1-2: Byte 3-4: AND Byte 5-6: OR Byte 0: FC = 96 (16 ) Byte 1: = 01 02 0 Modicon 984 40001 0-3 16 4 (AND 000F, OR 0004) 16 00 00 00 0F 00 04 => 16 00 00 00 0F 00 04 5.3.5 / (FC 23) Byte 0: FC = 17 (16 ) Byte 1-2: Byte 3-4: (1-125) Byte 5-6: Byte 7-8: (1-100) Byte 9: (B = 2 x ) Byte 10-(B+9): Byte 0: FC = 17 (16 ) Byte 1: Byte count(b = 2 x ) Byte 2-(B+1) Byte 0: FC = 97 (16 ) Byte 1: = 01 02 3 Modicon 984 40004 1 16 0123 0 2 0004 5678 16

17 00 00 00 02 00 03 00 01 02 01 23 => 17 04 00 04 56 78 5.3.6 FIFO (FC 24) Byte 0: FC = 18 (16 ) Byte 1-2: Byte 0: FC = 18 (16 ) Byte 1-2: (B = 2 + ) ( 64) Byte 3-4: (FIFO ) ( 31) Byte 5-(B+2): FIFO Byte 0: FC = 98 (16 ) Byte 1: = 01 02 03 0005 Modicon 984 40006 FIFO 2 1234 5678 16 18 00 05 => 18 00 06 00 02 12 34 56 78 984-0 31 31 FIFO 0 16-6. MODBUS 0x80 03 12 34 00 01 => 83 02 0x1234 2-1

01 02 100 96 4 96 5 02 03 MODBUS 04 MODBUS 20 21 05 06 07 08 20 21 0A Modbus Plus, Modbus Plus 0B Modbus Plus,

A. MODBUS BSD Sockets UNIX and Windows NT A.1 MODBUS/TCP CONNECT 502 MODBUS MODBUS 6 MODBUS/TCP SEND TCP TCP RECV 6 RECV TCP 1 TCP IP A.2 MODBUS/TCP TCP UNIX NT TCP 8K

MODBUS/TCP 300 A.2.1 JAVA LISTEN 502 TCP ACCEPT 6 MODBUS/TCP RECV 6 0 256 TCP RECV RECV TCP MODBUS MODBUS MODBUS/TCP 0 1 MODBUS/TCP SEND Go back and wait for the next 6 byte prefix record. 6 RECV RECV 0 RECV A.2.2 UNIX MS-DOS SELECT LISTEN 502 TCP LISTEN ACCEPT

SELECT 0 SELECT RECV 6 SELECT RECV SEND SELECT A.3 MODBUS MODBUS/TCP MODBUS/TCP I/O MODBUS Schneider Modbus + MODBUS/TCP MODBUS MODBUS MODBUS/TCP PLC s 20 20 200

10 I/O 30 1 PLC s 1 300 TCP PLC MODBUS/TCP 1 IP CPU Modbus B. MODBUS 3 16 23 / 16 16 MODBUS-capable PLC s big-endian PLC s little-endian MODBUS 16 little-endian MODBUS little-endian 15-0 = 15-0 15-0 = 31-16 15-0 = 47-32 B.1 Modicon PLC s 984 Ladder Language 1- BLKM ( ) big-endian 1 0 0 ( ) 1 bit 15 ( 0x8000) 2 bit 14 ( 0x4000) 3 bit 13 ( 0x2000) 4 bit 12 0x1000) 5 bit 11 ( 0x0800)

6 bit 10 ( 0x0400) 7 bit 9 ( 0x0200) 8 bit 8 ( 0x0100) 9 bit 7 ( 0x0080) 10 bit 6 ( 0x0040) 11 bit 5 ( 0x0020) 12 bit 4 ( 0x0010) 13 bit 3 ( 0x0008) 14 bit 2 ( 0x0004) 15 bit 1 ( 0x0002) 16 bit 0 ( 0x0001) 16 32 1 16 17 32 MODBUS/TCP Modicon PLC s IEC-1131 0 15 B.2 16 PLC B.2.1 984 984 16-15 - 0 = 15-0 984 16-15 - 0 = 15-0 984 ASCII PLC s ladder language 2 ASCII 15-8 7-0 PLC s C

984 Intel 32-15-0 15-0 32-31-16 23-16 984 0-9999 16 984 4 0 99999999 4 4 0-9999 B.2.2 IEC-1131 IEC-1131 Modicon PLC s little-endian BYTE 8-7-0 = BYTE 7-0 DINT 32-15-0 = DINT 15-0 15-0 = DINT 31-16 INT 15-0 = INT 15-0 REAL 32- Intel 15-0 = REAL 15-0 15-0 15-0 = REAL 31-16 23-16 UDINT 32-15-0 = UDINT 15-0 15-0 = UDINT 31-16 UINT

15-0 = UINT 15-0 IEC-1131