linuxmodbusnetcatrs485

Send Modbus RTU request via TCP with Netcat and catch the response


Let's say I have a Modbus RTU temperature controller connected to a device that reads TCP packets from a network and sends the payload from said packets to the temperature controller over RS485. If I wanted to test such a setup by sending a Modbus RTU [Read Input Registers] request over TCP/IP using netcat on a Linux command line, what would be the full command for that, assuming that it is possible?

nc 192.168.0.5 2000   # ...what now?

Suppose that the following details apply:


  • device address: 1
  • function code: 3 (read input register)
  • memory address: 1000H
  • no. of registers: 1

  • server IP address: 192.168.0.5
  • client IP address: 192.168.0.4
  • Port on server: 2000

I feel like I can listen for the response using netcat, also. Could I just do that with:

nc -l 3456

Would that be right? To send a request and log the response like this, I guess I would have to specify the port to send the request on as 3456 (or whatever). Is there a way to do that?

Especially, I'm confused as to how to turn a Modbus message like [01][03][1000H][01][CRC] into its bytes equivalent.

Many thanks in advance.


Solution

  • Should it be of use to anyone, the answer to this question is:

    echo -e -n '\x01\x03\x10\x00\x00\x01\x80\xCA' | nc 192.168.0.5 2000
    

    -e allows the conversion of escaped chars
    -n prevents a newline character being appended

    Listening for incoming messages using Netcat doesn't work, apparently because the individual Netcat process wants to make the TCP connection itself, otherwise it isn't interested in anything arriving at the specified port. Still, I am able to see the reply coming back from the slave using Wireshark, and have also written to registers and successfully controlled the device.