Modbus Master-Slave Communication

An accurate visualization of Modbus protocol communication & security vulnerabilities

Modbus is a serial communication protocol developed in 1979 for use with programmable logic controllers (PLCs). It has become a de facto standard in industrial communication and is now commonly used for connecting industrial electronic devices.

Network Architecture

Master (Client)

Initiates communication by sending requests to slaves

Slave (Server)

Responds to the master's requests by providing data or performing actions

Device Addressing

Each slave has a unique address (1-247)

Network Topology

Only one master can exist on a standard Modbus network

Interactive Modbus Communication Simulation

Experience real-time industrial communication protocols and security vulnerabilities

Configuration Panel

Network Topology

MASTER
Function: Read Holding Registers
Target: Slave 1
Initiates all communication
SLAVE ID: 1
Status:Idle
Registers: 40001-40003
Temperature Sensor
SLAVE ID: 2
Status:Idle
Registers: 40101-40103
Pressure Controller
SLAVE ID: 3
Status:Idle
Registers: 40201-40203
Flow Meter
🚨

Real-Time Device Data

Slave 1

Idle
Temperature Sensor
Holding Registers
0x00A1
Addr: 40001
0x00B2
Addr: 40002
0x00C3
Addr: 40003
Digital Coils
1
2
3
4
5
6
7
8
Addresses: 1 - 8

Slave 2

Idle
Pressure Controller
Holding Registers
0x0145
Addr: 40101
0x0278
Addr: 40102
0x03AB
Addr: 40103
Digital Coils
1
2
3
4
5
6
7
8
Addresses: 101 - 108

Slave 3

Idle
Flow Meter
Holding Registers
0x0064
Addr: 40201
0x00C8
Addr: 40202
0x012C
Addr: 40203
Digital Coils
1
2
3
4
5
6
7
8
Addresses: 201 - 208

📡 Communication Log

🟢 System initialized. Ready for Modbus communication.

Modbus Frame Structure

Interactive visualization of Modbus RTU and TCP/IP frame structures with real-world examples

RTU Frame Format

Slave Address
(1 byte)
Function Code
(1 byte)
Data
(n bytes)
CRC
(2 bytes)
CRC: Cyclic Redundancy Check for error detection

RTU Protocol Benefits

The RTU (Remote Terminal Unit) frame uses a compact binary format optimized for serial communication. The CRC ensures data integrity across noisy industrial environments, making it ideal for RS-485 networks where reliability is critical.

TCP/IP Frame Format

Transaction ID
(2 bytes)
Protocol ID
(2 bytes)
Length
(2 bytes)
Unit ID
(1 byte)
Function Code
(1 byte)
Data
(n bytes)
MBAP Header: Modbus Application Protocol (Transaction ID + Protocol ID + Length + Unit ID)

TCP/IP Protocol Benefits

Modbus TCP/IP extends the protocol for Ethernet networks. It replaces CRC with TCP's built-in error detection and adds the MBAP header for transaction management, enabling multiple simultaneous connections and better scalability in modern industrial networks.

Example: Read Holding Registers (Function 03)

Request Frame

01
Slave ID
03
Function Code
00 6B
Starting Address
00 03
Quantity
76 87
CRC

Response Frame

01
Slave ID
03
Function Code
06
Byte Count
02 2B
Register 1
00 00
Register 2
00 64
Register 3
B9 AF
CRC

Request Analysis

This request asks slave device 01 to read 3 holding registers starting from address 107 (0x006B). Function code 03 specifically targets holding registers, commonly used for process values.

Response Analysis

The response contains 6 bytes of data (3 registers × 2 bytes each). Values: Register 1 = 555 (0x022B), Register 2 = 0 (0x0000), Register 3 = 100 (0x0064).