Search code examples
pythontcpmodbuspymodbustcp

unkown cause of pyModbusTCP timeout


I have a device connected via ethernet cable to the network. Its manual says it accepts modbusTCP communication protocol and indeed nmap in the configured port shows that a modbus service is open (nmap output at the end). I am no modbus expert but i found the pyModbusTCP python module to try and establish a first connection. Based on tutorials and documentation, the code i am trying to use is saved as modbus_client.py and goes like:

#!/usr/bin/python3

import sys
from pyModbusTCP.client import ModbusClient
client = ModbusClient(host="device_IP", port = 502, auto_open=True,debug=True)
client.open()
client.read_holding_registers(int(sys.argv[1]),int(sys.argv[2]))

I am focusing in the read_holding_registers function mainly because the device manual says that implemented modbus functions are Read Holding Registers (0x03), Write Multiple Registers (0x10) and Write Single Register (0x06) and i have the registers map of the device.

Acording to the registers map (image below), i tried executing the script with

./modbus_client.py 4096 32

and

./modbus_client.py 4096 16

but all i get as output is:

Tx
[59 50 00 00 00 06 01] 03 0F FF 00 20
timeout error

I also noticed every time i execute the code the numbers inside the brackets change while the last ones outside the brackets stay the same. Changing the port to any other generates connection refused, so i think i am connecting to the right port but i have no idea what am i doing wrong after that.

Any ideas on how to debug this? Is there an easier approach to check modbusTCP communication with device? Thanks in advance.

OBS1: image of the register i am trying to access. The manual says a single word is 16-bit. modbus registers map

OBS2: nmap output in two different ports:

$ nmap -p 502 device_IP
Starting Nmap 7.80 ( https://nmap.org ) at 2022-07-12 21:21 -03
Nmap scan report for device_IP
Host is up (0.028s latency).

PORT    STATE SERVICE
502/tcp open  mbap

Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds

and

$ nmap -p 503 device_IP
Starting Nmap 7.80 ( https://nmap.org ) at 2022-07-12 21:22 -03
Nmap scan report for device_IP
Host is up (0.027s latency).

PORT    STATE  SERVICE
503/tcp closed intrinsa

Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds

Solution

  • Turns out it was a problem with the netmask. The equipment's netmask was configured to 24 but i was trying to access it from an I.P. out of that range.

    In my case, i was trying to access the I.P. 10.20.41.90 from a computer with an I.P. of 10.0.X.Y.

    I configured the netmask to 8 and it all worked.