Modbus has been the workhorse of industrial communication for decades, and it's not going anywhere. In fact, as manufacturers push deeper into digital transformation, IIoT connectivity, and edge-to-cloud architectures, Modbus devices are more likely than ever to be part of the data pipeline feeding your dashboards, AI models, and enterprise systems.
But reliable Modbus communication depends on a foundation most people overlook: function codes.
Whether you're a system integrator designing a multi-site SCADA architecture or a plant engineer troubleshooting unexpected data values, understanding Modbus function codes is essential for efficient, accurate communication with your devices. This post breaks it all down and shows how TOP Server takes the complexity off your plate.
What are Modbus Function Codes?
Function codes are numerical identifiers that tell a Modbus device exactly what operation to perform. Think of them as a precise instruction set: read these coils, write to that register, modify this bit. Each code maps to a specific memory type and operation.
Without the right function code, the device doesn't know what you're asking, and you'll get errors, bad data, or silence.
A Quick Refresher: Modbus Memory Types
Modbus organizes device data into four memory types:
| Memory Type | Description | Access |
|---|---|---|
| Output Coils (0x) | Boolean outputs (0 or 1) | Read / Write |
| Input Coils (1x) | Boolean inputs (read-only) | Read only |
| Input Registers (3x) | 16-bit read-only values | Read only |
| Holding Registers (4x) | 16-bit read/write values | Read / Write |
Each memory type uses a specific address prefix followed by the data offset. If addressing and offsets are tripping you up, check out our companion post: Modbus Offset vs. Addressing: Why Does It Matter?
Modbus Function Codes Supported by TOP Server
Function codes determine which memory type is being accessed and whether the operation is a read or a write. Here's a quick reference to the codes TOP Server supports:
| Function Code | Operation | Memory Type |
|---|---|---|
| FC 01 | Read Coils | Output Coils (0x) |
| FC 02 | Read Discrete Inputs | Input Coils (1x) |
| FC 03 | Read Holding Registers | Holding Registers (4x) |
| FC 04 | Read Input Registers | Input Registers (3x) |
| FC 05 | Write Single Coil | Output Coils (0x) |
| FC 06 | Write Single Register | Holding Registers (4x) |
| FC 15 | Write Multiple Coils | Output Coils (0x) |
| FC 16 | Write Multiple Registers | Holding Registers (4x) |
| FC 22 | Mask Write Register (bit-level) | Holding Registers (4x) |
TOP Server's defaults are aligned to standard Modicon Modbus PLCs, but the real power is in how it handles edge cases and non-standard devices.
Where It Gets Interesting: FC 15, FC 16, and FC 22
Most function codes are self-explanatory. FC 15 and FC 16 deserve a closer look, and FC 22 is the one most people don't know about. But they should.
FC 15 & FC 16: Handling Devices That Don't Support Single Writes
While FC 05 writes a single coil and FC 15 writes multiple coils, some devices only support FC 15 for both operations. Similarly, some devices only support FC 16 for all register writes, not FC 06.
TOP Server lets you disable FC 05 or FC 06 in the device settings, forcing all writes, single or multiple, through FC 15 or FC 16 respectively. This is particularly useful when commissioning third-party devices with non-standard Modbus implementations, a scenario that comes up frequently in legacy modernization projects and multi-vendor environments.
Pro tip for system integrators: When deploying to environments with mixed device vendors, always cross-reference the device manual for supported function codes. Using Communication Diagnostics in TOP Server, you can verify in real time which function codes are being used, and catch compatibility issues before they become production problems.
FC 22: Safe Bit-Level Writes (Disabled by Default — Here's Why)
FC 22 is a lesser-known but genuinely useful function code. It allows you to write directly to individual bits within a holding register in a single transaction, without the risks of the default Read/Modify/Write (RMW) approach.
