Författare:
Per Stenebo
Skapad:
2013-03-08 21:51:24
Ändrad:
2017-12-30 13:37:57
en

Modbus frame format

How to build a Application Data Unit (ADU) for Modbus communication.

FC is short for Function Code.

Modbus-TCP request frame for FC 4

Length: 12 bytes, each byte represented by two - as placeholders:

-- -- -- -- -- -- -- -- -- -- -- --

Example Modbus-TCP request, as space-separated hexadecimal numbers (without prefixing 0x), where each character pair represent one byte:

00 00 00 00 00 06 01 04 00 1C 00 01

The very same request, but written as a raw binary string of bytes (in python):

\x00\x00\x00\x00\x00\x06\x01\x04\x00\x1C\x00\x01

 

Byte 0-1

Transaction Identifier, for synchronization between messages of server & client.

00 00 -- -- -- -- -- -- -- -- -- --

Byte 2-3

Protocol Identifier, zero for Modbus-TCP.

-- -- 00 00 -- -- -- -- -- -- -- --

Byte 4-5

Number of remaining bytes in this frame.

-- -- -- -- 00 06 -- -- -- -- -- --

Byte 6

Unit Identifier. Server address, 0xFF (255) if not used.

-- -- -- -- -- -- 01 -- -- -- -- --

Byte 7

Function code.

-- -- -- -- -- -- -- 04 -- -- -- --

Byte 8-9

Start register reference.

-- -- -- -- -- -- -- -- 00 1C -- --

Byte 10-11

Requested number of registers. For FC 6 this is the data to write:

-- -- -- -- -- -- -- -- -- -- 00 01

 

Modbus-TCP response frame for FC 4

Length at least 10 bytes (with one 8-bit register = one data byte).

Length 11 bytes with one 16-bit register = two data bytes.

Example of Modbus-TCP response to request above, as hex:

00 01 00 00 00 05 01 04 02 00 09

Byte 0-1

Transaction Identifier. For synchronization between messages of server & client.

00 01 -- -- -- -- -- -- -- -- --

Byte 2-3

Protocol Identifier. Zero for Modbus-TCP.

-- -- 00 00 -- -- -- -- -- -- --

Byte 4-5

Length Field. Number of remaining bytes in this frame. Minimum 00 05 (one 16 bit register = two data byte).

-- -- -- -- 00 05 -- -- -- -- --

In a error response this field should be 00 03.

Byte 6

Unit Identifier / server address. FF (255) if not used.

-- -- -- -- -- -- 01 -- -- -- --

Byte 7

Function code. Function codes as in other variants.

-- -- -- -- -- -- -- 04 -- -- --

Add 0x80 (0x80 = 128) to the function code in a error frame (03 + 80 = 83)

Byte 8

Number of data bytes.

-- -- -- -- -- -- -- -- 02 -- --

Replaced with exception code, one byte between 0x00 and 0x0A, in a error response.

Byte 9-n

Data bytes.

-- -- -- -- -- -- -- -- -- 00 09

Not included in a error response.

 

Modbus-RTU request frame

8 bytes in length.

-- -- -- -- -- -- -- --

01 04 00 1C 00 01 F0 0C

Byte 0

Slave address or unit id:

01 -- -- -- -- -- -- --

Byte 1

Function code:

-- 04 -- -- -- -- -- --

Byte 2-3

Start register reference:

-- -- 00 1C -- -- -- --

Byte 4-5

Requested number of registers. For FC 6 this is the data to write:

-- -- -- -- 00 01 -- --

Byte 6-7

CRC checksum of the previous bytes:

-- -- -- -- -- -- F0 0C

 

Modbus-RTU correct response frame

Minimum length 6 bytes (with one 8-bit register = one byte).

Length 7 bytes with one 16-bit register = two bytes.

Byte 0

Address or unit id:

00 -- -- -- -- -- --

Byte 1

Function code:

-- 03 -- -- -- -- --

Byte 2

Quantity of requested data bytes, n:

-- -- 02 -- -- -- --

Byte 3-n

Data bytes:

-- -- -- 00 09 -- --

Byte (n+3) - (n+4)

Earliest in byte 4-5. CRC checksum of the previous bytes:

-- -- -- -- -- 79 36

 

Modbus-RTU error response frame

5 bytes in length.

-- -- -- -- --

02 89 01 76 50

Byte 0

Slave address or unit id:

02 -- -- -- -- --

Byte 1

Error code: Requested function code + 0x80 (0x80 = 128):

-- 89 -- -- -- --

Byte 2

Exception code:

-- -- 01 -- -- --

Byte 3-4

CRC checksum of the previous bytes:

-- -- -- 76 50

 

Kommentarer till sidan Frame format