Modbus Analyzer

The Modbus Analyzer plugin makes Modbus communication easy to understand and test. By parsing and decoding Modbus RTU, Modbus ASCII, and Modbus TCP frames, it presents clear, human-readable insights alongside raw data. The plugin also lets you craft and send custom Modbus packets effortlessly, enabling precise control over read/write operations.

Capabilities

Required

com.ioninja.layer
 Modbus Analyzer is a layer. Attaching layers to sessions or logs requires the Layers capability.

Optional

com.ioninja.script
 The In-App Scripting capability allows you to programmatically prepare and transmit packets; this can be very useful when debugging Modbus communications.
com.ioninja.packet-library
 The Packet Library capability helps you organize commonly used packets, give them mnemonic names, and quickly send them to the wire. It also enables the recent packet history list; useful when talking to Modbus devices.

Basic Setup

  1. Ensure your serial device is connected to the computer that is running IO Ninja
  2. In IO Ninja, click the “New Session” dropdown and select a session type, e.g., “Serial”
_images/modbus-new-session.png
  1. If not selected automatically, select your serial device from the “Port:” dropdown
_images/modbus-port.png
  1. Open the port by clicking the “Open” button located to the right of the “Port:” dropdown
_images/modbus-open-port.png
  1. Click the “Layer Pipelines” dropdown and select “Modbus Analyzer”
_images/modbus-analyzer-dropdown.png
  1. Adjust settings as needed via the “Settings” button (see “Settings” section below for details)

For Half-Duplex monitoring, you may wish to consult the “Half-Duplex Setup” section.

_images/modbus-settings.png

Half-Duplex Setup

Half-duplex Modbus communications are not easy to parse due to the packet format specifics. Alas, the Modbus protocol doesn’t define any structural differences in headers of requests and replies – request and replies start with exactly the same sequence of bytes (which in case of a reply usually followed by extra data bytes). In full-duplex links, it doesn’t impose a problem – TX data always contains Master requests, RX – Slave replies. But in half-duplex everything is mixed into a single stream of bytes. Therefore, some heuristics is needed to split this single byte stream into two.

  1. Go to “Settings”
_images/modbus-settings.png
  1. Set “Stream roles” to “Half-duplex (RX)” or “Half-duplex (TX)”, so that Modbus Analyzer knows that Modbus requests and Modbus replies are all contained in the single stream (RX or TX)
  2. Set the “Half-duplex mode” based on your needs (see “Settings” section below for details)

We also have a dedicated Knowledge Base page explaining this.

Modbus Sniffing

After basic setup is complete, you can begin to sniff Modbus communications.

_images/modbus-analyzer-sniff.png

Packet Generation

  1. In the “Packet Template” pane, select either request or reply and RTU, TCP or ASCII
_images/modbus-packet-template.png
  1. Edit property values, e.g. “Function” or “Count”
_images/modbus-property-values.png
  1. Click the “Refresh dynamic layout” button to generate the Modbus binary
_images/modbus-refresh-dynamic-layout.png
  1. Click the “Send” button and watch as you get human-readable Modbus responses

Settings

_images/modbus-settings-menu.png
Setting Description Default
Protocol Specify the Modbus flavor. See available options. Modbus RTU
Stream roles Assign Master/Slave roles to captured data streams. See available options. TX - Master; RX - Slave
Half-duplex mode Half-duplex Modbus is tricky to decode. This setting allows you to choose a proper heuristic for the Modbus decoder. See available options. Alternate Master/Slave
Half-duplex timeout When Half-duplex mode is set to Alternate Master/Slave, this setting defines a timeout (in milliseconds) after which the decoder decides there was no reply from a Slave and switches back to Master. 2 sec

Modbus Sub-protocols

Protocol Description
Modbus RTU The most commonly used version of Modbus over Serial links.
Modbus ASCII Closely resembles Modbus RTU but uses only ASCII characters for communication, thus making it possible to transfer over 7-bit links (and somewhat easier to debug).
Modbus TCP A version of Modbus used over TCP connections.

Stream Roles

Role Description
TX - Master; RX - Slave Master and Slave(s) use different data streams. The Master’s commands are in the TX stream; the Slave(s)’ replies are in the RX stream.
RX - Master; TX - Slave Master and Slave(s) use different data streams. The Master’s commands are in the TX stream; the Slave(s)’ replies are in the RX stream.
Half-duplex (TX) Master and Slave(s) use the same data stream – TX.
Half-duplex (RX) Master and Slave(s) use the same data stream – RX.

Half-duplex Modes

Mode Description
Alternate Master/Slave The analyzer alternates the roles dynamically based on the traffic.
RTS ON - Master, else Slave When the RTS signal is ON (active), the analyzer treats the packet as originating from the Master. If RTS is OFF, the packet is treated as originating from the Slave.
RTS ON - Slave, else Master When the RTS signal is ON (active), the analyzer treats the packet as originating from the Slave. If RTS is OFF, the packet is treated as originating from the Master.
CTS ON - Master, else Slave When the CTS signal is ON (active), the analyzer treats the packet as originating from the Master. If CTS is OFF, the packet is treated as originating from the Slave.
CTS ON - Slave, else Master When the CTS signal is ON (active), the analyzer treats the packet as originating from the Slave. If CTS is OFF, the packet is treated as originating from the Master.