One Pass. Every Industrial Protocol. Wire-Speed Enforcement.

TXODI: TXOne One-pass Deep Packet Inspection, purpose-built for OT traffic

TXODI (TXOne One-pass Deep Packet Inspection) is the single-pass packet inspection engine inside TXOne Edge and SenninRecon. It parses 180+ industrial protocols at the command level in one pipeline pass, delivering sub-500 microsecond latency, signature plus behavioral evaluation, and inline enforcement without multi-engine chaining that IT NGFWs rely on.

Start a 60-Minute Proof of Value Review Supported Protocols

Deep Packet Inspection for OT

IT Firewalls See Ports. TXODI Sees Intent.

A Modbus write-coil command, an S7 stop-CPU request, or a DNP3 unsolicited response each carries meaning IT firewalls cannot parse. TXODI parses them.

Inspection for industrial protocols has to happen inline, at wire speed, without drop or reorder. Chained IT engines add latency and miss command context. TXODI runs one pass over the packet and executes signature matching, protocol validation, behavioral baseline evaluation, and policy enforcement in a single pipeline so inspection keeps up with the control loop and operations keep running.

Capability

What is TXODI?

TXODI is the deep packet inspection engine that powers command-level enforcement on TXOne Edge appliances (EdgeIPS, EdgeFire) and informs asset discovery, protocol mapping, and baseline establishment on SenninRecon. It is purpose-built for industrial environments: deterministic performance, fail-safe behavior, protocol awareness across 180+ industrial protocols, and integration with CPSDR behavioral detection and 1,500+ OT-native signatures. TXODI is why a TXOne Edge device can distinguish a legitimate engineer reprogramming a PLC from an attacker issuing the same function codes, and why SenninRecon can map what an asset actually does on the network instead of guessing from ports.

Requirements

TXODI Challenges

Key challenges that TXODI addresses.

01 / 04

Generic port filtering leaves industrial commands unenforced

IT Firewalls Cannot Parse Industrial Protocols

Your IT next-gen firewall filters by port, IP, and application signature. It cannot parse a Modbus function code, validate an S7 block transfer, or detect an unauthorized DNP3 operation. Port 502 is either allowed or blocked; the commands inside are invisible.

Generic port filtering leaves industrial commands unenforced

IT Firewalls Cannot Parse Industrial Protocols

Your IT next-gen firewall filters by port, IP, and application signature. It cannot parse a Modbus function code, validate an S7 block transfer, or detect an unauthorized DNP3 operation. Port 502 is either allowed or blocked; the commands inside are invisible.

Key Components

Core components of the TXODI capability.

01 / 05

One-Pass Inspection Pipeline

TXODI processes each packet through signature matching, protocol validation, CPSDR behavioral evaluation, and policy enforcement in a single pipeline pass. No serialized multi-engine chains. Sub-500 microsecond latency across every EdgeIPS model.

Key Capabilities

Sub-500 microsecond latency at wire speed

Unified pipeline eliminates serialized engine delay

Throughput from 100 Mbps (LE 102) to 60 Gbps (Pro 4016F)

Deterministic performance for control-loop networks

1

180+ Industrial Protocols at Command Level

TXODI parses Modbus TCP/RTU, EtherNet/IP/CIP, S7/S7Plus, DNP3, IEC 61850, PROFINET, BACnet, OPC UA, and 170+ more at the command level. Policy can allow reads but block writes, allow engineering traffic only from authorized workstations, or block specific function codes entirely.

Key Capabilities

Command-level enforcement, not just port allow/deny

Authorized versus unauthorized operator actions distinguished

Read-only, write, and engineer-level policies per protocol

New protocols added via firmware updates

Signature + Behavioral + Virtual Patch in One Pass

TXODI evaluates each packet against 1,500+ OT-native threat signatures, CPSDR behavioral baselines, and virtual patch rules for unpatched CVEs on legacy systems. One engine. One pass. Prevention for known threats, unknown deviations, and exposed CVEs simultaneously.

Key Capabilities

1,500+ OT-native threat signatures

CPSDR behavioral anomaly detection integrated

Virtual patching for systems that cannot be patched

ZDI (Zero Day Initiative) research feeds signature updates

Hardware Bypass Fail-Safe

If an Edge appliance running TXODI loses power or fails, built-in hardware bypass passes traffic through uninterrupted. Production continues. No blackout. No traffic loss. Operations teams get inline prevention without the traditional risk that a failed security device takes the line down with it.

Key Capabilities

Power-loss traffic continuity without manual intervention

700,000 hrs MTBF across the Edge product line

-40C to 75C industrial operating range

Fanless design for dusty plant-floor environments

Powers SenninRecon Asset Discovery

On SenninRecon, TXODI parses traffic to classify assets by vendor, device type, firmware revision, and observed protocol behavior. Every PLC, HMI, drive, and gateway is identified by what it does, not just what port it uses, producing an asset inventory IT scanners cannot build safely in production networks.

Key Capabilities

Vendor, device type, and firmware identification from protocol traffic

Non-intrusive discovery safe for production networks

Feeds the VSAR vulnerability risk model with operational context

Baseline establishment for subsequent CPSDR enforcement

One-Pass Inspection Pipeline

TXODI processes each packet through signature matching, protocol validation, CPSDR behavioral evaluation, and policy enforcement in a single pipeline pass. No serialized multi-engine chains. Sub-500 microsecond latency across every EdgeIPS model.

Key Capabilities

Sub-500 microsecond latency at wire speed

Unified pipeline eliminates serialized engine delay

Throughput from 100 Mbps (LE 102) to 60 Gbps (Pro 4016F)

Deterministic performance for control-loop networks

Outcomes

01 / 04

<500μs

Inspection latency at wire speed

<500μs

Inspection latency at wire speed

Industrial protocols at command level

OT-native threat signatures

Microsecond inspection latency

Deployments with zero unplanned downtime

Why TXODI for Industrial Packet Inspection

Built for OT traffic, OT latency budgets, and OT failure modes from the ground up.

TXOneOperations-first

IT NGFWs chain firewall, IPS, and DPI engines in sequence. TXODI runs signature, behavioral, and policy evaluation in one pass, holding latency under 500 microseconds so control loops keep running.

VS

One Pass, Not Engine Chaining