Each device intended to communicate using Modbus is given a unique address.
A Modbus command contains the Modbus address of the device it is intended for. Only the intended device will act on the command, even though other devices might receive it (an exception is specific broadcast-able commands sent to node 0 which are acted upon but not acknowledged).
All Modbus commands contain checking information, ensuring that a command arrives undamaged.
The basic Modbus commands can instruct a Remote Terminal Unit to change a value in one of its registers, control or read an I/O port; as well as commanding the device to send back one or more values contained in its registers.
Limitations of Modbus TCP
Modbus was designed in the late 1970s to communicate to programmable logic controllers, the number of data types is limited to those understood by PLCs at the time. Large binary objects are not supported.
No standard way exists for a node to find the description of a data object, for example, to determine if a register value represents a temperature between 30 and 175 degrees.
Since Modbus is a master/slave protocol, there is no way for a field device to “report by exception” (except over Ethernet TCP/IP, called open-mbus)
Modbus is restricted to addressing 247 devices on one data link, which limits the number of field devices that may be connected to a master station (once again Ethernet TCP/IP proving the exception).
Modbus transmissions must be contiguous which limits the types of remote communications devices to those that can buffer data to avoid gaps in the transmission.
