What is Modbus? Understanding It Clearly to Avoid Pitfalls Next Time
Last night, a junior was debugging the RS-485 bus, and the slave device just wouldn’t respond. After capturing the data, I found: the CRC low byte was reversed! Not fully grasping the Modbus frame format meant that 1 byte error = total failure. Today, in just 5 minutes, we will break down the “Address – Function Code – Data – CRC” into a single table, so you won’t be confused next time. After reading this, you will be able to ① instantly recognize each byte in the frame ② use online tools to verify the frame in 5 seconds—bookmark it so it doesn’t gather dust.
What is Modbus?
1
Modbus is a widely used industrial communication protocol, originally developed by Modicon (now Schneider Electric) in 1979. It is used to connect electronic devices in industrial automation systems, such as sensors, actuators, PLCs (Programmable Logic Controllers), etc. The main advantages of Modbus are its simplicity, openness, ease of implementation, and the ability to operate over various physical layers.
It has the following characteristics:
– Master-Slave Structure:
Modbus communication adopts a master-slave structure, where the master device (usually a PLC or computer) initiates communication, and the slave device (such as a sensor or actuator) responds to requests.
– Open Protocol:
Modbus is open, and anyone can use it for free without paying licensing fees.
– Multiple Transmission Methods:
Modbus supports various physical layers, including:
– **Modbus RTU**: Based on serial communication (such as RS-485), using binary format, which is efficient.
– **Modbus ASCII**: Also serial communication, but uses ASCII characters, which is easier for debugging but less efficient.
– **Modbus TCP/IP**: Based on Ethernet, using TCP protocol, suitable for modern network environments.
In summary, Modbus is just a protocol, a master-slave communication constraint. So what is the specific protocol format content?
A typical Modbus RTU frame structure is as follows:
– Address: The ID of the slave device (1–247, 0 is the broadcast address)
– Function Code: Indicates the type of operation, such as reading coils, writing registers, etc.
– Data: The specific data content
– CRC: Cyclic Redundancy Check, used for error detection, with low byte first, high byte second
As you can see, the protocol mainly consists of these four parts:
The master sends data that conforms to this frame structure, and the slave executes the corresponding action or returns data based on this protocol.
Example of a Real Modbus Protocol
2
Here are 3 sets of real Modbus-RTU frames (in hexadecimal) that can be captured, each accompanied by a “delivery slip” style explanation, so even beginners can easily match “Address – Function Code – Data – CRC”.
① Read 1 Holding Register (most common)
Original Frame
`01 03 00 00 00 01 84 0A`
Slave Normal Response
`01 03 02 00 64 B8 AF`
→ `02` indicates “the next 2 bytes are the real data”, `00 64` is decimal 100, which is the temperature/current/pressure value you want.
② Write 1 Register (immediate effect)
Master Request
`01 06 00 01 00 32 9A 3B`
Slave Echo Response (as per Modbus standard)
`01 06 00 01 00 32 9A 3B`
→ The same frame returned indicates “write successful”, and the master knows it’s OK by seeing the same frame.
③ Write 3 Registers at Once (batch dispatch)
Master Request (16 bytes)
`01 10 00 00 00 03 06 01 2C 02 58 03 84 73 39`
Slave Response (only 8 bytes)
`01 10 00 00 00 03 81 CB`
→ The return of “starting address + quantity” indicates that all writes are complete.
Advantages and Disadvantages of Modbus
Advantages: 👍 “Free, simple, widely recognized”
Disadvantages: ⚠️ “No encryption, no arrays, maximum address 65536”
Application Scenarios
– Industrial Automation (PLC, DCS, SCADA systems)
– Building Automation (HVAC, lighting control)
– Energy Management (electric meters, water meters, gas meters)
– IoT Devices (gateways, sensors)
Returning to the earlier question from the junior:
This is one of the most common pitfalls in Modbus-RTU:
The CRC16 is calculated as 2 bytes,with the low byte first and the high byte second,
but many people are used to “writing the high byte first”—thus reversing the order of the two,
resulting in the slave reporting an error during signature verification, and the entire frame being discarded, appearing as “slave silence”.
Reversing the order resolves the issue.
Tips
3
Quick Frame Verification Tips
1. Copy the hexadecimal string → Open https://www.lammertbies.nl/comm/info/crc-calculation.html
2. Select CRC-16 Modbus → Paste all data except the last 2 bytes → The calculation result = the last 2 bytes is correct!
What strange Modbus error codes have you encountered? Feel free to discuss in the comments.