Modbus TCP is a communication protocol used in industrial automation. It lets PLCs (programmable logic controllers), sensors, HMIs (human-machine interfaces), and SCADA systems talk to each other over standard Ethernet networks.

Think factory floor equipment, building automation, and industrial IoT devices.

How It Works

Modbus TCP wraps traditional Modbus protocol in TCP/IP packets. Uses port 502 by default.

Client-server model:

  • Client (master) requests data
  • Server (slave) responds with sensor readings, control states, etc.

One client can communicate with multiple servers on the same network.

What Modbus TCP Reads/Writes

Industrial devices expose data as registers:

Coils (0x): Single bit read/write (digital outputs, relays) Discrete Inputs (1x): Single bit read-only (sensors, switches) Input Registers (3x): 16-bit read-only (analog sensors, meters) Holding Registers (4x): 16-bit read/write (setpoints, parameters)

Example: A temperature sensor might expose its reading as Input Register 30001, returning a value like 2350 (23.5°C).

Common Uses

Factory automation: PLCs controlling conveyor belts, robotic arms, assembly lines

Building management: HVAC systems, lighting controls, energy meters

Water/wastewater: Pump controls, flow meters, level sensors

Oil and gas: Pipeline monitoring, pressure sensors, valve controls

Energy: Solar inverters, battery systems, grid monitoring

Modbus TCP vs Modbus RTU

Modbus RTU: Serial communication (RS-485). Older standard, slower, used when Ethernet isn't available.

Modbus TCP: Ethernet-based. Faster, easier to integrate with modern networks, longer distances.

Most new installations use Modbus TCP. Legacy systems often use RTU.

Setting Up Modbus TCP Devices

Network configuration:

  • Assign static IP to each device
  • Use separate VLAN for industrial network (security best practice)
  • Port 502 must be open on firewall

Common issues:

  • IP conflicts (always use static IPs)
  • Wrong register addressing (check device documentation)
  • Firewall blocking port 502
  • Network switch not handling industrial traffic properly

Security Concerns

Modbus TCP has no built-in security. No authentication, no encryption.

Best practices:

  • Isolate industrial network from IT network
  • Use VLANs and firewall rules
  • VPN for remote access
  • Never expose Modbus devices directly to internet
  • Consider Modbus TCP Security (adds TLS encryption)

Industrial networks get targeted. Segmentation is critical.

Software Tools

Testing/troubleshooting:

  • ModScan (Windows Modbus scanner)
  • Modbus Poll/Slave (simulation and testing)
  • pyModbus (Python library)
  • Node-RED (visual automation with Modbus nodes)

SCADA platforms:

  • Ignition
  • FactoryTalk
  • WinCC
  • Wonderware

Bottom Line

Modbus TCP is the standard protocol for industrial Ethernet communication. Simple, widely supported, but requires proper network segmentation for security.

If you're connecting PLCs, sensors, or industrial equipment over Ethernet, you're probably using Modbus TCP on port 502.

Always use static IPs, isolate from IT networks, and document your register mappings.