ModPackQTTutorialsUnder the Hood0/4 completeAnatomy of a Modbus TCP Frame
Identify every byte in a real Modbus TCP frame.
A Modbus TCP request has two parts: the MBAP header (6 bytes) and the PDU (variable).
MBAP Header (6 bytes): • Bytes 0–1: Transaction ID — the master chooses a number (e.g. 0x0001); the slave echoes it back so responses can be matched to requests. • Bytes 2–3: Protocol ID — always 0x0000 for Modbus. • Bytes 4–5: Length — number of bytes that follow (Unit ID + PDU). • Byte 6: Unit ID — the slave address (same as RTU address).
PDU (Protocol Data Unit): • Byte 0: Function Code (e.g. 0x03 = Read Holding Registers) • Bytes 1–2: Starting address (big-endian) • Bytes 3–4: Quantity of registers (big-endian)
Total for an FC03 request: 6 (MBAP) + 1 (Unit ID) + 1 (FC) + 2 (addr) + 2 (qty) = 12 bytes.
In the sandbox below, click each colored byte chip to see what field it belongs to.
Click all 6 byte chips that make up the MBAP header.
Click each byte chip to learn what it carries. The frame below is a real Modbus TCP FC03 request — read 4 holding registers from slave 1.