MODBUS TCP
MODBUS TCP is a widely used industrial communication standard adapted to operate over Ethernet/TCP-IP networks.
Modbus TCP frame structure
The structure of a Modbus TCP frame can be seen below.
Modbus TCP frame structure | ||
|---|---|---|
Field | Size | Description |
Transaction ID | 2 bytes | This field allows pairing of transactions when a client sends multiple messages over the same TCP connection without waiting for prior responses. |
Protocol ID | 2 bytes | This field is always 0 for Modbus services. |
Length | 2 bytes | A byte count of the remaining fields including: the unit identifier byte, function code byte, and the data fields. |
Unit ID | 1 byte | This field is used to identify a remote server located on a non-TCP/IP network. |
Function code | 1 byte | Defines the register type. See function code table below for details. |
Data | N bytes | Contains the requested data (register addresses and values). |
Modbus register addressing
Modbus typically organizes data into four register types:
Modbus register addressing | ||||
|---|---|---|---|---|
Register type | Address range | Size | Read/write | Purpose |
Coils | 00001 - 09999 | 1-bit | Read/Write | Controls binary outputs (e.g., turning devices ON/OFF). |
Discrete inputs | 10001 - 19999 | 1-bit | Read-only | Stores binary input signals from e.g. sensors or switches. |
Input registers | 30001 - 39999 | 16-bit | Read-only | Stores input data (e.g., sensor readings or status) that the master can only read. |
Holding registers | 40001 - 49999 | 16-bit | Read/Write | Stores output or configuration data that the master can read and modify. |
Modbus function codes
Modbus function codes | |
|---|---|
Function code | Description |
01 | Read coils |
02 | Read discrete inputs |
03 | Read holding registers |
04 | Read input registers |
05 | Write single coil |
06 | Write single holding register |
15 | Write multiple coils |
16 | Write multiple holding registers |
Example
In Modbus communication, you can define the order in which data appears within register addresses. For example, if input registers are selected (see Modbus TCP configuration in network configuration commands for instructions) and you select roll, pitch, and heave as shown in the table below, roll will be stored in registers 30001 and 30002, pitch in 30003 and 30004, and so on. Since each value is stored as a 32-bit IEEE 754 single-precision floating-point number, it occupies two 16-bit Modbus registers.
Register address | Parameter | Data type | Unit | Register value (U16) decimal | Numerical value |
|---|---|---|---|---|---|
30001 | roll (MSB) | Single precision float (IEEE 754) | [deg] | 16405 | 2.34 |
30002 | roll (LSB) | 49807 | |||
30003 | pitch (MSB) | Single precision float (IEEE 754) | [deg] | 49084 | -1.47 |
30004 | pitch (LSB) | 10486 | |||
30005 | heave (MSB) | Single precision float (IEEE 754) | [m] | 48990 | -0.87 |
30006 | heave (LSB) | 47186 |
Let's examine how the roll value (2.34 degrees) is retrieved from Modbus registers.
Register address | Parameter | Data type | Unit | Register value (U16) binary | Register value (U16) decimal | Numerical value |
|---|---|---|---|---|---|---|
30001 | roll (MSB) | Single precision float (IEEE 754) | [deg] | 01000000 00010101 | 16405 | 2.34 |
30002 | roll (LSB) | 11000010 10001111 | 49807 |
These two 16-bit registers form a 32-bit binary word in big-endian format. When combined in big-endian order, the full 32-bit IEEE 754 floating-point representation is: 01000000 00010101 11000010 10001111.
IEEE 754 single-precision floating-point numbers are structured as follows:
Bit position | Component | Extracted bits |
|---|---|---|
Bit 1 | Sign (S) | 0 (positive) |
Bits 2-9 | Exponent (E) | 10000000 (decimal: 128) |
Bits 10-32 | Mantissa (M) | 00010101110000101000111 |
The roll value is computed using the IEEE 754 formula:
Roll value = (-1)s x 1.M x 2(E-127) = (-1)0 x 1.000101011100001010001112 x 2(128−127) = 1.16796875 x 21 = 2.3359375.
Due to rounding errors, the final roll angle is 2.34 degrees.
Note
When using several MRUs they must be configured with unique IP addresses to access data from the specified MRU and to avoid IP conflict.