Modbus Application Protocol PDU

Overview

The following information describes the structure and content of the Modbus Application Protocol PDU.

Description

The Modbus Application Protocol PDU, mbap_pdu, is received at TCP port number 502. The current maximum size of the mbap_pdu for this class of services is 256 bytes. The structure and content of the mbap_pdu is defined to be:

mbap_pdu::={inv_id[2], proto_id[2], len[2],dst_idx[1], data=mb_pdu}

The header is seven bytes long and includes the fields listed in the following table:

Field	Description
inv_id	[2 bytes] invocation id used for transaction pairing
proto_id	[2 bytes] used for intra-system multiplexing, default is 0 for Modbus services
len	[2 bytes] the len field is a byte count of the remaining fields, and it includes the dst_id and data fields

The remainder of the pdu includes two fields:

Field	Description
dst_idx	[1 byte] destination index is used for intra-system routing of packets (currently not implemented)
data	[n bytes] this is the service portion of the Modbus pdu, mb_pdu, and it is defined below

The service portion of the Modbus Application Protocol, called mb_pdu, contains two fields:

mb_pdu::={func_code[1], data[n]}

The following table describes the fields in mb_pdu.:

Field	Description
func_code{1 byte	Modbus function code
data	[n bytes] this field is function code dependent and usually contains information such as variable references, variable counts, and data offsets

The size and content of the data field are dependent on the value of the function code.

Example

Here are the values for a sample mbap_pdu for reading a register:

00 01 00 00 00 06 01 03 00 00 00 01

The following table shows the structure and content for this example:

inv_id	00 01
	proto_id	00 00
	len	00 00
	dst_idx	01
	func_code	03
	data	00 00 00 01