The Modbus protocol was created by Modicon in 1979 — back when the internet didn’t even exist, let alone 5G. It’s the “grandfather” of industrial communication, yet it’s still going strong today, used in PLCs, power meters, temperature and humidity sensors, and all kinds of industrial devices.
Modbus RTU is a serial protocol (RS485 or RS232 connection), while Modbus TCP is an Ethernet protocol (using a network port). They may “look alike” in structure, but they travel on completely different roads. Don’t think you can use the same driver for both — it won’t work.
Modbus is a “shy” protocol. It never sends data on its own; instead, the master device has to take turns polling each slave: “Got any data for me?” Unlike MQTT, it doesn’t push data automatically when available, so its real-time performance is somewhat limited.
Think Modbus has a lot of commands? In reality, you’ll mostly use just these:
01: Read coil (discrete output)
03: Read holding register (analog data)
05: Write single coil
06: Write single register
15/16: Write multiple coils/registers
Other function codes? Most people will never need them in their entire career.
Modbus transmits data in plain text. Anyone monitoring the network can see exactly what values you’re reading. If you want security, you’ll need to wrap it with VPN, TLS, or other encryption methods — otherwise, it’s easy for someone to eavesdrop or even alter your data.
In Modbus RTU, slave addresses range from 1 to 247. In theory, you can connect 247 slaves, but in practice, the more devices you have, the slower the polling becomes. Eventually, you’ll start seeing timeouts and dropped connections.
By the book:
03: Read holding register
04: Read input register
But many manufacturers don’t bother to separate them. They just put all data in the same space, so whether you use 03 or 04, you get the same data — just with a different label. Don’t overthink it.
If the documentation says 40001 and you literally put “40001” in your program, you’re in trouble. The slave might be completely confused — “Who’s that?” That’s because Modbus addresses start from 0. So 40001 = 0, 40002 = 1, and so on. This “addressing system” has been the cause of many headaches.
Every Modbus RTU message ends with a 2-byte CRC checksum to make sure the transmission isn’t corrupted. If the CRC is wrong, the slave won’t even acknowledge your request. Many times when a device seems “dead,” the CRC is the culprit.
Modbus is a standard protocol, but every manufacturer implements it differently. Some start addresses at 0, others at 1. Some put the high byte first, others the low byte. Some use integers, others floats. A “universal driver” sounds nice in theory, but in reality — be prepared for surprises.
