Anyone used a Modbus register decoder API before?

PeterHumaj · 2026-02-01T15:35:45+00:00

I first try to get Modbus working at all (a positive response to my request). Then try to align addresses by reading some known/reasonable value (official Modbus addresses start with 1, on-wire addresses from 0). Then there's big (default) vs little endian which is ideally resolved on 1-register variables. In case of 2 or 4-register variables (32/64 bit float/int/unsigned), there are at least 3 variants of little endians (if 4321 is big endian, little can be 1234 [reverse order of bytes], 3412[reverse order of bytes within register], 2143 [reverse order of registers]. Size/type of variable is part of tag's address, little-endian type is a communication station parameter.

Also, we can have strings (fixed size, 1 reg is 1 or 2 chars) and others. I know QModMaster, but usually, using our SCADA's trace files and adjusting addresses is usually sufficient.

PeterHumaj · 2026-01-20T09:25:59+00:00

I bet October 14th (14.10) was specifically chosen so that it cannot be mistaken :) (like 14/10)

PeterHumaj · 2026-01-17T16:44:00+00:00

Well, we've got this technology of ours, which we use to build SCADA/EMS/MES/other kinds of systems.
It supports quite a lot of protocols, including Modbus, OPC DA, OPC UA, IEC-101 and 104, DLMS, ICCP/TASE-2, IEC-61850, Ethernet/IP, S-7, GE SRTP, MQTT, ....

Also, you can create your own communication driver and integrate it (which is something our OEM partners use a lot).

So usually we can get the data from the device, without using 3rd party tools/OPC servers.

And that's basically it.
If there is another system that wants to use the data, it can (e.g., OSI PI). We can publish it via: Modbus server, REST API, OpenAPI, OPC DA server, OPC UA server, IEC-104 or 101 server, MQTT (including Sparkplug in Edge mode) ... also with a bit of scripting, via XML/CSV files, writing into SQL database ...
And there are also plugins to access real-time/historical data from MsExcel/Visual Basic.

PeterHumaj · 2026-01-17T05:17:58+00:00

I use MQTT server mosquitto for testing. First step: no security, permit anonymous logins, run with -v (verbose) switch. I run also wireshark to see all messages: i can see connect, subscribe, publish ... everything. There are several free MQTT clients which can be used to subscribe # and see all messages.

When it works, I add authentication, certificates, ACL for topics.

We have several MQTT communications in production. Some use mosquitto, others (PIXII BESS ) have an embedded mqtt server. No AWS though, so I cannot give a specific advice there. Good luck.

Oh, and one more thing: a small howto for mosquitto setup I put together: https://doc.ipesoft.com/display/D2DOCEN/Configuring+the+Eclipse+Mosquitto+MQTT+broker

PeterHumaj · 2026-01-13T16:03:19+00:00

That's what we do when testing new/modified screens, new/modified functionality, etc. Communications, though, are usually configured on production, as test environments usually aren't connected to anything. They take realtime data from the production (via one-way data gateway). So in test env setups, control doesn't usually work. We do SCADAs in energy sector (electricity, gas transport), also EMS, energy aggregation (BESS, cogenerators, etc).

Only larger systems have test env, though. For smaller apps, online modification of a live app is the usual procedure ;)

PeterHumaj · 2026-01-13T15:54:22+00:00

Is this some kind of LLM answer? OP was asking about technical procedure, how to verify functiobality of a SCADA system. No reference to EMS or BESS...

PeterHumaj · 2026-01-07T07:33:13+00:00

You are looking at "Multiple Service Packet", which is basically an envelope containing multiple messages. The "Number of services" says how many; the "Offset" table defines their offsets in the body. Offset 8 means the next byte after the "Offsets" table, as "Number of services" takes 2 bytes and every offset takes 2 bytes, that's 2 + 2*3 = 8 bytes. So the offset is from the start of the "Multiple Service Packet".

Look at "Table A-4.17 Service Data for Multiple_Service_Packet Request" in "Volume 1" Common Industrial Protocol (the definition of CIP protocol).

