Pluto requires two machines to do any testing. Pluto has to talk to a peer that understand the ISAKMP/IKE protocol.
Where IPsec can be configured easily to be in a static, or at least, predictable state, ISAKMP/IKE can not. The protocol has extensive facilities to prevent replay attacks, does all of its operations in private and generates random keys for use by the KLIPS system.
Most actions that Pluto performs are done in response to network traffic. There are three kinds of traffic that causes pluto to change states:
In addition, timeouts are important. To test pluto you either have to configure rather small timeouts - which can cause race conditions, or one has to be very patient. A way to artificially advance the clock would help.
![\includegraphics[height=2in,width=3in]{plutotest.eps}](img4.png)