Modbus TCP is a protocol for communicating with instruments via a network. Modbus RTU is a serial port communication protocol. Modbus, manufactured by Modicon, currently Schneider Electric. RTU stands for “Remote Terminal Unit”. TCP stands for “Transmission Control Protocol”. Used by equipment, instruments, PLC or in computer software.
SCADA software uses this protocol for data acquisition.
Modbus RTU can be via serial cable, RS232 or RS485. Modbus TCP can be via ethernet or wifi. Direct connection, usually via ethernet, is a cable that connects the computer to the equipment. Data is sent and received by SCADA software.
Example:
The equipment can generally be called a server, and the SCADA computers called clients.
Modbus RTU
The network is accessed via serial cables. Serial cables are configured in relation to speed, the name is “baudrate”, bits per second. For example 1200, 2400, 9600, 19200, 57600, 115200, etc. Can have parity: Even, Odd, Mark or Space. The number of data bits is also defined. The serial can be configured with “flow control”, Xon/Xoff, Hardware or more advanced. Generally, in Modbus, the maximum waiting time for the equipment’s response is configured. For example 1000ms.
Example of a list of bytes sent on Modbus RTU:
A byte with its address. A byte with the function number. Two bytes with the variable address. Two bytes with the number of variables. Two bytes with CRC. (Cyclic redundancy check). Calculator to check if the bytes are correct.
List of bytes received from Modbus RTU:
One byte with its address. One byte with the function number. One byte with the number of nearby bytes. Bytes with the result of the variable value. Two bytes with CRC.
MODBUS TCP
The network is accessed via the equipment’s IP. Generally the port is 502 in Modbus TCP. The received and sent bytes are called a frame. They send whatever equipment, address and function you want.
Example of a list of bytes sent in Modbus TCP:
Two bytes with the ID of the information. The transaction identifier. Two bytes with a value of zero. Protocol identifier. Two bytes with the number of bytes in the frame. One byte with the equipment address number. Unit identifier. One byte with the function number. Two bytes with the address of the information. Two bytes with the size of the information.
List of bytes received from Modbus:
Two bytes with the ID of the information. The transaction identifier. Two bytes with a value of zero. Protocol identifier. Two bytes with the number of bytes in the frame. One byte with the equipment address number. Unit identifier. Bytes with the result of the variable value.
Functions
Some available Modbus functions are:
1: Readings of digital variables that can be read and written. Coil. 2: Readings of digital variables that can only be read. Discrete input. 3: Readings of analog variable addresses that can be read and written. Holding register. 4: Readings of analog variable addresses that can only be read. Input register. 5: Writing digital variables. 6: Writing analog variables.
Example of request to read an analog variable that can be written. Frame:
00 03 00 00 00 06 01 03 00 00 00 01
ID: 00 03
Protocol: 00 00
Number of bytes: 00 06
Equipment unit: 01
Function: 03
Address: 00 00
Quantity: 00 01
Example of the Modbus response of the analog variable. Frame:
00 03 00 00 00 05 01 03 02 00 01
ID: 00 03
Protocol: 00 00
Number of bytes: 00 05
Equipment unit: 01
Function: 03
Number of bytes in the result: 02
Result: 00 01
There are several types of analog variables in Modbus.
Initially two bytes are used. For example WORD or INTEGER. Sometimes four bytes are used. For example FLOAT or LONG INTEGER. In the case of digital variables, each bit is sent in the bytes of the frame. In WORD, the value ranges from 0 to 65535.
There is the option to read or write several variables in the same frame.