Create modbus raw requests using C sockets!
This protocol is build upon model a request and replay model! It uses function codes in combination with data section to request/send data!

Modbus function codes and their description:

Function Description
FC=01 Read Coil Status
FC=02 Read Input Status
FC=03 Read multiple holding registers
FC=04 Read Input Registers
FC=05 Write Single Coil
FC=06 Write Single Holding Register
FC=07 Read Exception Status
FC=08 Diagnostics
FC=11 Get Comm Event Counter (RTU)
FC=12 Get Comm Event Log (RTU)
FC=14 Read Device Identification
FC=15 Write multiple coils
FC=17 Write multiple holding registers
FC=20 Read file record
FC=21 Write file record
FC=22 Mask Write Register
FC=23 Read/Write Multiple Registers
FC=24 Read FIFO Queue
FC=43 Read Device Identification
FC=90 Implement new function

Function codes are used to build modbus packet which is going to be send over TCP/IP. The modbus packet have the following format:


Shodan dork: port:502

Output example:

Request RAW: 00 01 00 00 00 06 01 01 00 01 00 0F 

Transaction ID: 00 01
Protocol ID   : 00 00
Length        : 00 06
Unit ID       : 01

Function code : 01
Start address : 00 01
Data count    : 00 0F

Response RAW: 00 01 00 00 00 05 01 01 02 FF 7F 

Transaction ID: 00 01
Protocol ID   : 00 00
Length        : 00 05
Unit ID       : 01
Function code : 01
Data count    : 02 bytes

Security perspective of modbus: