Complete Guide to the Modbus Protocol for Industrial Automation
Key Takeaway
Modbus is an industrial communication protocol developed by Modicon in 1979 that uses a master/slave request-response model to exchange data between devices. It is available in three variants: Modbus RTU (serial RS-485/RS-232), Modbus ASCII (serial, human-readable), and Modbus TCP/IP (Ethernet). Modbus is the most widely deployed protocol in industrial automation, used in PLCs, RTUs, flow computers, drives, meters, and sensors across oil and gas, SCADA, building automation, and energy management applications.
Quick Answer
Modbus is an industrial communication protocol developed by Modicon in 1979 that uses a master/slave request-response model to exchange data between devices. It is available in three variants: Modbus RTU (serial RS-485/RS-232), Modbus ASCII (serial, human-readable), and Modbus TCP/IP (Ethernet). Modbus is the most widely deployed protocol in industrial automation, used in PLCs, RTUs, flow computers, drives, meters, and sensors across oil and gas, SCADA, building automation, and energy management applications.
What Is Modbus?
Modbus was developed by Modicon (now Schneider Electric) in 1979 as a simple, reliable protocol for connecting PLCs to field instruments. Its success stems from simplicity, openness, and universal support — Modbus is royalty-free, hardware-agnostic, and implemented by virtually every industrial device manufacturer. Four decades later, it remains the most widely deployed industrial communication protocol in the world.
Modbus Protocol Variants
- Modbus RTU — Binary encoding over serial RS-232 or RS-485. The most common variant for field devices. Uses CRC-16 error checking.
- Modbus ASCII — ASCII-encoded serial communication. Slower but human-readable for debugging. Uses LRC error checking. Largely replaced by RTU in modern installations.
- Modbus TCP/IP — Same data model wrapped in TCP/IP over Ethernet. Uses TCP port 502. No CRC (TCP handles error detection).
How Modbus Works
Modbus uses a master/slave request-response model. The master sends a request containing the slave address, function code, register address, and data. The slave processes the request and sends a response with the requested data or a confirmation. Only the master initiates communication — slaves respond only when polled.
Modbus Register Types and Data Model
Modbus organizes data into four register tables:
| Table | Type | Address | Width | Access |
|---|---|---|---|---|
| Coils | Discrete | 00001-09999 | 1 bit | Read/Write |
| Discrete Inputs | Discrete | 10001-19999 | 1 bit | Read-Only |
| Input Registers | Analog | 30001-39999 | 16-bit | Read-Only |
| Holding Registers | Analog | 40001-49999 | 16-bit | Read/Write |
Modbus Function Codes
Each Modbus transaction uses a function code that specifies the operation: FC01 (read coils), FC02 (read discrete inputs), FC03 (read holding registers), FC04 (read input registers), FC05 (write single coil), FC06 (write single register), and FC16 (write multiple registers) are the most commonly used.
Modbus RTU Physical Layer
RS-485 wiring for Modbus RTU requires shielded twisted pair cable in daisy-chain topology with 120-ohm termination resistors at both bus ends. RS-485 supports up to 32 devices per segment at distances up to 1200m at 9600 baud.
Modbus TCP/IP Overview
Modbus TCP runs on standard Ethernet using TCP port 502. It supports multiple simultaneous master connections and is the preferred variant for SCADA and DCIM integration in modern installations.
Data Types and Byte Order
Modbus registers are 16 bits wide, but real-world values (32-bit floats, 32-bit integers) span multiple registers. The byte order (big-endian, little-endian, byte-swapped) varies by manufacturer and is the most common source of incorrect readings in Modbus integration.
Modbus in Oil and Gas, SCADA, and Building Automation
- Oil and gas — Flow computers (ABB Totalflow), RTUs (SCADAPack, Bristol FB300), wellsite instruments, VFDs
- SCADA — Primary polling protocol for Ignition and Geo SCADA device connections
- Building automation — Power meters, energy management, HVAC equipment integration with enteliWEB via gateways
- Data centers — Power monitoring, UPS, PDU, and cooling equipment
Modbus Across NFM's Platform Ecosystem
Modbus is implemented across every hardware and software platform NFM Consulting works with:
- IDEC FC6A — Modbus RTU master/slave and Modbus TCP
- Allen- Bradley — Modbus via third-party modules or MSG instructions
- SCADAPack — Modbus RTU master/slave and TCP
- ABB Totalflow — Modbus RTU for GC polling, TCP for SCADA
Getting Started
- What Is Modbus?
- Modbus RTU vs Modbus TCP
- Function Codes
- Register Types
- RS-485 Wiring
- Data Types and Byte Order
Sub-Article Index
Frequently Asked Questions
Modbus is an industrial communication protocol developed by Modicon in 1979 that uses a master/slave request-response model. Available as Modbus RTU (serial), Modbus ASCII, and Modbus TCP (Ethernet), it is the most widely deployed protocol in industrial automation.
Modbus remains dominant because it is simple, royalty-free, supported by virtually every industrial device manufacturer, and requires no complex configuration. Thousands of legacy and new devices support Modbus as their primary interface.
Modbus RTU uses serial RS-485/RS-232 with binary encoding and CRC error checking. Modbus TCP uses Ethernet with the same data model wrapped in TCP/IP on port 502. Both use identical register addressing and function codes.
Standard Modbus has no built-in security — no authentication, encryption, or authorization. Security is enforced at the network level through segmentation, firewalls, and access controls.