With RMW, TOP Server reads the full register value, modifies the target bit, then writes the updated value back. In systems where register values change frequently, think high-cycle machines or fast-moving process lines, there's a window where other bits could change between the read and the write, introducing errors.
FC 22 eliminates that window entirely.
Why is it disabled by default? Many Modbus devices simply don't support it. Enabling it on an unsupported device will cause communication failures. Once you've confirmed your device supports FC 22, you can enable "Holding Register Bit Writes" in the TOP Server device properties to take advantage of it.
How a Modbus Request Actually Works
Every Modbus transaction is a structured message with three core components:
- Function Code — the operation being performed (e.g., read holding registers)
- Starting Address — the memory location where the operation begins
- Data Quantity — the number of coils or registers involved
Here's what a read request for 10 holding registers looks like at the packet level:
TX: [Unit ID] [FC 03] [Start Offset: 0x0001] [Quantity: 0x000A]
RX: [Unit ID] [FC 03] [Byte Count] [Register 1 Value] ... [Register 10 Value]
TOP Server handles all of this automatically, selecting the right function code, managing offsets, and parsing the response. For operators and engineers focused on outcomes rather than protocol internals, that automation is exactly what you want. For integrators, the diagnostic layer gives you full visibility when you need to get under the hood.
Why This Matters More Than Ever in Modern Industrial Architectures
As plants adopt Unified Namespace (UNS) strategies, edge computing, and AI-driven analytics, the quality of data at the source becomes mission-critical. A misconfigured function code doesn't just cause a communication error. It can corrupt the data flowing into your historian, your digital twin, or your machine learning pipeline.
Getting Modbus fundamentals right is increasingly a prerequisite for successful digital transformation, not just a PLC troubleshooting skill.
TOP Server's ability to automatically manage function codes, combined with its flexibility to adapt to non-standard device implementations, makes it a reliable foundation for these modern architectures, whether you're connecting a single legacy device or building an enterprise-wide OT data infrastructure.
Quick Reference: Modbus Function Codes at a Glance
Here's a complete reference of the Modbus function codes supported by TOP Server, what each one does, and which memory type it accesses.
| FC | Operation | Memory Type | Read/Write | Default in TOP Server |
|---|---|---|---|---|
| 01 | Read Coils | Output Coils | R | ✅ Enabled |
| 02 | Read Discrete Inputs | Input Coils | R | ✅ Enabled |
| 03 | Read Holding Registers | Holding Registers | R | ✅ Enabled |
| 04 | Read Input Registers | Input Registers | R | ✅ Enabled |
| 05 | Write Single Coil | Output Coils | W | ✅ Enabled |
| 06 | Write Single Register | Holding Registers | W | ✅ Enabled |
| 15 | Write Multiple Coils | Output Coils | W | ✅ Enabled |
| 16 | Write Multiple Registers | Holding Registers | W | ✅ Enabled |
| 22 | Mask Write (bit-level) | Holding Registers | W | ⚠️ Disabled — enable if device supports it |
Putting It All Together
By leveraging TOP Server's ability to handle function codes automatically and configure settings like block sizes, single or multiple writes, and bit-level operations, you can streamline your Modbus communication significantly. These tools ensure that communication remains reliable and tailored to the specific requirements of your devices, whether they follow Modicon standards or have unique implementations.
Understanding Modbus function codes and how they interact with memory types, addressing, and requests is critical for efficient communication. When paired with the flexibility and advanced features of TOP Server, you can optimize performance, maintain compatibility with your devices, and reduce troubleshooting time. Whether you are reading registers, writing coils, or modifying bits, the building blocks of Modbus communication remain the same, and TOP Server ensures those blocks are used to their full potential.
If you run into any problems or have questions about Modbus function codes, contact our technical support team, we're happy to help.
Don't forget to subscribe to our blog for the latest TOP Server updates, tutorials, and resources. And if you found this post useful, take a look at our related Modbus technical posts below:
Ready to get started with TOP Server and your Modbus devices? [Download the free trial today.]
