Detailed explanation of the difference between Modbus RTU and Modbus TCP protocols

The Modbus communication protocol was invented by Modicon in 1979 and is the world’s earliest bus protocol used in industrial fields. Due to its free public release, manufacturers using the protocol do not need to pay any fees, so the Modbus protocol has been widely used around the world.

The Modbus communication protocol has multiple variants, the most common of which are Modbus RTU and Modbus TCP protocols.

The two protocols are very similar. Let’s take reading multiple holding registers as an example to illustrate the difference between them:

Modbus RTU communication sending format is: slave address 01 (indicating slave address) function code 03 (reading single/multiple holding registers) data starting address 00 00 (indicating starting from 40001) data number 00 02 (indicating reading two words) CRC check code xx xx (the CRC check code here is C4 0B), which together is 01 03 00 00 00 02 C4 0B. After sending it, the slave station will return data. The data format is: 01 03 04 01 02 03 04 5B 3C, where 01 slave station address, 03 function code reading, 04 number of data bytes, 01 02 03 04 data content, 5B 3C is the CRC check code.

DTU/Edge Gateway/IoT Platform/Gateway Module

The Modbus TCP protocol adds an MBAP header to the Modbus RTU protocol. Since TCP is a service based on reliable connections, the CRC check code in the RTU protocol is no longer needed, so there is no CRC check in the Modbus TCP protocol. Verification shows that the MBAP header is seven bytes in length. Except for the fifth and sixth bytes, the rest are basically unchanged. For example, using Modbus TCP to complete the above operation is to send 00 01 00 00 00 06 ff 03 00 00 00 02. The fifth and sixth bytes are 00 06, which means there are 6 bytes after 00 06.See the figure below for specific operations

DTU/Edge Gateway/IoT Platform/Gateway Module

The return value is 00 01 00 00 00 07 ff 03 04 01 02 03 04. The first 7 bytes are the MBAP message header, 03 function code reading, 04 data bytes, 01 02 03 04 represents the data content.

So the Modbus TCP protocol is actually the Modbus RTU protocol with the CRC check code removed, the previous slave address code removed, and then a 7-byte MBAP header added to the front.

DTU/Edge Gateway/IoT Platform/Gateway Module

Modbus TCP evolved based on Ethernet, and the physical interface determines its communication rate and verification method.

The above is the basic difference between the Modbus RTU and Modbus TCP protocols. It is described more clearly and I hope it can solve everyone’s doubts.

Contact Us