Appearance
Modbus RTU Protocol Guide
1. Introduction
Modbus RTU is an industrial communication protocol used for data exchange between industrial devices. It serves as a "common language" enabling communication between devices from different manufacturers.
1.1 Key Features
- Simple structure, easy to implement
- High reliability
- Widely used in industrial automation
- Supports multiple physical layers (e.g., RS-485, RS-232)
2. Working Principle
2.1 Communication Mode
- Master-slave architecture
- One master device can control multiple slave devices
- Each slave device has a unique address (1-247)
2.2 Data Transmission
Data frame format: Address(1 byte) | Function Code(1 byte) | Data | CRC(2 bytes)
CRC (Cyclic Redundancy Check) is a crucial error detection mechanism in Modbus RTU protocol.
- Uses CRC-16 algorithm (polynomial: x16 + x15 + x2 + 1)
- Initial value: 0xFFFF
- Calculation range: all bytes from address to data
- Low byte first, high byte last
CRC calculation tools:
Note: For practical applications, it's recommended to use programming libraries for CRC calculation to ensure accuracy and efficiency.
2.3 Common Function Codes (Decimal)
| Function Code | Description | Example(Hex) | Explanation |
|---|---|---|---|
| 01 | Read Coil Status | 01 01 00 00 00 0A 3D CC | Read 10 coil states from slave 01, starting at address 0000 |
| 02 | Read Input Status | 01 02 00 00 00 08 79 CC | Read 8 input states from slave 01, starting at address 0000 |
| 03 | Read Holding Registers | 01 03 00 00 00 02 C4 0B | Read 2 holding registers from slave 01, starting at address 0000 |
| 04 | Read Input Registers | 01 04 00 00 00 01 31 CA | Read 1 input register from slave 01, starting at address 0000 |
| 05 | Write Single Coil | 01 05 00 00 FF 00 8C 3A | Set coil at address 0000 to ON in slave 01 |
| 06 | Write Single Register | 01 06 00 01 00 03 98 0B | Write value 0003 to register at address 0001 in slave 01 |
| 15 | Write Multiple Coils | 01 0F 00 00 00 02 01 03 9E 9F | Write value (03) to 2 coils in slave 01, starting at address 0000 |
| 16 | Write Multiple Registers | 01 10 00 00 00 02 04 00 0A 00 0B C7 B2 | Write values (000A,000B) to 2 registers in slave 01, starting at address 0000 |
3. Practical Application Example
3.1 Temperature and Humidity Acquisition
Scenario: Reading data from a temperature and humidity sensor
- Communication Parameters:
- Baud Rate: 9600
- Data Bits: 8
- Stop Bits: 1
- Parity: None
- Slave Address: 01
- Reading Temperature Value (Holding Register Address 0x00) Request Message:
01 03 00 00 00 01 84 0A- 01: Slave Address
- 03: Function Code (Read Holding Registers)
- 00 00: Starting Address
- 00 01: Number of Registers
- 84 0A: CRC Check
Response Message:
01 03 02 00 64 B9 AF- 01: Slave Address
- 03: Function Code
- 02: Byte Count
- 00 64: Data (100, indicating 10.0°C)
- B9 AF: CRC Check
3.2 Common Issues
- Communication Failure:
- Check wiring connections
- Verify communication parameters
- Confirm device address
- Data Anomalies:
- Check function code
- Verify register address range
- Confirm data format conversion
4. Debugging Tools
- Modbus Poll: For master simulation
- Modbus Slave: For slave simulation
- ModScan: Comprehensive debugging tool
Note: All tools above offer trial versions. License required for commercial use.
5. Important Notes
IMPORTANT Modbus RTU has no built-in encryption mechanism. Use in trusted networks and implement additional security measures when necessary.