M Macromedia Authorware v5.0: s/n: APW500-9-92400 Macromedia Director Academic v4.0 for Win 95: DRW404-0429-1085-7007 Macromed. Multiple modscan64 formats such as float, double and long with word order swapping are available. You may use the form below to modscan64 an order. For each window you modsca64 specify the Modbus slave ID, function, address, size and poll rate. A08 December 23, MNetMon. Evaluation Software. Modscam64 Data logging to a text file readable by MS. The Modbus Scanner App is a brand building exercise that strengthens connections and communication with clients, while at the same time providing them with something useful that they will truly appreciate. Power points, once used, can be only be regained by a period of sleep or meditation usually around 8 hours. Semi-spell casters split their attention between casting and arms, making them weaker casters, but giving them other benefits.

Thread Starter
Hi all,
This is my first post since joining the forum. I have worked in the hvac industry for 16 years swapping many bms components and a time served refrigeration engineer and now have been trying to further my knowledge of the workings behind the scenes.
I've a modbus rtu setup for testing, I'm trialing a connection to a mitsubishi electric frd700 inverter direct from my desktop via an rs485/USB converter on comm3.
I can interface with the drive via modscan64 and manually alter the binary registers to signal the drive to run, stop and vary the frequency etc. No problems.
I have a trial of quickhmi, I have setup the data source correctly but am struggling to communicate with the drive. Slave id , baud rate, parity etc all match modscan64 settings. The drive is set as a slave in the hmi. The register I'm trying to access is hr 9 (40009) I'm referencing it as hr8 with a byte variable type. Then trying to write the hex conversion of the new binary byte to the register.
Any advice would be helpful!
If you're interested in playing around with the Modbus protocol, you probably want to start with free, or preferably, open source tools. Here are the ones I've found useful:


  • Metasploit - Everyone's favourite penetration testing tool has by default a bunch of modules which are helpful for analyzing Modbus services. I often use the modbusdetect and modbusclient modules for checking to see if a service is actually a valid Modbus service and triggering IDS' like Snort which are using Modbus rules.
  • Modscan - This basic tool allows you to check if a service is an actual Modbus service, like the Metasploit modules, but is a simple, self-contained Python script so you don't need to install the entire Metasploit framework to see if a service is an actual Modbus service or not. I can also reliably crash my test PLC hardware with a couple of scans from this script, so be careful! :-)
  • PLCscan - This script allows you to also probe a Modbus service to see if it's genuine, but I found it personally to not be as useful as the previous two tools. It does have some specific, non-Modbus, functionality for Siemens PLCs which may be of use to you, however.
  • Wireshark - The best network sniffer around, bar none. Contains modbus decoding modules.
  • Nmap - The best port scanner around, bar none. Useful if you need to quickly check for open ports.

Modscan64 software, free download


  • Modscan64 (not to be confused with the Modscan tool above) - This tool is free, but could be more accurately classified as nagware. It's great for dumping all the registers of a Modbus service and seeing what is laid out in the memory of PLC, but it's a bit awkward to use.
  • CAS Modbus Scanner - This tool is completely free but I personally found to not be as useful at revealing the internals of a Modbus service as Modscan64.

Modscan64 Software


  • Digital Bond SCADA HoneyNet - The good folks at Digital Bond have created a SCADA Honeypot which emulates Modbus, HTTP, FTP and SNMP for a Modicon PLC. The instructions that come with it are for the old version of VMWare Server, so if you want to run it with the new VMWare Server, be prepared for a struggle. However, you can just extract the protocol simulators (like Modbus) which are just standard Java programs and run them yourself. The system that you can download provides you with an emulated PLC and the networking infrastructure around it for you to monitor any potential attacks. It is not being actively developed, AFAICT.
  • ConPot - A new SCADA/ICS honeypot which currently emulates Modbus and SNMP. It is much simpler to setup than the Digital Bond SCADA HoneyNet but has pretty much the same functionality. It is currently under active development.
Modscan64Modscan64Obviously: only use these tools against a network that you are authorized to assess!

Modscan64 License