b2

b2

关注
发信
关注(28)粉丝(399)

欧姆龙 EntherNet/IP(CIP报文格式)

Enthip/IP_ CIP报文格式

测试Demo在文章末尾

注册请求帧:

0x65 0x00   注册请求命令 2byte

0x04,0x00   header长度2byte   < 封装头>

0x00,0x00,0x00,0x00 会话句柄 4byte()

0x00,0x00,0x00,0x00    状态默认0 4byte

0x00, 0x00, 0x00,0x00,0x00,0x00,0x00,0x00 发送方描述 默认0 8byte

0x00,0x00,0x00,0x00选项默认0 4byte

0x01,0x00  协议版本

0x00,0x00  选项标记

注册请求帧发送实例:

65 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00

注册应答帧:

  0x65,0x00,命令 2byte
  0x04,0x00, CommandSpecificData的长度 2byte
  0x6B,0x01,0x01,0x00,会话句柄 4byte 由PLC生成
  0x00,0x00,0x00,0x00,状态默认0 4byte  状态字段
  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,发送方描述默认0 8byte
  0x00,0x00,0x00,0x00,选项默认0 4byte

  0x01,0x00,协议版本 2byte

  0x00,0x00,选项标记 2byte

注册请求帧接收实例:

65 00 04 00 71 01 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00

(提取会话句柄或者会话ID  71 01 0E 00

状态字段

 

 

 

 

************读取信息报文帧  EtherNet/ip *************************

PLC标签:TAG1

读取报文:

6F 00 28 00 70 01
27 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 18
00 52 02 20 06 24 01 0A F0
0A 00 4C 03 91 04 54 41 47 31 01 00 01 00 01 00

下面是解析:

6F 00 命令码

28 00  后面报文长度 指:( 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 18
00 52 02 20 06 24 01 0A F0
0A 00 4C 03 91 04 54 41 47 31 01 00 01 00 01 00

70
01 27 00  会话句柄

00
00 00 00   状态,初始值
0  状态好

00 00
00 00 00 00 00 00 发送方描述

00 00
00 00   选项默认

以上是封装头Header(6F 00 28 00 70 01 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00)

以下是特别命令数据:

00 00 00
00:接口句柄 00 00 00 00 代表CIP

01 00  超时

02 00项数

00 00  空地址项

00 00   空地址项长度

B2 00   未连接项 默认

18
00  CIP报文包的长度(52 02 20 06 24 01 0A F0
0A 00 4C 03 91 04 54 41 47 31 01 00 01 00 01 00)

52命令

02请求路径长度

20
06 24 01默认请求路径

0A F0
0A 00默认超时

4C服务标识

03 CIP长度多少字(91 04 54 41 47 31)

91固定

04PLC标签长度 多少个字节

01 00读取长度

01
00 01 00 槽号

 

返回报文帧解析 

6F
00 18 00 71 01 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   封装头

00
00 00 00 01 00 02 00 00 00 00 00 B2 00 08 00 CC 00 00 00 C1 00 00 00   特定命令数据

 

6F
00  命令

18
00 长度  (总长度 -封装头长度 )

71
01 14 00 会话句柄(会话ID)

00
00 00 00 会话状态

00
00 00 00 00 00 00 00 发送方描述  固定

00
00 00 00 选项 默认

 

命令特定数据

00
00 00 00 接口句柄 ,00000000 指CIP

01
00 超时

02
00 项数 默认2

00
00 连接的地址项

00
00 连接地址项长度

B2
00  未连接数据项

08
00  连接长度

CC  服务标识

00
填充字节

00
00 状态

C1
00  数据类型 BOOL   (0x00C3(195) 为整型,0x00CA(202)为实型, 0x00C1(193)为布尔型,long 型为0x00C4,BYTE为0x00C2  )

00
00 数据值

 

网络调试助手发送数据历史记录

 

[2019-12-03
15:33:31.560]# SEND HEX>   注册会话   PC=>PLC

65
00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00
00

 

[2019-12-03
15:33:31.564]# RECV HEX> 返回会话句柄 PLC=>PC

65
00 04 00 70 01 0D 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 00 00

 

[2019-12-03
15:34:08.745]# SEND HEX> PC=>PLC读取

6F
00 28 00 70 01 0D 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 18 00 52 02 20
06 24 01 0A F0 0A 00 4C 03 91 04 54 41 47 31 01 00 01 00 01 00

 

[2019-12-03
15:34:08.751]# RECV HEX> plc=>PC返回

6F
00 18 00 70 01 0D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 01 00 02 00 00 00 00 00 B2 00 08 00 CC 00 00 00 C1 00 00 00

注释:C1 00 _BOOL   00
00_数据,true的情况下=01 00

写单个标签

在写单个标签之前 ,需要注册会话,获取会话句柄 ,之后进行写入命令

下面是写入单标签完整报文帧 :

6f 00 2c 00 71 01
14 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 b2 00 1c 00 52 02 20 06 24 01 0a f0
0e 00 4d 03 91 04 54 41 47 31 c1 00 01 00 00 00 01 00 01 00

解析:

=>Header封装头:6f 00 2c 00 71 01 14 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00

命令特定数据:

