What is Modbus TCP?
Modbus TCP is an industrial communication standard based on the classic Modbus protocol, but operating over Ethernet and TCP/IP rather than serial communication (such as RS-485).
The protocol is widely used for simple and reliable communication between PLCs, HMIs, SCADA systems, Sensors, Actuators and I/O modules.
π§ What does Modbus TCP do?
Modbus TCP:
- Sends measurement and control data over standard Ethernet
- Uses the Modbus protocol as its application layer
- Sends messages over port 502 using TCP/IP
- Supports master-slave communication (one client driving multiple servers)
π§ Key characteristics
| Characteristic | Description |
|---|---|
| Protocol type | Open standard, free to use |
| Transport layer | TCP/IP (port 502) over Ethernet |
| Structure | Client/server (master/slave) |
| Message format | Contains a Modbus PDU within a TCP frame |
| Scalability | Multiple clients and servers possible |
| Read/write operations | Registers, coils, discrete inputs |
π¦ Example applications
- SCADA β PLC communication
- PLC β remote I/O or variable frequency drives
- Monitoring of energy or water meters
- Connecting HMIs to Sensors/Actuators
- Integrating existing installations with new systems
π Modbus TCP vs. Modbus RTU
| Aspect | Modbus TCP | Modbus RTU |
|---|---|---|
| Physical layer | Ethernet (RJ45, TCP/IP) | Serial (RS-232 / RS-485) |
| Speed | High (10/100/1000 Mbit/s) | Lower (typically 9.6β115.2 kbit/s) |
| Topology | Star or switched network | Bus structure |
| Compatibility | Modern networks and IT integration | Simple legacy systems |
| Addressing | IP addresses | Slave ID numbers |
π Examples of Modbus TCP devices
- Siemens, Schneider, ABB, WAGO PLCs
- HMI panels with Ethernet
- I/O modules from Advantech, Beckhoff, Phoenix Contact
- Smart energy meters and flow meters
β Benefits
- Simple and robust protocol
- Broadly supported by manufacturers
- Open standard with no licensing fees
- Easy to implement in SCADA or software platforms
π Note: security
Modbus TCP itself provides no built-in security. It is therefore important to:
- Use a Firewall
- Segment networks (e.g. via VLAN or DMZ)
- Allow Modbus communication only internally
- Make use of secured variants (such as Modbus over TLS)
π Deep dive: how does Modbus TCP work?
π€ 1. The client sends a request
The Modbus client (master) assembles a TCP message containing:
- A Modbus Application Protocol (MBAP) header (7 bytes)
- A PDU (Protocol Data Unit) with:
- Function code (such as βread registerβ = 0x03)
- Start address (e.g. 40001)
- Number of registers to read or write
Example:
Read 4 registers starting at address 40001 (function code 0x03).
This is sent over port 502 via TCP/IP to the IP address of the Modbus TCP device.
π₯ 2. The server receives and processes the message
The Modbus server (slave) receives the message and performs the following:
- Validates the instruction (address, type, access)
- Reads or writes the requested registers or coils
- Constructs a response with the requested data (or error code)
π 3. Response back to the client
The server sends a Modbus TCP response back over the same TCP connection. It contains:
- The original MBAP header (with transaction ID)
- Function code (possibly with the error bit set)
- Read values or confirmation of the successful action
In case of an error (e.g. invalid address), an error code is returned with the high bit of the function code set to 1 (e.g. 0x83 = error in 0x03).
π§ͺ Sample exchange
- Client sends: βRead 2 registers from 40001β
- Server responds: βRegister 40001 = 123, Register 40002 = 456β
- The client processes this data for monitoring or control
π§ Common function codes
| Function code | Description |
|---|---|
0x01 |
Read discrete outputs (coils) |
0x02 |
Read discrete inputs |
0x03 |
Read holding registers |
0x04 |
Read input registers |
0x05 |
Write single coil |
0x06 |
Write single register |
0x10 |
Write multiple registers |
π In summary
Modbus TCP is a simple and widely used Ethernet protocol for communication between industrial devices. It combines the simplicity of the Modbus protocol with the speed and flexibility of modern Ethernet networks.