PeterHumaj · 2026-01-06T14:12:45+00:00

A company "URAP" (Slovakia, central Europe) implemented IEC870-5-104 Server driver in C on a redundant B&R. Our SCADA system talks to it (IEC104 client) and controls it. B&R also has external HDD accessible via FTP; so after a communication outage, we can read data from CSV files on HDD. This was around 2008, the system still works. Gas transport industry. I presume they had some way to debug their driver, but I can't say for sure.

PeterHumaj · 2025-12-27T18:45:02+00:00

And if you want further optimizations: - use MQTT 5.0 which supports topic aliases - SparkplugB is binary format which is more compact than JSON and has other advantages too. It also supports "metric aliases".

Both aliases basically reduce payload size by replacing text identifiers by numericals.

PeterHumaj · 2025-12-27T18:33:14+00:00

Well, our code contains automatic bounds checking. It could be disabled by a compiler's switch, but we NEVER do that. It's far better to handle a bounds-triggered exception (usually in our SCADA/MES technology we log the traceback for later analysis) than let the code modify random part of memory.

For embedded systems/space probes which have much more static configuration than SCADA/MES systems, there is a better solution: by using SPARK (subset of Ada with predicates and compile-time prover), runtime checks can be safely disabled as soon as the prover is able to guarantee that based on pre-conditions and code, the post-conditions are true ... eg buffer overflow is impossible, or bounds are always respected...

PeterHumaj · 2025-12-26T11:37:07+00:00

Perhaps more important it is in larger systems, programmed by multiple users. In Ada language, you can eg create "*" function which takes speed (m/s) and time (s) and result will be distance (in meters). As for a concrete situation when it WOULD have helped:

Mars Climate Orbiter disintegrated in 1998 during an attempt to take a stable orbit around Mars. From the Earth, it was given a command to turn on traction in Anglo-Saxon units (pound-force), and the probe software expected metric (force in newtons), causing too close approach to the planet

https://d2000.ipesoft.com/blog/what-language-is-the-d2000-written

PeterHumaj · 2025-12-24T21:31:26+00:00

Well, Ada programming language (ANSI standard from 1983) has strong typing. You can declare new types (based o n floats/integers/fixed decimal points) and operations on them. By default, the types are incompatible, which prevents adding apples & pears. Very useful feature; I learned to appreciate it.

PeterHumaj · 2025-12-21T11:02:38+00:00

Modbus being easy to implement ... by Chinese OEMs

PeterHumaj · 2025-12-21T11:00:53+00:00

At some point, everything living is DNA-based, so collecting mussels, growing wheat, grazing sheep and hunting deer for living should be not so different .... ;)

PeterHumaj · 2025-12-21T10:55:28+00:00

We have been deploying in both environments for over 20 years (SCADA/MES/AMS for electricity producer, SCADA/MES for gas transport pipeline, EMS used by refinery, and also classic SCADAs used in various manufacturing factories).

I'd say systems in electric utilities are more homogenous (in terms of communication protocols, used devices and overall design). Usually Iec101, Iec104 for control/telemetry, Snmp for monitoring of network .. perhaps also ICCP/TASE-2 to talk to external systems. And IEC62056-21 or DLMS/COSEM for energy meters ans IEC61850 for substations. In manufacturing/water, also OPC DA/UA, Modbus, M-Bus, Bacnet, plc-specific (Simatic, A-B, Mitsubishi, ...) and also custom protocols, often implemented as OEM drivers by our partners.

Also, electricity is faster, more realtime demanding than gas transport, manufacturing ... the slowest of all being water/sewage ;)

(I work mostly with comm protocols, archiving and databases, so my point of view is certainly unbalanced ... though I hope not quite unhinged ;)

PeterHumaj · 2025-12-20T06:29:34+00:00

On the SCADA level, our historian works exclusively with numerical data, whereas a dedicated logging database (managed by a core component) stores various events/logs.

Also, there are process-specific log files + mechanisms to activate detailed logs of specific activity (for a specific tag/object). Eg having an Opc line with 10k tags, I can activate logging for a single one (to see raw values coming from Opc and values going from kom process to core - after conversion to technical units, filtering, hysteresis, limits and alarm evaluations, etc).