00 00 00 00 01 00 02 00 00 00 00 00 b2
00 1c 00 52 02 20 06 24 01 0a f0 0e 00 4d 03 91 04 54 41 47 31 c1 00 01 00 00 00 01 00 01
00

 

6F 00 :命令码

2C 00 :长度(去除header后报文长度 字节为单位)

71 01 14 00 :会话句柄

00 00 00 00 :会话状态

00 00 00 00 00 00
00 00 :发送方描述 固定

00 00 00 00 :选项 默认

 

00 00 00 00 :接口句柄 ( 00 00 00 00 指CIP)

01 00 :超时

02 00    项数 默认2

00 00   空地址项  默认

00 00  空地址项长度 默认

B2 00 未连接数据项 默认

1C 00:数据长度 指后面数据长度 (字节)

52
请求服务代码

02
请求路径长度

20
06 24 01 请求路径 默认

0A
F0  超时默认 245760ms

OE 00:长度 (从服务标识开始 到 写入的值 结束 )

4D :服务标识

03 :长度(91 04 54 41 47 31 )

91:固定

04:标签长度

54 41 47 31 :TAG1(标签名)

C1 00:数据类型 bool0x00C3(195) 为整型,0x00CA(202)为实型,0x00C1(193)为布尔型,long 型为0x00C4,BYTE为0x00C2

01 00:写入数量

 00 00 :写入的值
 false:0   TRUE:任意非0数

01 00 01 00 PLC槽号

 

返回报文:

6f 00 14 00 71 01 14 00 00 00  00 00 00 00 00 00 00 00 00 00 00 00 00 00

00  00  00
00  01 00 02 00 00 00 00 00 b2 00 04 00 cd 00  00 00

解析:

71 01 14 00:会话句柄

B2 00:未连接数据项 默认

CD:服务标识(写)固定

00:填充字节

0000:状态、 成功

单标签写入,调试软件调试记录:

[2019-12-03 17:08:09.346]# SEND HEX> 注册会话

65 00 04 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 01 00 00 00

[2019-12-03 17:08:09.353]# RECV HEX> 返回会话句柄

65 00 04 00 70 01 21 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 01 00 00 00

[2019-12-03 17:08:42.352]# SEND HEX> 标签TAG1 写入0

6F 00 2C 00 70 01 21 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 1C 00
52 02 20 06 24 01 0A F0 0E 00 4D 03 91 04 54 41 47 31 C1 00 01 00 00 00 01 00
01 00

[2019-12-03 17:08:42.357]# RECV HEX> 写0结果返回

6F 00 14 00 70 01 21 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 04 00
CD 00 00 00

[2019-12-03 17:08:55.840]# SEND HEX> 写1

6F 00 2C 00 70 01 21 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 1C 00
52 02 20 06 24 01 0A F0 0E 00 4D 03 91 04 54 41 47 31 C1 00 01 00 FF FF 01 00
01 00

[2019-12-03 17:08:55.845]# RECV HEX> 写1结果

6F 00 14 00 70 01 21 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 04 00
CD 00 00 00

[2019-12-03 17:09:11.630]# SEND HEX>写1

6F 00 2C 00 70 01 21 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 1C 00
52 02 20 06 24 01 0A F0 0E 00 4D 03 91 04 54 41 47 31 C1 00 01 00 01 00 01 00
01 00

[2019-12-03 17:09:11.639]# RECV HEX> 写1结果

6F 00 14 00 70 01 21 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 04 00
CD 00 00 00

 

多标签读取

参考单标签的 报文帧

读取TAG1 
和TAG2

54 41 47 31  TAG1

54 41 47 32   TAG2

[2019-12-03 17:55:55.741]# SEND HEX>

6F 00 3E 00 70 01 27 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 2E 00
52 02 20 06 24 01 0A F0 20 00 0A 02 20 02 24 01 02 00 06 00 10 00 4C 03 91 04 54 41 47 31 01 00 4C 03 91 04 54 41 47 32 01 00 01 00 01 00

[2019-12-03 17:55:55.847]# RECV HEX>

6F 00 2A 00 70 01 27 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 B2 00 1A 00
8A 00 00 00 02 00 06 00 0E 00 CC 00 00 00 C1 00 01 00 CC 00 00 00 C1 00
01 00

注销会话

注销会话报文是没有返回值的

[2019-12-05 12:27:18.253]# SEND HEX> 注册会话

65 00 04 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 01 00 00 00

 

[2019-12-05 12:27:18.256]# RECV HEX> 返回会话句柄

65 00 04 00 71
01 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00

 

[2019-12-05 12:27:42.889]# SEND HEX>  注销会话

66 00 00 00 71 01 04 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00

 

66 00 :命令

00 00 :长度

71 01 04 00:要注销的会话句柄

00 00 00 00 状态 默认0

00 00 00 00 00 00
00 00:发送内容 默认0

00 00 00 00: 选项 默认0

 

 水平有限 ,有错误之处 ,多多包涵,意见或建议,请留言!

测试Demo 

链接:https://pan.baidu.com/s/1_niradiIAOPXUNV-k-PS9w
提取码:9mc6

05-19 05:51
Powered by LMLPHP ©2024 b2 0.063601