MODBUS Network : Telegram structure of MODBUS NET-mode

 

The LIAN 98 manual can and may not contain the complete MODBUS documentation, caused by legal position. Only all knowledge that is essential necessary for the LIAN 98 software operation is specified in parts in this manual.

Detailed information to the protocol you will find in the MODBUS documentation
on the webpage of the "Modbus Organization"
<Modbus Specifications and Implementation Guides>

 

Telegram format

 

Control- and monitoring direction

 

 

ADU  : Application Data Unit
PDU  : Protocol Data Unit
MBAP header : MODBUS Application Protocol Header

 

Error message : Monitoring direction only ( server to the client )

 

 

Transaction Identifier :

Identification of a MODBUS Request / Response transaction. Initialized by the client and recopied by the server from the received request.

 

Protocol Identifier :

The MODBUS protocol is identified by the value 0. Initialized by the client and recopied by the server from the received request.

 

Length :

The length field contains the number of the following bytes ( Unit Identifier and data fields ).

 

Unit Identifier/ Server Address :

Identification of a remote slave connected on a serial line or on other buses.

Only server must have a unique address. The client itself has no address. The client interrogates a particular slave directly by prefixing the address of this server to a PDU. Alike, the slave sends its address in the response to the master to indicate the sender of the message.

 

Function code :

Standard function codes used on MODBUS application layer protocol are described in details in the documentation
"MODBUS Application Protocol Specification" on the webpage of the "Modbus Organization".

 

Code Function Explaination
1 Read Coils Single bit indication ( read/ write possible )
2 Read Discrete Inputs Single bit indication ( read only )
3 Read Holding Registers 16 bit analogue value ( read/ write possible )
4 Read Input Registers 16 bit analogue value ( read only )
5 Write Single Coils e.g. single bit command
6 Write Single Register e.g. 16 bit analogue value/ bit pattern
7 Read Exception Status only serial line
8 Diagnostics only serial line
     
11 Get Comm Event Counter only serial line
12 Get Comm Event Log only serial line
     
15 Write Multiple Coils e.g. single bit command
16 Write Multiple Register e.g. 16 bit analogue value/ bit pattern
17 Report Slave ID only serial line
     
20 Read File Record  
21 Write File Record  
22 Mask Write Register  
23 Read/ Write Multiple Register e.g. 16 bit analogue value/ bit pattern
24 Read FIFO Queue  
     
43 Encapsulated Interface Transport  
     

 

Exception code :

The function code of an exception response correlates to the function code of the request plus 128. The exception code is provided to indicate the reason of the error and is described in the documentation "MODBUS Application Protocol Specification - Function codes descriptions" on the webpage of the "Modbus Organization".

 


MODBUS Network : Ethernet-frame

 

Link layer ( Layer 2 )

 

Ethernet v.2.0 MAC Header

 

I/ G = 0

Individual address

I/ G = 1

Group address

U/ L = 0

Global administered address

U/ L = 1

Local administered address

 

Preamble

7 Bytes
The preamble is needed, that the recipient or recipients ( network card ) synchronize with the transmitter ( network card ) and therefore the start frame delimiter and the following Ethernet data frame can be interpreted correctly.

These fields are not forwarded to the software by the network card !

Start Frame Delimiter

Start Frame Delimiter is 1 octet long and is the sequence 10101011 binary.
It immediately follows the preamble pattern and indicates the start of a frame.

This field is not forwarded to the software by the network card !

Destination address

Receiver address for which the frame is intended.

Source address

Identifies the station from which the frame is initiated.

Ethernet
Length- / Type Field

Internet Protocol ( IPv4 ) = 0800 HEX

For MODBUS this field is used as type field with a fixed value of 0800 HEX. This field indicates the nature of the MAC client protocol ( IPv4 ).

MAC Client Data

The data consist of :
. IPv4 header
. TCP header
. User data MODBUS ( ADU )

. PAD fields ( Trailer ), if available

The client data must have a minimum length, so that the Ethernet data frames starting with the destination address and including the trailer, has a minimum frame length of 60 bytes. If the frame length is less than 60 bytes, the client data have to be filled with PAD fields ( padding bits ) up to the required minimum length. This will be done automatically by the network card.

Frame Check Sequence

4 Bytes
The content of the Ethernet data frames starting with the destination address and including the client data is secured with a block checksum. The receiver ( network card ) recognizes therefore each transmission failure.

These fields are not forwarded to the software by the network card !

 

Netzwork Layer ( Layer 3 )

 

IPv4 Header

For more detailed information about the IPv4 header, check the document RFC 791 "Internet Protocol" on the IETF Website. <RFC 791 : Internet Protocol>.

 

 

Version

Internet Protocol Version = 4 ( IPv4 ), see [ RFC 791 ].
This field indicates the format of the IP header and has a fixed value of 4 for IPv4.

