Modbus Protocol | Electronic Communication Structure

Modbus protocol

Modbus protocol is a messaging structure, wide accustomed establish master-slave communication between intelligent devices. A MODBUS message sent from a master to a slave contains the address of the slave, the ‘command’ (e.g. ‘read register’ or ‘write register’), the data, and a check add (LRC or CRC).
Since Modbus protocol is simply a electronic communication structure, it’s independent of the underlying physical layer. it’s traditionally implemented using RS232, RS422, or RS485the main reasons for the employment of Modbus within the industrial surroundings are:

  • developed with industrial applications in mind,
  • openly published and royalty-free,
  • easy to deploy and maintain,
  • moves raw bits or words without placing many restrictions on vendors.

Modbus allows communication among several devices connected to constant network, as an example, a system that measures temperature and wetness and communicates the results to a laptop. Modbus is usually wont to connect a higher-up laptop with a distant terminal unit (RTU) in higher-up management and information acquisition (SCADA) systems. several of the info sorts are named from its use in driving relays: a single-bit physical output is termed a coil, and a single-bit physical input is termed a separate input or a contact.

Protocol versions

Versions of the Modbus protocol exist for port and for LAN and alternative protocols that support the web protocol suite. There ar several variants of Modbus protocols:
• ModbusRTU- this is often employed in serial communication and makes use of a compact, binary illustration of the info for protocol communication. The RTU format follows the commands/data with a cyclic redundancy check verification as a mistake check mechanism to confirm the reliability of data. Modbus RTU is that the most typical implementation available for Modbus. A Modbus RTU message should be transmitted continuously while not inter-character hesitations. Modbus messages are framed (separated) by idle (silent) periods.
• Modbus ASCII – this is often employed in serial communication and makes use of ASCII characters for protocol communication. The ASCII format uses a check verification. Modbus ASCII messages ar framed by leading colon (“:”) and trailing newline (CR/LF).
• Modbus TCP/IP or Modbus TCP- this is often a Modbus variant used for communications over TCP/IP networks, connecting over port 502. It doesn’t need a verification calculation, as lower layers already give verification protection.
• Modbus over communications protocol/IP or Modbus over communications protocol or Modbus RTU/IP- this is often a Modbus variant that differs from Modbus TCP in this a verification is enclosed within the payload like Modbus RTU.
• Modbus over UDP — Some have experimented with victimization Modbus over UDP on ip networks, that removes the overheads needed for communications protocol.
• Modbus and (Modbus+, MB+ or MBP) — Modbus and is proprietary to Schneider electrical and in contrast to the opposite variants, it supports peer-to-peer communications between multiple masters. It needs a dedicated co-processor to handle quick HDLC-like token rotation. It uses twisted try at one Mbit/s and includes electrical device isolation at every node, that makes it transition/edge-triggered rather than voltage/level-triggered. Special hardware is needed to attach Modbus and to a laptop, generally a card created for the ISA, PCI or PCMCIA bus.
• Pemex Modbus — this is often an extension of normal Modbus with support for historical and flow knowledge. it had been designed for the Pemex oil and gas company to be used in method management and ne’er gained widespread adoption.
• Enron Modbus — this is often another extension of normal Modbus developed by Enron Corporation with support for 32-bit whole number and floating-point variables and historical and flow knowledge. knowledge varieties are mapped using customary addresses.[8] The historical knowledge serves to fulfill an yank fossil oil Institute (API) industry standard for a way data ought to be keep

Communication and devices

Each device meant to communicate using Modbus is given a singular address. In serial and MB+ networks, only the node appointed because the Master might initiate a command. On LAN, any device will transmit a Modbus command, though typically only 1 master device will thus. A Modbus command contains the Modbus address of the device it’s meant for (1 to 247). solely the meant device can act on the command, despite the fact that different devices would possibly receive it (an exception is restricted broadcast able commands sent to node zero, that area unit acted on however not acknowledged). All Modbus commands contain check data to permit the recipient to notice transmission errors. the fundamental Modbus commands will instruct an RTU to vary the worth in one in every of its registers, management or browse an I/O port, and command the device to remit one or a lot of values contained in its registers.
There are several modems and gateways that support Modbus, because it could be a terribly easy and sometimes traced protocol. a number of them were specifically designed for this protocol. completely different implementations use wire line, wireless communication, like within the belief band, and even Short Message Service (SMS) or General Packet Radio Service (GPRS). one in every of the a lot of common styles of wireless networks makes use of mesh networking. Typical issues that designers ought to overcome embrace high latency and temporal order problems.

The Request

The perform code within the request tells the addressed slave device what reasonably action to perform. the {information} bytes contains any extra information that the slave can ought to perform the perform. as an example, perform code 03 can request the slave to browse holding registers and respond with their contents. the data field should contain the knowledge telling the slave that register to start out at and the way several registers to browse. The error check field provides a technique for the slave to validate the integrity of the message contents.

