Skip to main content

What is Modbus TCP?

Modbus TCP is an industrial communication protocol that enables data acquisition from industrial devices over TCP/IP networks. It provides a standardized method for reading data from PLCs, sensors, and other industrial equipment using Ethernet infrastructure.

Device Profile Configuration

Connection Parameters

Configure the communication settings for your Modbus TCP device:
ParameterDescriptionDefault ValueRange/FormatRequired
HostIP address of the Modbus TCP device-IPv4 formatYes
PortTCP port number for Modbus communication5021-65535No
ReadingFrequencyInterval between reading cycles (ms)1000100-60000No
ConnectTimeOutConnection timeout duration (ms)1000500-30000No
ReceiveTimeOutResponse timeout duration (ms)1000500-30000No
DataFormatByte order for multi-register dataABCDABCD, BADC, CDAB, DCBANo

Data Format Options

The DataFormat parameter determines how multi-register values are interpreted:
  • ABCD: Big-endian, high word first (default)
  • BADC: Big-endian, low word first
  • CDAB: Little-endian, high word first
  • DCBA: Little-endian, low word first

Tag Configuration

Basic Tag Settings

Each tag represents a data point from your Modbus device and requires:
  1. Name: Descriptive identifier for the data point
  2. Address: Modbus address specification
  3. Data Type: Type of data to read
  4. Length: Number of registers to read (for String/Bytes only)
  5. Polling Interval: Individual polling frequency (0 = use device default)

Address Format

[s=station];[x=function];address[.bit]

Address Components

ComponentDescriptionDefaultExample
s=stationModbus station/slave ID1s=2
x=functionRead function code3x=4
addressRegister or coil number-100
.bitSpecific bit within a register-.5

Function Codes

Function CodeOperationAddress PrefixDescription
01Read Coilsx=1;Read discrete output coil status
02Read Discrete Inputsx=2;Read discrete input contact status
03Read Holding Registers(default)Read holding register values
04Read Input Registersx=4;Read input register values

Address Examples

Address FormatDescriptionFunction Code
100Holding register 10003
s=2;100Register 100 on station 203
x=4;100Input register 10004
s=2;x=4;100Input register 100 on station 204
100.0Bit 0 of holding register 10003
x=2;100Discrete input 10002
x=1;100Coil 10001

Data Types

Fixed-Size Data Types

Data TypeSize (Registers)Size (Bytes)DescriptionRange
Bool-1 bitBoolean value (coil/discrete)true/false
Short12 bytesSigned short integer-32,768 to 32,767
UShort12 bytesUnsigned short integer0 to 65,535
Int24 bytesSigned integer-2,147,483,648 to 2,147,483,647
UInt24 bytesUnsigned integer0 to 4,294,967,295
Float24 bytesSingle-precision floating pointIEEE 754 single precision
Long48 bytesSigned long integerLarge signed integer values
ULong48 bytesUnsigned long integerLarge unsigned integer values
Double48 bytesDouble-precision floating pointIEEE 754 double precision
DateTime48 bytesDate and time valueDate and time representation

Variable-Length Data Types

Data TypeDescriptionLength UsageCalculation
StringVariable-length string for text dataRequiredCharacters = Length × 2
BytesVariable-length byte data for binary dataRequiredBytes = Length × 2

Configuration Examples

Temperature Sensor

{
  "Name": "Temperature",
  "Address": "s=1;x=4;100",
  "DataType": "Float",
  "Length": 0,
  "PollingInterval": 1000
}

Pump Status

{
  "Name": "Pump Status",
  "Address": "s=2;x=1;50",
  "DataType": "Bool",
  "Length": 0,
  "PollingInterval": 500
}

Device Name String

{
  "Name": "Device Name",
  "Address": "s=2;x=4;400",
  "DataType": "String",
  "Length": 10,
  "PollingInterval": 5000
}

