— Hardware, Simulators & Workflow
(Module 5 · Development & Implementation – Bringing Modbus to Life)
Why this chapter matters
Theory is useless until bytes hit copper. Whether you are a student with a Raspberry Pi, an automation engineer doing a factory FAT, or an IIoT developer bridging brown-field devices to the cloud, you need a repeatable, instrumented lab. This chapter delivers a blueprint—from the exact USB-to-RS-485 dongle to Wireshark capture filters—so you can reproduce every example in the rest of Module 5.
Learning objectives
- Select cost-effective yet industry-realistic hardware for RTU and TCP experiments.
- Install & configure the four reference simulators (master + slave, GUI + CLI).
- Wire a robust, bias-correct RS-485 loop and verify signal quality with an oscilloscope.
- Capture & decode Modbus traffic using serial monitors and Wireshark.
- Document your lab in a way that future you—or the audit team—can reconstruct in minutes.
14.1 Bill-of-materials (BOM)
| Qty | Component | Model / spec | ₹ / US$ | Role |
|---|---|---|---|---|
| 1 | Laptop / PC | Any ×64 Win 10+/Linux | — | Primary master & analysis node |
| 1 | USB-to-RS-485 converter | Waveshare FT232 / CH340 + MAX485 | ₹650 / $12 | Serial gateway |
| 1 | Industrial-grade RS-485 slave | Wago 750-652 RTD input | ₹14 k / $160 | Real hardware realism |
| 1 | DIY slave (optional) | ESP32 DevKit v4 + MAX3485 | ₹800 / $10 | Firmware exercises |
| 1 | Ethernet switch | Fan-less 5-port GigE, VLAN-capable | ₹2 k / $25 | TCP segment |
| 2 | RJ-45 patch cables | Cat-5e, 2 m | ₹200 / $3 | LAN |
| 10 m | RS-485 cable | 2-pair + shield, 120 Ω | ₹1 k / $12 | Field bus |
| 2 | 120 Ω terminators | 0.25 W metal-film | — | End-of-line |
| 2 | 680 Ω bias resistors | — | — | Fail-safe idle |
| 1 | USB oscilloscope / LA | PicoScope 2204A or Saleae Logic 8 | ₹9 k / $110 | Signal timing & CRC debug |
Budget path: Replace industrial slave with Simply Modbus slave simulator and the ESP32 board for ~₹1 500 total outlay.
14.2 Lab topology overview — [Fig-14-1]
┌──────────────┐ Cat-5e ┌──────────────┐
│ Laptop │—LAN—► 5-Port Switch ├─► Modbus TCP
│ (Master + │ (Gateway) │
│ Wireshark) │ └──┬───────────┘
└──────────────┘ USB/FT-232 │ RS-485 (2-wire)
│ Bias+Term
┌────────▼─────────┐
│ Wago 750-652 │
│ (Slave address17)│
└──────────────────┘
14.3 Step 1 — Wire the serial loop
- Daisy-chain the twisted pair: A-, B+ on every node. No star tees.
- Terminate at both physical ends with 120 Ω.
- Apply bias resistors (680 Ω) at exactly one point—preferably the gateway.
- Verify idle differential: VAB≈+300mVV_{AB} ≈ +300 mV with multimeter.
Quick oscilloscope check – Send a single 8-byte RTU frame. Confirm clean 0–5 V differential edges; frame ends 3.5-char (~4 ms @ 9 600 Bd) before line idle.
14.4 Step 2 — Install reference simulators
| Role | Windows GUI | Cross-platform CLI | Install hint |
|---|---|---|---|
| Master | Modscan32 (Win) | modpoll | choco install modscan / brew install modpoll |
| Slave | Simply Modbus Slave | mbserver.py (Pymodbus) | pip install pymodbus |
| Gateway | HMS Anybus SG-gateway Lite (demo) | socat (rtu⇄tcp-l:502) | apt install socat |
Create shortcuts:
modpoll.exe -b 9600 -p none -r 1 -c 10 -1 -a 17 COM5
14.5 Step 3 — Verify RTU communications
- Open Modscan32 → Connection: COM5, 9600-8-E-1, RTU.
- Add scan block
03/00001/6→ you should see incrementing register data. - Force an error: change slave ID to 18 → observe timeout then incrementing
FC = 0x83exceptions (Wireshark).
Pitfall drill – Swap A/B wires, watch garbled CRC errors; correct wiring, confirm clean frames.
14.6 Step 4 — Bridge to TCP
Transparent mode (quick):
socat -d -d TCP-LISTEN:502,reuseaddr,fork file:/dev/ttyUSB0,raw,echo=0,b115200
Intelligent mode (Anybus):
- RS-485 tab: 38 400 Bd, 8-E-1, timeout 250 ms.
- TCP tab: Server mode, port 502; Unit-ID 17 routed → RS-485/17.
Test with modpoll 127.0.0.1 502 -t 3 -r 1 -c 6 -1.
14.7 Step 5 — Capture & decode
Serial
Windows: RealTerm → Port → Half-Duplex; save raw; run through pycrc for CRC check.
Linux: pyserial-asyncio tap script (provided).
Ethernet
Wireshark:
tcp.port == 502 && modbus.exception_code
- Colour-rule: Exception frames red.
- Right-click → Follow TCP stream to inspect MBAP header.
14.8 Step 6 — Automate smoke tests
Create pytest suite (Listing 1):
import pytest, pymodbus.client
@pytest.fixture(scope="module")
def client():
cli = pymodbus.client.ModbusTcpClient("127.0.0.1", port=502)
cli.connect(); yield cli; cli.close()
def test_echo(client):
rr = client.read_holding_registers(0, 2, unit=17)
assert rr.isError() is False
@pytest.mark.parametrize("speed", [9600, 38400, 115200])
def test_speed(speed):
set_gateway_baud(speed)
rr = client.read_coils(0, 100, unit=17)
assert rr.bits[0] is True
Run nightly via GitHub Actions; fail build if any Modbus poll mis-behaves.
14.9 Field-ready lab variations
| Iteration | Adds | Skill gained |
|---|---|---|
| Redundancy | Second gateway + VRRP IP | Fail-over timing |
| Noise test | Signal generator inject 1 MHz burst on cable | CRC robustness |
| Cloud path | WireGuard tunnel to AWS, NAT traversal | Keep-alive & MTU tuning |
| Security | Proxy → stunnel/TLS | Certificates, Wireshark decryption |
14.10 Documentation checklist (print & laminate)
- Bus wiring diagram with colours.
- COM port mapping (
FTDI #A9Y2 = COM5). - Device table: ID, baud, parity, register span.
- Simulator CLI commands.
- Capture filters & file naming convention (
rtu_err_2025-06-07T1421.pcapng).
Chapter recap
- A solid Modbus lab needs one master, one or two slaves, a gateway, capture tools, and disciplined wiring.
- Bias & termination errors appear long before protocol errors—verify with meter + scope.
- Mix GUI simulators for quick manual pokes and CLI tools for automated regression tests.
- Document everything; tomorrow’s bugfix depends on yesterday’s wiring note.
Assets to create
| ID | Visual / file |
|---|---|
| Fig-14-1 | Lab topology block diagram |
| Fig-14-2 | RealTerm serial screenshot (good vs garbled) |
| Listing 1 | pytest Modbus smoke test |
| ZIP | Ready-made CLI scripts + Wireshark profile |
Next: Chapter 15 – Programming Modbus Clients (Masters)—we’ll take the working lab and write full Python, C (libmodbus), and C# masters, dive into asynchronous polling, and implement exception-aware retries. Stay plugged in!