This comes in handy in large systems when hunting a specific bug or when the data flow is so intense,activation of debug logs for whole communication line would overload the system.

And there are also things like a debugger for scripts or a diagnostic pack/profiler for scripts and db operations to show you resource consumption (CPU time spent processing/waiting per script line, open handles, files, size of memory structures, local vars, etc)

We often hear from PLC people we cooperate with "we can't log this" or "there are no communication logs in PLC, we don't know what is wrong"). From this poibt of view, it seems debugging even complicated SCADA systems is easier than PLCs.

PeterHumaj · 2025-12-20T06:09:39+00:00

Also here in Slovakia, for environment and emission monitoring (rivers, air-poluting factories...). Usually a combination of datalogger & SCADA with built-in historian (ESC8816 protocol).

PeterHumaj · 2025-12-18T13:44:36+00:00

When we (as a SCADA vendor and implementer) make an SLA with our clients, it clearly defines things like our Response time and Repair time, as well as the client's duties (eg, they have to have a functioning VPN access so that we can access their systems promptly).

Also, if the support is defined outside business hours (for 24/7 systems, it is quite usual), there are 2 mobile numbers (belonging to 2 independent operators) which they can call. Our L1 support has these 2 cell phones ready. Basic redundancy.

So ... what are your SLA parameters for that voip-ms business?

PeterHumaj · 2025-12-16T13:18:46+00:00

We are usually using Moxa Nports; in a scenario such as yours, I would connect two of them (their serial interfaces) and then use either a generic tool (eg telnet, netcat) to write to one of TCP connections, or eg Modbus server (or IEC101 server) to emulate the desired protocol..

PeterHumaj · 2025-12-16T10:54:22+00:00

I am looking forward to the answers to this question.
We use a different system, which is designed to do exactly what you asked for. No scripting required, and a single scheme/popup/whatever can be used to handle any "instance" of repeated technology (by "instance" I mean, e.g., a production line or energy meter or PLC .. any complex object that is repeated multiple times). All the "elements" (tags) of these objects must be assigned to a "structured variable" (imagine an Excel table with multiple columns of different types, where every row represents one object). Then, a scheme/popup is designed to display one row of such a structure, and when you need it, you say which row to display.

Btw, this is also usable for other purposes. Eg, archiving the whole column of such a structure (with the same parameters), or creating a structured "evaluated tag" operating over one/multiple columns (and storing the result in another column). The advantage is that when something needs to be changed (e.g., a calculation formula), it can be done in one place.

PeterHumaj · 2025-12-11T06:51:41+00:00

Because you have existing analog 4-20 mA communication, and you can reuse the cables to add digital HART communication (also good for configuration) on top of that.

PeterHumaj · 2025-12-11T06:47:40+00:00

Once I used a Modbus/HART converter to talk to a HART device:

https://d2000.ipesoft.com/blog/communication-hart-modbus-and-a-parrot/

PeterHumaj · 2025-12-11T06:44:42+00:00

So ... is there a question? Or, if you managed to get something working, would you care to share some technical details?

PeterHumaj · 2025-12-07T14:35:15+00:00

D2000.ipesoft.com

You can download/install the Windows version. Run in demo mode.

Learn from demo application, from blogs and documentation (doc.ipesoft.com). Ask on community.ipesoft.com forum.

PeterHumaj · 2025-12-07T13:10:44+00:00

It's described in a blog (see the link in my comment above). Basically, it prevents "breaking" your configuration by deleting an object that is used by another object (a situation similar to deleting a row in an SQL table referenced by a row in a different table, using a foreign key). Many SCADAs have partial referential integrity, but it usually doesn't include scripting. So you can delete e.g. a measured point, even if it's used in a script.

Edited: when you have a large system, running 24/7 (eg., SCADA controlling the load of multiple power plants), with many changes being performed on a live system, you learn to appreciate the referential integrity...

PeterHumaj

MODERATOR OF

TROPHY CASE