Modbus Protocol Explained
The Modbus protocol works on a master/slave communication template (also often called the client/server model in modern networks). This means only the master (client) can request data, and typically, the PLC or automation controller is the master (client) in the network.
The master device can choose to broadcast messages or directly address devices on the network, and the slave devices can respond to directly addressed messages only. The slave devices can also perform actions based on the messages received from the master device.
Each message will have an address, a function code, a data register, and a cyclic redundancy check (CRC) register. The slave device will compare the message address, and if it’s a match to its assigned address, the device will execute the function code.
In Modbus networks, the master device initiates communication (requests) with the slave devices and the slave devices respond accordingly. Only the master device can send requests while the slave devices can only respond to requests. The messages exchanged between the master and slave devices consist of an address, a function code, a data register, and a cyclic redundancy check (CRC) register. When the slave device receives a message, it compares the address to its assigned address and if there’s a match, it will execute the function code.

Requesting information from slave devices and sending output commands to them both require the use of specific function codes. To request information from a slave device, the master uses one of the register read function codes; to send output commands to the slave, the master uses one of the register write function codes. Additionally, the slave devices can also generate output commands to the master, using the register write function code.
The Modbus protocol has a set of function codes for the master to use when requesting information from the slave devices, or sending them output commands. Additionally, there are also function codes that are used by the slave devices to generate output commands to the master. In order to request or send output commands to the slave, the master must use one of the register read or write function codes, respectively. These codes are two bytes long and are expressed in hexadecimal, with the most significant byte first (“big-endian”).
