I'm trying to connect my PC with a Unitronics PLC. I would like to use Modbus over TCP/IP for this purpose. This is the first step in my project. Later on I would like to connect it to a Rabbit Wolf (BL2600) to exchange I/O. I first want to connect the Unitornics PLC to my laptop to get a decent understanding of the Modbus TCP/IP protocol used by Unitronics.
At the moment I'm already stuck, so I hope that someone could help me.
I did read the documentation about Modbus Application Protocol on: http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
I'm using the Unitronics example code: V280_Ethernet_TCP_MODBUS_IP_Master (without any changes)
I used the Vellamod tool to connect and send data: http://www.tuomio.fi/vellamod/index.htm (I'm running windows 8, so I have some problems with other tools and this one seems to work nice)
I'm using Wireshark to inspect the TCP/IP traffic.
However, I'm now in the current situation. The laptop connects, but I don't get any response.
I connect to 192.168.192.5 on port 502. My laptop is set to 192.168.192.10 (subnetmask 255.255.255.0, gateway 192.168.192.254)
I try to send the following (see attachment for a printscreen):
byte 0: transaction identifier = 0
byte 1: transaction identifier = 0
byte 2: protocol identifier = 0
byte 3: protocol identifier = 0
byte 4: length field (upper byte) = 0
byte 5: length field (lower byte) = 2
byte 6: unit identifier = 255
byte 7: MODBUS function code = tried 3 (Read Holding Registers) and 4 (Read Input Register)
byte 8: 00
byte 9: 26 (I try to read MI 38)
When I than inspect the transmission with WireShark, I get the following
Source: 192.168.192.10
Destionation: 192.168.192.5
Protocol: Modbus/TCP
Length: 64
Info: Query: Trans: 0; Unit: 255, Func: 3: Read Holding Registers[Malformed Packet][Malformed Packet]
When I set: byte 5: length field (lower byte) = 6
I get no error, but I also receive nothing with the Vellamod tool.
According to Wireshark I receive the following:
First
Source: 192.168.192.5
Destionation: 192.168.192.10
Protocol: TCP
Length: 60
Info: asa-appl-proto > 49933 [ACK] Seq=1 Ack=325 Win=1024 Len=0
Followed by
Source: 192.168.192.10
Destionation: 192.168.192.5
Protocol: TCP
Length: 64
Info: [TCP segment of a reassembled PDU]
And finally
Source: 192.168.192.5
Destionation: 192.168.192.10
Protocol: TCP
Length: 60
Info: asa-appl-proto > 49933 [ACK] Seq=1 Ack=335 Win=1024 Len=0
On the PLC HMI nothing is changing (Socket 3 total transmits: 0;Socket 3 total reiveces: 0)
The only strange thing that I can see is that it (Unitronics) seems to use destination port 49933, but I don't know whether this is wrong or right.
Hopefully someone can help me. Visual basic code, would also be more than welcome.
Kind regards,
Peter