问题描述:

I have captured the protocol analyzer logs from RS485 serial connection between RTU device and the equipment which is to be monitored. I am newbee to this. I have read through Modbus and RS485. Found that every frame will have Slave address, Function code, DATA and CRS with start and end of the frame of 305 charcaters. I am trying to decode the protocol analyzer logs but unable to get theu clue. Please help me on this.

These are the logs which I need to understand

=============================================================

Record = 1 05.23.15 13:29:29.000000000

RTS:OFF DTR:OFF CTS:OFF DSR:OFF CD:ON

Record = 2 (DTE) 05.23.15 13:29:29.127439596 00 NUL

Record = 3 (DTE) 05.23.15 13:29:29.127986496 37 7

Record = 4 (DTE) 05.23.15 13:29:29.128741696 17 ETB

Record = 5 (DTE) 05.23.15 13:29:29.129184396 ED ...

Record = 6 (DTE) 05.23.15 13:29:29.129757296 F2 ...

Record = 7 (DTE) 05.23.15 13:29:29.130486496 FD ...

Record = 8 (DTE) 05.23.15 13:29:29.131007296 D5 ...

Record = 9 (DCE) 05.23.15 13:29:29.559109485 91 ...

Record = 10 (DCE) 05.23.15 13:29:29.559630385 10 DLE

Record = 11 (DCE) 05.23.15 13:29:29.560151185 2F /

Record = 12 (DCE) 05.23.15 13:29:29.560678485 B0 ...

Record = 13 (DCE) 05.23.15 13:29:29.561199385 00 NUL

Record = 14 (DCE) 05.23.15 13:29:29.561720185 01 SOH

Record = 15 (DCE) 05.23.15 13:29:29.562247485 02 STX

Record = 16 (DCE) 05.23.15 13:29:29.562768385 00 NUL

Record = 17 (DCE) 05.23.15 13:29:29.563289185 01 SOH

Record = 18 (DCE) 05.23.15 13:29:29.563816485 0F SI

Record = 19 (DCE) 05.23.15 13:29:29.564337385 64 d

Record = 20 (DTE) 05.23.15 13:29:29.707291982 00 NUL

Record = 21 (DTE) 05.23.15 13:29:29.707838882 37 7

Record = 22 (DTE) 05.23.15 13:29:29.708594082 17 ETB

Record = 23 (DTE) 05.23.15 13:29:29.709036682 ED ...

Record = 24 (DTE) 05.23.15 13:29:29.709609682 F2 ...

Record = 25 (DTE) 05.23.15 13:29:29.710338782 FD ...

Record = 26 (DTE) 05.23.15 13:29:29.710859682 D5 ...

Record = 27 (DCE) 05.23.15 13:29:30.142926671 91 ...

Record = 28 (DCE) 05.23.15 13:29:30.143447471 10 DLE

Record = 29 (DCE) 05.23.15 13:29:30.143974871 2F /

Record = 30 (DCE) 05.23.15 13:29:30.144495671 B0 ...

Record = 31 (DCE) 05.23.15 13:29:30.145016471 00 NUL

Record = 32 (DCE) 05.23.15 13:29:30.145543871 01 SOH

Record = 33 (DCE) 05.23.15 13:29:30.146064671 02 STX

Record = 34 (DCE) 05.23.15 13:29:30.146585471 00 NUL

Record = 35 (DCE) 05.23.15 13:29:30.147112871 01 SOH

Record = 36 (DCE) 05.23.15 13:29:30.147633671 0F SI

Record = 37 (DCE) 05.23.15 13:29:30.148154470 64 d

Record = 38 (DTE) 05.23.15 13:29:30.287254967 00 NUL

Record = 39 (DTE) 05.23.15 13:29:30.287801867 37 7

=============================================================

网友答案:

Looking at the time stamps, this seems to be one message: 91 10 2F B0 00 01 02 00 01 0F 64. It actually appears twice in your log.

The interpretation should be:

  • 91 Slave address (145 dec)
  • 10 Function code (16 dec) = Write registers
  • 2F Start address (Most significant byte)
  • B0 Start address (Least significant byte)
  • 00 Number of registers (Most significant byte)
  • 01 Number of registers (Least significant byte)
  • 02 Byte count (2 bytes will follow)
  • 00 Data (Most significant byte)
  • 01 Data (Least significant byte)
  • 0F CRC (checksum)
  • 64 CRC (checksum)

It is a message from the master (computer) to a slave (instrument). Basically it says: Write one register on instrument with slave address 145. The register address is 2FB0 (hex), and the data value is 0001 (hex).

I have written about how to interpret Modbus RTU messages in the documentation of my Python Minimalmodbus module:

  • https://minimalmodbus.readthedocs.org/en/master/modbusdetails.html
  • https://minimalmodbus.readthedocs.org/en/master/debugmode.html

What information register 2FB0 (hex) holds is described in the documentation of your instrument.

相关阅读:
Top