1
Appendix A - Modbus Protocol
transmission mode. The Modbus protocol defines a message structure that controllers will recognize and
use, regardless of the type of networks over which they communicate. It establishes a common format for
the layout and contents of message fields. Transactions use a master-slave technique, in which only one
device (the master) can initiate transactions (called queries). The other devices (the slaves) respond by
supplying the requested data to the master and by taking the action requested in the query. Insite IG
analyzers operate as slaves to other modbus devices.
Message framing
Messages start with a silent interval of at least 3.5 character times followed by 4 fields and then
followed by another silent interval of at least 3.5 character times. The first field contains the device
address. The second field contains the function code. The third field contains the data. The fourth field
contains the CRC value.
Address field
The address field contains one byte. Valid slave device addresses are in range 1 to 247 decimal.
Function code field
The function code field contains one byte. See the section titled Function codes supported by the
Model 2000.
Data field
The data field contains one or more byte. This information is used by the analyzers to take the action
defined by the function code.
CRC field
The CRC (cyclical redundancy check) field is two bytes, containing a 16-bit binary value. The CRC
value is calculated by the transmitting device, which appends the CRC to the message. The receiving
device recalculates a CRC during receipt of the message, and compares the calculated value to the actual
value it received in the CRC field. If the two values are not equal, the message will be discarded.
The CRC is started by first preloading a 16-bit register to all 1’s. Then a process begins of applying
successive 8-bit bytes of the message to the current contents of the register. During the generation of the
CRC, each 8-bit character is exclusive ORed with the register contents. Then the result is shifted in the
direction of the least significant bit (LSB), with a zero filled into the most significant bit (MSB) position. The
LSB is extracted and examined. If the LSB was a 1, the register is then exclusive ORed with a preset
fixed value. If the LSB was a 0, no exclusive OR takes place.
The process is repeated until eight shifts have been performed. After the last (eight) shift, the next 8-
bit byte is exclusive ORed with the register’s current value, and the process repeats for eight more shifts
as described above. The final contents of the register, after all the bytes of the message have been
applied, is the CRC value.
When the CRC is appended to the message, the low-order byte is appended first, followed by the
high-order byte.
Analyzers support communication with other devices via the Modbus protocol using RTU
To Next Page
Loading...