IHL

The Internet Header Length is the length of the IP header counted in double words ( 32 bit units ), and thus points to the beginning of the data area. The minimum value for a correct header is 5 ( = 20 bytes ).

Type of service

bit 0 : reserved
bit 1 : reserved
bit 2 : R ( Reliability )
bit 3 : T ( Throughput )
bit 4 : D ( Delay )
bit 5 - 7 : PRECEDENCE

The type of service describes the indication of the abstract parameters of the desired service. These parameters are used in order to indicate the selection of the actual service parameters when transmitting a datagram through a particular network. Several networks offer service precedence, which somehow treats high precedence traffic as more important than other traffic ( generally by accepting only traffic above a certain precedence at time of high load ). The major choice is a three way tradeoff between low-delay, high-reliability, and high-throughput.

R : 0 = normal Reliability,  1 = high Reliability
T : 0 = normal Throughput, 1 = high Throughput
D : 0 =normal Delay, 1 = low delay

Total length

Total Length is the length of the datagram, measured in octets, including internet header and data.

Identification

An identifying value assigned by the sender in order to indicate to which datagram the fragments are allocated.

Flags

Bit 5 : MF ( more fragments )
Bit 6 : DF ( don't fragment )
Bit 7 : reserved, must be 0

Various control flags

MF : 0 = last fragment, 1 = more fragments
DF : 0 = may fragmented, 1 = don't fragment

Fragment offset

This field indicates where in the datagram this fragment is placed. The fragment offset is measured in units of 8 octets ( 64 bits ). The first fragment has offset zero.

Time to live

This field indicates the maximum time the datagram is allowed to remain in the internet system. If this field contains the value zero, then the datagram must be destroyed. This field is modified in internet header processing. The time is measured in units of seconds, but since every module that processes a datagram must decrease the TTL by at least one even if it processes the datagram in less than a second.

Protocol

Transmission Control Protocol = 6 ( TCP ), see [ RFC 793 ].
This field indicates the next level protocol used in the data portion of the internet datagram and has a fixed value of 6 for TCP ( Transmission Control Protocol ).

Header checksum

The checksum is only valid for the header. Since some header fields change ( e.g. time to live ) the checksum has to be new calculated after each pass through the rooter.

Source address

This parameter identifies the IP address of the transmitting host. ( Sender )

Destinatin address

This parameter defines the IP-address of the receiving host ( Receiver )

Options ( variable )

The option field is variable in length
Options may appear or not in datagrams. They must be implemented by all IP modules ( host and gateways ). Optional is their transmission in any particular datagram, not their implementation. In some environments the security option may be required in all datagrams.

Padding ( variable )

The padding field is variable in length
The internet header padding is used to ensure that the internet header ends on a 32 bit boundary. The padding is composed of zeros.

 

Transport layer ( layer 4 )

 

TCP Header

For more detailed information about the TCP Header please read on the IETF Website
the document <RFC 793 : Transmission Control Protocol>.

 

 

Source port

Identifies the PORT from which the frame is initiated.

Destination port

Destination PORT for which the frame is intended.

Sequence number

The sequence number of the first data octet in this segment, except the SYN bit is set. If SYN is present the sequence number is the initial sequence number ( ISN ) and the first data octet is ISN + 1.

Acknowledgement number

If the ACK control bit is set this field contains the value of the next sequence number the sender of the segment is expecting to receive. As soon as a connection is established this is always sent.

Data offset

The number of double words ( 32 bit units ) in the TCP Header. This indicates where the data begin. The TCP header ( even one including options ) is an integral number of 32 bits long.

reserved

Reserved for later use and must be zero.

Control field

URG : Urgent Pointer
ACK : Acknowledgment
PSH : Push function
RST : Reset the connection
SYN : Synchronize sequence numbers
FIN  : No more data from the sender

Window

The number of data octets beginning with the one indicated in the acknowledgment field which the sender of this segment is willing to accept.

Checksum

The checksum is used for all 16 bit units in the header and in the data. If a segment contains un odd number of header- and data bytes to be checked, the last byte on the right is replenished with noughts in order to built a 16 bit word for the check. The block is not transmitted as part of the segment. The check field itself is replenished with nougths while the checksum is calculated.

Urgent pointer

This field transmits the current value of the urgent pointer as a positive offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field is only interpreted in segments with the URG control bit set.

Options ( variable )

The option field is of variable length.
Options may occupy space at the end of the TCP header and are a multiple of octets in length. All options are included in the checksum. An option may begin on any octet boundary.

Padding ( variable )

The padding field is of variable length.
The TCP header padding is used to ensure that the TCP header ends and data begins on a 32 bit boundary. The padding character is always zero.

 

User data

MODBUS NET/ Data frames ( ADU )

 

 


MAYR Software

Wuerzburger Ring 39,  D 91056 Erlangen

Manual LIAN 98


LIAN 98 Protocol Router, Simulator and Analyzer
© Copyright 2001, 2006, 2011 by Werner Mayr. All Rights reserved.