Energy Counter

{
  "Name": "Energy Counter",
  "Address": "s=1;x=4;500",
  "DataType": "UInt",
  "Length": 0,
  "PollingInterval": 2000
}

Variable-Length Data Configuration

String Data Type

  • Length: Number of registers to read for string data
  • Character Count: Each register contains 2 ASCII characters
  • Total Characters: Length × 2
Example: Length = 5 reads 5 registers containing 10 characters

Bytes Data Type

  • Length: Number of registers to read for binary data
  • Byte Count: Each register contains 2 bytes
  • Total Bytes: Length × 2
Example: Length = 4 reads 4 registers containing 8 bytes

Advanced Features

Bit-Level Reading

Read specific bits from registers by adding .bit to the address: 
Address: 100.5
Data Type: Bool
This reads bit 5 (0-indexed) from holding register 100.

Dynamic Data Format

Override the default data format for specific tags: 
Address: format=BADC;s=2;100
Data Type: Float
This reads a float value using BADC byte order instead of the default ABCD.

Best Practices

Performance Optimization

  1. Group Sequential Addresses: Place related tags in consecutive registers
  2. Optimize Polling Intervals: Use appropriate frequencies based on data change rates
  3. Minimize Station Queries: Group tags by station number
  4. Use Appropriate Data Types: Choose the most efficient data type
  5. Exact Length Sizing: Set Length to match exact data size for String/Bytes

Polling Interval Guidelines

  • Critical Data: 100-500ms for critical process data
  • Status Information: 1-5 seconds for status monitoring
  • Configuration Data: 10+ seconds for slowly changing data

Length Parameter Guidelines

  • String: Set Length based on expected text length
  • Bytes: Set Length based on binary data size
  • Performance: Avoid unnecessarily large Length values
  • Device Limits: Check device documentation for maximum register ranges

Troubleshooting

Connection Issues

IssuePossible CauseSolution
Connection TimeoutNetwork connectivity, wrong IP/portVerify network settings and device availability
Connection RefusedDevice not responding, firewall blockingCheck device status and network configuration
Intermittent DisconnectionsNetwork instability, timeout settingsAdjust timeout values and check network stability

Data Reading Errors

IssuePossible CauseSolution
Invalid AddressAddress doesn’t exist on deviceCheck device documentation for valid address ranges
Data Format ErrorWrong byte order for multi-register valuesAdjust DataFormat parameter (ABCD, BADC, etc.)
Function Code ErrorDevice doesn’t support function codeTry different function codes (03, 04, 01, 02)
Length Parameter ErrorWrong Length for String/BytesSet correct Length value for variable data types
Address Range ErrorLength exceeds available registersReduce Length or check device memory map

Diagnostic Steps

  1. Network Connectivity: Ping the device IP address
  2. Port Accessibility: Verify port 502 is accessible
  3. Address Validation: Check device memory map documentation
  4. Function Code Testing: Try reading with different function codes
  5. Data Format Testing: Test different byte order options
  6. Length Validation: Ensure Length parameter is correct for variable data types

Technical Specifications

Protocol Compliance

  • Modbus TCP: Full compliance with Modbus Application Protocol v1.1b3
  • Message ID Management: Automatic increment for request tracking
  • Error Detection: TCP-based error handling and timeout management
  • Data Integrity: Built-in validation and retry mechanisms

Performance Characteristics

  • Maximum Tags: Limited by device capacity and network bandwidth
  • Update Rate: Configurable from 100ms to 60 seconds per tag
  • Concurrent Devices: Multiple device connections supported
  • Data Throughput: Optimized for industrial monitoring applications

Memory Areas

Memory AreaFunction CodeAddress PrefixData TypesTypical Use
Coils01x=1;BoolDigital outputs status
Discrete Inputs02x=2;BoolDigital inputs status
Holding Registers03(default)All typesProcess variables, setpoints
Input Registers04x=4;All typesSensor readings, measurements