How to read modbus packet?

Industrial Networking
1

For troubleshooting I want to read modbus packet between Master and slave ? Is there any tools available to read modbus frame

2

To read a Modbus packet, you need to understand the Modbus protocol, which is a communication protocol for industrial devices. The most common types of Modbus are Modbus RTU (binary) and Modbus TCP (over TCP/IP). Here’s a general guide on how to read a Modbus packet:

Structure of a Modbus Packet

Modbus RTU Packet

A typical Modbus RTU packet consists of:

  1. Slave Address (1 byte): The address of the device you are communicating with.
  2. Function Code (1 byte): Defines the operation to be performed (e.g., read or write).
  3. Data (variable length): Depends on the function code. For example, for a read request, it includes the starting address and the number of registers to read.
  4. CRC (2 bytes): A checksum for error-checking.

Modbus TCP Packet

A typical Modbus TCP packet consists of:

  1. Transaction Identifier (2 bytes): For transaction pairing; often set by the client.
  2. Protocol Identifier (2 bytes): Always 0 for Modbus.
  3. Length (2 bytes): Number of bytes following.
  4. Unit Identifier (1 byte): The same as the Slave Address in RTU.
  5. Function Code (1 byte): Defines the operation to be performed.
  6. Data (variable length): Depends on the function code.

Steps to Read a Modbus Packet

  1. Capture the Packet: Use a tool or library that can capture Modbus packets from the network or serial port. Tools like Wireshark for Modbus TCP or a serial port sniffer for Modbus RTU can be useful.
  2. Parse the Packet: Break down the packet into its components based on the structure mentioned above.

Example: Parsing a Modbus RTU Packet

Let’s say we have a Modbus RTU packet in hexadecimal format: 01 03 00 10 00 02 C4 0B.

  • Slave Address: 01
  • Function Code: 03 (Read Holding Registers)
  • Data:
    • Starting Address: 00 10 (16 in decimal)
    • Quantity of Registers: 00 02 (2 in decimal)
  • CRC: C4 0B

Example: Parsing a Modbus TCP Packet

Let’s say we have a Modbus TCP packet in hexadecimal format: 00 01 00 00 00 06 11 03 00 10 00 02.

  • Transaction Identifier: 00 01
  • Protocol Identifier: 00 00
  • Length: 00 06 (6 bytes following)
  • Unit Identifier: 11
  • Function Code: 03 (Read Holding Registers)
  • Data:
    • Starting Address: 00 10 (16 in decimal)
    • Quantity of Registers: 00 02 (2 in decimal)

Using a Library to Read Modbus Packets

There are many libraries available to help parse Modbus packets, such as pymodbus for Python. Here’s an example using pymodbus:

from pymodbus.client.sync import ModbusSerialClient as ModbusClient

Initialize the client

client = ModbusClient(method=‘rtu’, port=‘COM3’, baudrate=9600, timeout=1)

client.connect()

Read holding registers starting from address 16, quantity of 2

result = client.read_holding_registers(address=16, count=2, unit=1)

Access the data

if not result.isError():

print(result.registers)

else:

print(“Error reading Modbus packet”)

client.close()

This script initializes a Modbus RTU client, reads holding registers, and prints the result.

image
image1904×757 155 KB

Click here for detailed [Step by Step Procedure for Modbus Troubleshooting](https://automationforum.co/step-by-step-procedure-for-modbus-troubleshooting/)

conclusion

  1. Capture the Modbus packet using a suitable tool.
  2. Break down the packet into its components based on the Modbus protocol structure.
  3. Parse and interpret the data using a library or manually. By understanding the structure of Modbus packets and using the right tools, you can effectively read and interpret Modbus communications.
    image
    image1996×973 114 KB

Click here for knowing about Modbus Communication Protocol