What is Modbus?
Modbus is a serial communication protocol published by Modicon® in 1979 for use with programmable logic controllers (PLCs) and continues to be developed by Modicon. In simple terms, it is a method for transmitting information between electronic devices over serial lines.
In a standard Modbus network, there is a Server and up to 247 Clients, each with between 1 and 247 different addresses. The Client can write information as well as receive information from the Server.
Official Modbus technical information is available at http://www.modbus.org/.
What is Modbus Used For?
Modbus is an open protocol, meaning manufacturers can add it to their equipment without paying royalties. It has become a standard communication protocol in industry and is currently the most widely used protocol for connecting industrial electronic devices.
Modbus is a communication protocol that typically transmits signals from instrumentation and control devices to a master controller or data acquisition system, which receives data from, for example, the instrument measuring temperature and humidity and transmits this data to a system on a computer (SCADA, IOT platform).
The Modbus protocol is available in two different variants for serial (Modbus RTU and Modbus ASCII) and Ethernet (Modbus TCP) infrastructure.
How Modbus Works
Modbus is transmitted over serial lines between devices. The simplest setup would be a single serial cable connecting the serial ports on two devices, a Client and a Server. Data is sent as a sequence of ones and zeros called bits. Each bit is sent as a voltage. Zeros are sent as positive voltages and ones are sent as negatives. Bits are sent very quickly. A typical transmission rate is 9600 baud (9600 bits per second).
What are the Standard Modbus Registers?
The data is stored in four different tables in the Server device. Two tables store on/off state values (coils) and two tables store numeric values (registers). The coils and registers each have a read-only table and a read-write table. Each table has 9999 values. Each discrete input is 1 bit and is assigned a data address between 0000 and 270E. Each numeric value (register) is 1 word = 16 bits = 2 bytes and also has a data address between 0000 and 270E.
| Status and numerical values | Protocol data range | Table name |
| 00001 – 09999 | 0000h-270Eh | Output coils |
| 10001 – 19999 | 0000h-270Eh | Discrete inputs |
| 30001 – 39999 | 0000h-270Eh | Input registers |
| 40001 – 49999 | 0000h-270Eh | Holding registers |
What is Function Code?
The second byte sent by the client is the function code. This code tells the server which table to access and whether to read from or write to the table.
What is CRC?
CRC stands for Cyclic Redundancy Check. It is two bytes added at the end of each modbus message for error detection. Each byte in the message is used to calculate the CRC. The receiving device also calculates the CRC and compares it with the CRC from the sending device. If even one bit in the message is received incorrectly, the CRCs will be different and an error will occur.
How is the Modbus Sample Sequence?
Example: Server tries to read 12 coils starting from 00033 from PLC with Modbus address 2. 00040 and 00042 coils are set and others remain the same:
| Request | Answer | |
| Modbus ASCII | 3A 30 32 30 31 30 30 32 30 30 30 30 43 44 31 0D 0A | 3A 30 32 30 31 30 32 38 30 30 32 37 39 0D 0A |
| Modbus RTU | 02 01 00 20 00 0C 3D F6 | 02 01 02 80 02 1D FD |
| Modbus TCP | 00 05 00 00 00 06 02 01 00 20 00 0C | 00 05 00 00 00 05 02 01 02 80 02 |
What is the Difference Between Modbus ASCII and Modbus RTU?
Modbus RTU and Modbus ASCII speak the same protocol. The only difference is that the bytes transmitted over the wire are presented in binary in RTU and in readable ASCII with Modbus RTU. The important thing to note about RTU is that the RTU message does not have a “Start_of_text” indicator. In communication, the receiving party uses a “silent” period to determine the start of a new message. ASCII has a start of text token. Binary messages are shorter than ASCII and therefore theoretically faster to transmit/receive. You can be happy to see update rates of around 100 ms in your HMI/SCADA and you can choose between the two communications.
