Every Modbus message has the same structure. There are four basic elements in these messages. The order of these elements is the same in each message, allowing easy parsing of Modbus message content. The conversation is initiated by a master in the Modbus network. The Modbus manager sends a message. Depending on the content of the message, the slave interprets the message and responds. Physical slave addressing in the message header is used to define which device should respond to a message. All other nodes in the Modbus network ignore the message if the address space does not match it. Modbus functions read and write to the slave's memory to configure its input and output.
Modbus devices contain a register map that indicates where the configuration is located. Input and output data can be written and read into this memory. The Modbus data model has a simple structure described in four basic data types. These are discrete inputs, coil outputs, input registers and output data. The case field of the message consists of the PDU(Protocol Data Unit) function code. A device's Modbus memory registers are organized around four basic data types. This data type is defined according to the first number found in the memory address of the devices.
The function code field specifies the record data group. Fields in the PDU are divided into bytes and grouped by field name. Many of the data types are named from their use in driving relays. For example, a single-bit physical output is called an inductor, and a single-bit physical input is called a contact or discrete input.
The function code field of the message contains a byte that tells the slave what action to take. Valid function codes are between 1 and 255. But not all codes are valid for a specific slave. Additionally, the Master request data field provides additional information requested by the slave. The slave's normal response repeats the original function code of the request. However, the slave's error response returns code equivalent to the original function code. So the slave returns 1 byte containing 8 binary bits. And it adds a code in the data field of the response message that tells the host device what kind of error it is.
Function code 01 is used to read adjacent registers from code 1 to 2000. Function code 02 read discrete inputs code is used to read 1 to 2000 contiguous registers of discrete inputs on a remote slave. Function code 03 read hold registers code is used to read the contents of adjacent hold blocks on a remote slave. Function code 04 read input registers code is used to read 1 to 125 contiguous input registers on a remote device. Function code 05 single coil code is used to write ON or OFF output on a remote slave device. Function code 06 single register write code is used to write a single holding register to a remote slave device. Function code 15 multi-coil write code is used to force each coil into a single set of coils. Function code 16 multiwrite is used to write a block of adjacent registers.
Communication with PLCs or auxiliary devices can be achieved with Modbus simulator software.