Overview
Modbus is a classic communication protocol in the embedded field. Whether you are a beginner or an experienced engineer, it is useful to understand its basics.
1. What is Modbus?
As the name implies, Modbus is a bus protocol. Examples of communication protocols include serial port protocols, I2C, and SPI. The protocol was published by the Modbus organization. It is commonly used in industrial electronics and in products intended for the industrial market.
Modbus gained acceptance in the industrial sector for three main reasons:
- Publicly published with no licensing restrictions
- Easy to deploy and maintain
- Manufacturers have flexibility to modify local bits or bytes
In short: free, simple, and easy to modify. Modbus is a straightforward protocol used in industrial systems.
2. Purpose
In one word: communication. Protocols define how two parties interpret a sequence of transmitted data so that meaningful information can be exchanged.
3. Modbus Variants
Modbus has several common variants:
- Modbus-RTU
- Modbus-ASCII
- Modbus-TCP
A device typically supports one variant. Most industrial devices use Modbus-RTU, so learning RTU is usually sufficient; ASCII can be considered optional background.
4. Communication Model
Modbus uses a master-slave model. Communication is half-duplex: at any time the bus carries data from one party only. The master initiates transactions and slaves respond. If the master is not transmitting, the bus is idle. This is both a design choice and a limitation.
Example 1: On a bus with one master and multiple slaves, each slave must have a unique address so the master can query a specific slave. The master sends a request; the addressed slave replies; the master receives the response. That describes the basic master-to-slave transaction.
Example 2: This is analogous to a telephone call: you must know the other party's number (the unique address), you call them (master query), and they answer and speak back (slave response).
Note: Modbus has no built-in busy detection or arbitration for a slave that is already engaged; this must be handled at the application or software level if needed.
5. Modbus-RTU Protocol
RTU is the default Modbus mode and is required by the specification; ASCII is an optional mode. Because most devices use RTU, studying RTU covers the majority of use cases.
Frame Structure
Frame = Address + Function Code + Data + CRC
Address: 1 byte, range 0-255; valid slave addresses are 1-247. 255 is the broadcast address.
Function code: 1 byte, indicates the requested action (for example, read or write registers).
Data: Structure depends on the function code.
CRC: Cyclic redundancy check to detect transmission errors. If CRC does not match, the frame is discarded.
Practical Examples
In practice, the most commonly used function codes are 0x03 (read holding registers) and 0x06 (write single register). Use 0x03 to read sensor data and 0x06 to modify a register value. Other function codes exist but are used less frequently.
2.1 Read Function 0x03
Scenario: The master queries slave address 01. A PC-based Modbus debug tool acts as the master and an STM32 acts as the slave.
The exchanged bytes are:
Master sends: 01 03 00 00 00 01 84 0A Slave replies: 01 03 02 19 98 B2 7E
Interpreting this follows the frame structure: address + function code + data + CRC.
01 - Address, i.e. the sensor address 03 - Function code, 03 means read holding registers 00 00 - Starting register address (read from 0x0000) 00 01 - Number of registers to read (1 register) 84 0A - CRC (calculated from the first byte up to the byte before 84)
Response interpretation:
01 - Address, the responding sensor address 03 - Function code (slave echoes the master's function code if responding normally) 02 - Number of data bytes to follow (2 bytes per register) 19 98 - Register value (the register read returned 0x1998) B2 7E - CRC
Basic transaction pattern:
- Master sends: slave address + function code + start register address + number of registers + CRC
- Slave replies: slave address + function code + byte count + data + CRC
2.2 Write Function 0x06
To modify a slave register, use function code 0x06.
Master sends: 01 06 00 00 00 01 48 0A Slave replies: 01 06 00 00 00 01 48 0A
Although the request and response bytes appear identical, this is correct: the slave echoes the request to confirm the write.
01 - Target slave address 06 - Function code (06 means write single register) 00 00 - Register address to write (0x0000) 00 01 - Value to write into the register 48 0A - CRC
If the slave response matches the request, the write succeeded. If the function code in the response differs, the master should treat it as an error and handle it accordingly.
Write Multiple Registers 0x10
To write multiple consecutive registers, use function code 0x10. Its format is similar: master sends start address + number of registers + byte count + data; slave confirms with start address + number of registers.
RTU Summary
Key function codes to learn for RTU are:
- 0x03 — master sends start address + register count; slave replies with byte count + data
- 0x06 — master sends start address + data (single register); slave replies echoing the same
- 0x10 — master sends start address + register count + byte count + data; slave replies with start address + register count
6. Modbus-ASCII Protocol
RTU is sufficient for most usage, but a basic understanding of ASCII mode is useful.
Frame Format
RTU transmits raw binary bytes. ASCII mode sends two ASCII characters per byte. For example, a single byte 0x12 is sent as the ASCII characters '1' (0x31) and '2' (0x32). This makes ASCII transmission less efficient than RTU because it doubles the number of transmitted characters, but it is more human-readable on terminals and serial monitors.
Example: To send 0x03, RTU sends one byte 0x03. ASCII sends '0' and '3' (0x30 0x33). RTU requires fewer bits on the wire, while ASCII is easier to display and debug on a PC terminal since ASCII characters are printable.
Differences from the diagram:
- ASCII adds a start delimiter and uses CR/LF as end delimiters.
- Address and function fields are transmitted as ASCII pairs (2 characters each).
- Data framing is more verbose but easier to read.
ASCII Summary
Both RTU and ASCII are typically used over serial links such as RS-232 or RS-485 in half-duplex master-slave mode. The main difference is byte encoding: RTU uses binary bytes and relies on time gaps (3.5 character times) to delimit frames; ASCII uses explicit frame start and end delimiters. On RS-485 buses, up to 32 devices are typically allowed.
7. Notes
When a slave responds normally, the function code in the response matches the master's function code (1-127). In exception responses the function code is the original function code plus 128. This is how Modbus signals errors.
In common setups where a PC only has USB, a USB-to-TTL adapter combined with a TTL-to-RS485 transceiver is used to connect to a microcontroller-based device. This is a standard hardware arrangement to reach RS-485 devices.
