Modbus Protocol 2 – Modbus RTU

Modbus RTU

Modbus RTU is a communication protocol used between industrial electronic devices. The main features are:

  • Used in a master-slave network architecture, with one master and multiple slaves, up to 247 slaves.
  • Physical communication lines, typically RS485 or RS422.
  • The master is responsible for message requests, while the slaves respond to these requests, hence the master is also referred to as the client, and the slaves as the server.
  • Each slave has a unique ID address for communication with the master, which is generally set via dip switches or software.

Message Frame Format

Message Format:

<span>[Slave Address] [Function Code] [Data] [CRC]</span>

  • Slave Address: 1-247, the address of the slave device, where 0 indicates a broadcast.
  • Function Code: Informs the slave of the function to be executed, such as reading coils or writing registers.
  • Data: The data for the request or response.
  • CRC: The CRC check for the preceding data.

Function Codes:

The commonly used function codes are defined as follows:

Function Code Name Purpose
01 (0x01) Read Coils Read the status of one or more coils.
05 (0x05) Write Single Coil Write to a single coil (force ON/OFF).
15 (0x0F) Write Multiple Coils Write to multiple coils.
02 (0x02) Read Discrete Inputs Read the status of one or more discrete inputs.
03 (0x03) Read Holding Registers Read the values of one or more holding registers.
06 (0x06) Write Single Register Write to a single holding register.
16 (0x10) Write Multiple Registers Write to multiple holding registers.
04 (0x04) Read Input Registers Read the values of one or more input registers.

Communication Example

The master needs to read from slave 6, starting from register 0x100, for 2 consecutive holding register values. The value of register 0x100 for slave 6 is 0x1234, and the value of register 0x101 is 0x5678.

Request message sent by the master:

<span>06 03 01 00 00 02 C4 40</span>

  • 06: Slave address.
  • 03: Function code for reading holding registers, indicating the value to be read.
  • 01 00: Address of the holding register to be read.
  • 00 02: Number of registers to read.
  • C4 40: CRC check code for the preceding data, noting that the CRC value is sent in little-endian order.

Response message from the slave:

<span>06 03 04 12 34 56 78 F7 C7</span>

  • 06: Slave address.
  • 03: Function code for reading holding registers, indicating the value to be read.
  • 04: Number of data bytes returned.
  • 12 34: Value of register 0x100.
  • 56 78: Value of register 0x101.
  • F7 C7: CRC check code for the preceding data (0xC7F7), noting that the CRC value is sent in little-endian order.

Related posts

  1. Writing a GDB Plugin for Quick Address Information Calculation
  2. Discussing C Programming – Source Code Sharing for ModbusCRC
  3. Analysis of HTTP Client POST Request Timeout Issues Caused by JDK Upgrade
  4. Practical Insights: Application of the Modbus Protocol
  5. How Does Modbus Work?
  6. Debugging Methods and Techniques for ATF Architecture 3.4 (GDB, JTAG, Logging System)
  7. Understanding TTL, CMOS, and RS232 Levels
  8. Classic PLC Modbus Communication Example
  9. Complete Guide to Modbus RTU, ASCII, and TCP
  10. Getting Started with Modbus and Fieldbus
  11. Siemens MODBUS_TCP Client
  12. Introduction to Modbus Protocol: A Comprehensive Guide
  13. Hands-On Guide to FX5U and Mitsubishi Inverter RTU Communication
  14. Introduction to Major Biological Research Databases
  15. Mastering PLC: The Three Essential Core Skills!
  16. Siemens S7-200smart PLC MODBUS RTU Communication Case Study
  17. Modbus TCP to HART – ADFWEB Gateway Converter
  18. Complete Guide to the Rust Programming Language
  19. The Future Transformation of AI-Driven Learning Devices

Leave a Comment