Scanning the Modbus TCP Slave port

Anonymous
2019-02-23
2019-02-25
  • Anonymous - 2019-02-23

    Originally created by: Edd.yarborough

    Hi All,
    I've been handed a PLC with CODESYS running. V 3.5 SP12, Patch 1.

    The programmer set up a Modbus Master, and Modbus TCP Slave, and created the mapping in there to write to the Bus.

    I can see it all working etc.

    What im struggling with is how do i scan this PLC / Modbus? I've tried many scanners, and must have a setting wrong somewhere.
    Does anyone know which register CODESYS is writing to? (Offset 16#0000)? Is it the 30,000 or 40,000.

    Any info would be much appreciated.

    Thank you

    Edd

    IMG: 3.PNG

    IMG: 2.PNG

    IMG: 1.PNG

     
  • Anonymous - 2019-02-24

    Originally created by: ph0010421

    In the 'Modbus Slave Channel' tab, the function code here dictates which area is read.
    For example, Function code 03, offset 0x0000 would be 40000

    Useful link http://www.simplymodbus.ca/FC03.htm

     
  • Anonymous - 2019-02-25

    Originally created by: Edd.yarborough

    Hi ph0010421,
    Thank you for the reply, it's slowly making more sense what these codes are meaning.
    I also downloaded the simply modbus application, but it wont connect to my device. (I can connect to another PLC)

    My IP address is 10.100.10.140, but in the Slave IP address it is set to 10.100.10.101 (which is my other device) Is this correct? If i move this, the Bus fails to run.

    Kind regards

    Edd

    IMG: 5.PNG

    IMG: 4.PNG

     
  • Anonymous - 2019-02-25

    Originally created by: ph0010421

    Is that software behaving as a server or client? Codesys is exoecting to see a server/slave.

     

Log in to post a comment.