The Response

If the slave makes a standard response, the operate code within the response is an echo of the operate code within the request. the info bytes contain the info collected by the slave, like register values or standing. If an error occurs, the operate code is modified to point that the response is an error response, and the data bytes contain a code that describes the error. The error check field permits the master to confirm that the message contents are valid.
Controllers may be setup to speak on standard Modbus networks using either of 2 transmission modes: code or RTU.


When controllers are setup to communicate on a Modbus network using ascii Code for info Interchange|ASCII|code|computer code} (American Standard Code for Information Interchange) mode, every eight-bit computer memory unit during a message is distributed as 2 American Standard Code for Information Interchange characters. the most advantage of this mode is that it permits time intervals of up to 1 second to occur between characters while not inflicting an error.

Coding System
Hexadecimal ASCII printable characters 0 … 9, A … F
Bits per Byte 
1 start bit
7 data bits, least significant bit sent first
1 bit for even / odd parity-no bit for no parity
1 stop bit if parity is used-2 bits if no parity
Error Checking
Longitudinal Redundancy Check (LRC)

RTU Mode 

When controllers are setup to communicate on a Modbus network using RTU (Remote Terminal Unit) mode, every eight-bit computer memory unit in a very message contains 2 four-bit hex characters. the most advantage of this mode is that its larger character density permits higher knowledge turnout than computer code for a similar information measure. every message should be transmitted in a very continuous stream.

Coding System 
Eight-bit binary, hexadecimal 0 … 9, A … F
Two hexadecimal characters contained in each eight-bit field of the message
Bits per Byte 
1 start bit
8 data bits, least significant bit sent first
1 bit for even / odd parity-no bit for no parity
1 stop bit if parity is used-2 bits if no parity
Error Check Field
Cyclical Redundancy Check (CRC)

In ascii mode, messages begin with a colon ( : ) character (ASCII 3A hex), and finish with a carriage return-line feed (CRLF) combine (ASCII 0D and 0A hex).
The allowable characters transmitted for all alternative fields ar hexadecimal zero … 9, A … F. Networked devices monitor the network bus endlessly for the colon character. once one is received, every device decodes successive field (the address field) to search out out if it’s the addressed device.
Intervals of up to at least one second will glide by between characters at intervals the message. If a larger interval happens, the receiving device assumes an error has occurred. A typical message frame is shown below.


RTU Framing

In RTU mode, messages begin with a silent interval of a minimum of three.5 character times. this is often most simply implemented as a multiple of character times at the baud rate that’s being employed on the network (shown as T1-T2-T3-T4 within the figure below). the primary field then transmitted is that the device address.
The allowable characters transmitted for all fields are hex zero … 9, A … F. Networked devices monitor the network bus continuously, as well as throughout the silent intervals. once the primary field (the address field) is received, every device decodes it to search out out if it’s the self-addressed device.
Following the last transmitted character, the same interval of a minimum of three.5 character times marks the top of the message. a brand new message will begin when this interval.

The entire message frame must be transmitted as a continuous stream. If a silent interval of more than 1.5 character times occurs before completion of the frame, the receiving device flushes the incomplete message and assumes that the next byte will be the address field of a new message.
Similarly, if a new message begins earlier than 3.5 character times following a previous message, the receiving device will consider it a continuation of the previous message. This will set an error, as the value in the final CRC field will not be valid for the combined messages. A typical message frame is shown below.

Address Field 
The address field of a message frame contains two characters (ASCII) or eight bits (RTU). The individual slave devices are assigned addresses in the range of 1 … 247.

Function Field

The Function Code field tells the addressed slave what function to perform.
The following functions are supported by Modbus poll


The data field contains the requested or send data.

Contents of the Error Checking Field
Two kinds of error-checking methods are used for standard Modbus networks. The error checking field contents depend upon the method that is being used.


When ascii mode is used for character framing, the error-checking field contains 2 code characters. The error check characters are the results of a Longitudinal Redundancy Check (LRC) calculation that’s performed on the message contents, exclusive of the start colon and terminating CRLF characters.
The LRC characters are appended to the message because the last field preceding the CRLF characters.


When RTU mode is employed for character framing, the error-checking field contains a 16-bit worth implemented as 2 eight-bit bytes. The error check worth is that the results of a alternate Redundancy Check calculation performed on the message contents.
The CRC field is appended to the message because the last field within the message. once this can be done, the low-order computer memory unit of the sphere is appended 1st, followed by the high-order computer memory unit. The CRC high-order computer memory unit is that the last computer memory unit to be sent within the message.

Leave a comment