Discovering Connected Modbus Devices


Thread Starter



I am doing masters in electrical engineering and writing a discovery tool to discover connected Modbus slave devices behind TCP/IP gateway. From what I read, for discovering a slave device behind TCP/IP gateway, I need to send a request to each slave ID and then listen for the response thereby concluding a device exists only if I get a response from any slave ID.

As for 1-byte slave addressing, the number of slave addresses to check is 247 and hence is taking too long time. Is there any way by which I can discover which slave IDs have a Modbus device apart from querying each address(since Modbus slave devices don't need to respond to broadcast message at slave ID 0)

I'd like to think there is a broadcast to all slaves which doesn't require acknowledgement. But if you think about it, if you could broadcast to all slaves which requires acknowledgement, 50 or more simultaneous 'ack' or 'nack' would lead to so many collisions it could well crash your network.

Modbus was never designed to do this.

The art of time slicing is not new, but checking a few slave addresses in sequence when the network is quiet sounds quite conceivable.
1) See this thread for comments on auto slave detection:

2) This question on Function Code 17 was never answered, probably because most master/client vendors to not support FC 17, nor so the slave/server vendors:

3) Chipkins' CAS Modbus master/client freeware app is a slave address scanner, but you need to know that it is accessed from the main window's 'Discover' button, not in the 'Edit tasks' window.

I tried it once and it found a single slave, ID #3.

Thanks for reply. Yes looks like even the Chipkins CAS modbus software does a serial scan over all slave IDs and given an expected time of 51 minutes for scanning!!! If everyone implemented function code 17 it would be easier. Thanks again