Hermes OSIndustrial Intelligence Platform
Back to the library

Industrial Protocols

Modbus TCP

Register model, function codes, and polling behavior.

OT Network

Overview

Modbus TCP wraps the venerable register-based protocol in Ethernet: simple, universal, and entirely without built-in security or data semantics.

Engineering purpose

Lowest-common-denominator integration with meters, drives, and legacy devices where simplicity beats sophistication.

How it works

Clients read/write holding and input registers by address using function codes; data meaning lives only in the register map document; polling rate times register count consumes the device's processing budget.

  • Modbus is register-based (4xxxx holding, 3xxxx input); off-by-one offsets are the most common mapping error.
  • It has no built-in security or data typing — compensate with segmentation and documented register maps.
  • Poll rate × register count must respect device processing limits; aggressive polling causes timeouts.

Common faults

Off-by-one addressing from 0-based versus 1-based conventions; timeouts from aggressive polling; 32-bit values assembled with wrong word order; undocumented register maps drifting from reality.

Diagnostic checks

  1. 1Test reads with a Modbus client tool against the documented register map.
  2. 2Check exception responses (illegal address/function) in the driver log.
  3. 3Reproduce reads with an independent Modbus test client against the documented map before debugging application code.

Safety notes

Modbus has no authentication: anything on the network segment can write registers, so segmentation and write-filtering are the security model.

Commissioning notes

Validate the register map end-to-end including word order and scaling, and record per-device polling budgets in the integration documentation.

Related concepts

Register model, function codes, addressing conventions, word order, polling budget, exception responses.

modbus · register · holding · function code · مدباس · رجیستر

Related engineering cases

Related articles

Industrial Protocols

Fieldbus and industrial Ethernet selection and diagnostics.

OPC UA

Information modeling, sessions, and security in OPC UA.

MQTT

Pub/sub topics, QoS, and edge telemetry patterns.

Siemens S7 Communication

PUT/GET, ISO-on-TCP (port 102), and data exchange between Siemens CPUs.

When Hermes Brain uses this article

Cited for Modbus value mismatches, timeouts, register-map confusion, and integration of legacy field devices.