In software development, things change at incredible speed due to improvements in hardware and environments. For the same reason, tools change. Sometimes, older tools do not adapt well to changes, so they eventually fade and are replaced by other utilities (with the debatable point of the new tools being better than the previous ones).
This article shares a handful of older tools that you might be still using, what you should be using instead, and why you should switch to these improved alternatives that provide the same functionality, if not more. These tools are also well maintained. So here is my list, in no specific order.
egrep and fgrep: Use flags instead
Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams because that is a universal interface.
egrep (extended grep) tool uses regular expressions to match a line. However,
egrep was deprecated in favor of using regular
grep with the flag
grep -E. For example:
$ egrep '^[fj]' /etc/passwd ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin josevnz:x:1000:1000:josevnz:/home/josevnz:/bin/bash $ grep -E '^[fj]' /etc/passwd ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin josevnz:x:1000:3000:josevnz:/home/josevnz:/bin/bash
Both examples match the lines that start with the letter j or f in the
[ For more tips, download the Linux grep command cheat sheet. ]
Another example of adding a new flag is
fgrep. The fixed grep command uses a fixed string for matching (no optimizations, so it is faster than a regexp) as opposed to
-E. It's been replaced by
grep -F. Here is a comparison:
$ fgrep 'josevnz' /etc/passwd josevnz:x:1000:3000:josevnz:/home/josevnz:/bin/bash $ grep -F 'josevnz' /etc/passwd josevnz:x:1000:3000:josevnz:/home/josevnz:/bin/bash
Why were egrep and fgrep replaced?
It makes more sense to use flags for a tool to provide similar behavior. You just need to know that
grep with a flag can use regular expressions or perform an exact search.
nslookup: Still alive but not well
Raise your hand if you have ever tried to get the IP address of a server like this:
$ nslookup kodegeek.com Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: kodegeek.com Address: 126.96.36.199
An alternative for
dig. Here is a similar example to the one above:
$ dig @192.168.1.1 kodegeek.com A +noall +answer +nocmd kodegeek.com. 600 IN A 188.8.131.52
Below, the interactive mode shows how to get the pointer (PTR) record of the same server (this is a reverse lookup to get the server's name by providing the IP address):
> set type=ptr > 184.108.40.206 Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: 220.127.116.11.in-addr.arpa name = ip-50-63-7-206.ip.secureserver.net. Authoritative answers can be found from:
The equivalent command in
dig looks like this:
$ dig -x @192.168.1.1 kodegeek.com +noall +answer +nocmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22696 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;1.1.168.\@192.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 3549 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022033331 1800 900 604800 3600 ;; Query time: 24 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Tue May 17 05:08:21 EDT 2022 ;; MSG SIZE rcvd: 122 kodegeek.com. 600 IN A 18.104.22.168
dig command can do things that
nslookup cannot. For example, you can request a DNS transfer of a domain zone (including all record types) to make a backup of your DNS domain:
$ dig +short ns kodegeek.com ns51.domaincontrol.com. ns52.domaincontrol.com. $ dig axfr kodegeek.com @ns51.domaincontrol.com. # *Note:* In this case it won't work because kodegeek.com has a domain protection. But the domain in your intranet may work.
nslookup can do things that dig cannot, like the friendly interactive mode, which is very useful when exploring DNS domains. It can also run in non-interactive mode.
[ Download the Manage your Linux environment for success eBook to learn ways to streamline your work. ]
So what's the difference? The
dig utility uses the operating system resolver libraries (the libraries that perform address lookups on DNS) and
nslookup does not. The two may behave differently when resolving addresses.
Why was nslookup replaced?
nslookup was not replaced by
host). Per Wikipedia:
nslookup was a member of the BIND name server software. Early... in the development of BIND 9, the Internet Systems Consortium planned to deprecate nslookup in favor of host and dig. This decision was reversed in 2004 with the release of BIND 9.3, and nslookup has been fully supported since then.
So it is perfectly fine to use both.
[ Get the guide to installing applications on Linux. ]
ifconfig, netstat, route: Try ip
You could use
ifconfig to get information about network interfaces and change their settings. For example:
$ /sbin/ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:43:f9:d0:b4 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp1s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 00:1f:f3:46:38:96 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 16 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 30 bytes 1170 (1.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 30 bytes 1170 (1.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wls1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.16 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::ac00:48ea:c7a6:1488 prefixlen 64 scopeid 0x20<link> inet6 fd22:4e39:e630:1:6688:3ffd:ea5b:d9e9 prefixlen 64 scopeid 0x0<global> ether 00:23:6c:7b:db:ac txqueuelen 1000 (Ethernet) RX packets 1115786 bytes 107099421 (102.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 548530 bytes 359598134 (342.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifconfig was replaced by
ip. Here is how to list your network interfaces using
$ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether 00:1f:f3:46:38:96 brd ff:ff:ff:ff:ff:ff 3: wls1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:23:6c:7b:db:ac brd ff:ff:ff:ff:ff:ff inet 192.168.1.16/24 brd 192.168.1.255 scope global noprefixroute wls1 valid_lft forever preferred_lft forever inet6 fd22:4e39:e630:1:6688:3ffd:ea5b:d9e9/64 scope global noprefixroute valid_lft forever preferred_lft forever inet6 fe80::ac00:48ea:c7a6:1488/64 scope link noprefixroute valid_lft forever preferred_lft forever 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:43:f9:d0:b4 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever
Another useful tool is
route. Use the following command to check the routing table (the information on how your machine connects to other machines):
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wls1 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wls1
ip command can also show the routing table. The following example shows why this tool took over:
$ ip route list default via 192.168.1.1 dev wls1 proto static metric 600 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.1.0/24 dev wls1 proto kernel scope link src 192.168.1.16 metric 600
Another utility that was replaced is
netstat, you can see the list of active connections, among other things. For example, to see the list of active listening TCP connections on your servers without name resolution, type:
$ /usr/bin/netstat --numeric --tcp --listen Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN tcp6 0 0 :::9323 :::* LISTEN tcp6 0 0 :::5355 :::* LISTEN tcp6 0 0 :::9100 :::* LISTEN
In this case, the command
ss is the replacement:
$ ss --numeric --tcp --listen State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 32 192.168.122.1:53 0.0.0.0:* LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 127.0.0.1:631 0.0.0.0:* LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 128 [::1]:631 [::]:* LISTEN 0 4096 *:9323 *:* LISTEN 0 4096 [::]:5355 [::]:* LISTEN 0 4096 *:9100 *:*
Why were ifconfig, route, and netstat deprecated?
Many Linux distributions have deprecated the use of ifconfig and route in favor of the software suite iproute2, such as ArchLinux or RHEL since version 7, which has been available since 1999 for Linux 2.2. iproute2 includes support for all common functions of ifconfig(8), route(8), arp(8), and netstat(1). It also includes multicast configuration support, tunnel and virtual link management, traffic control, and low-level IPsec configuration, among other features.
- It is a good idea to keep up with the latest tools, as developers fix bugs and add useful functionality that may not be present in older versions. It is all about being more productive.
- Old software tends not to get bug fixes. If left unattended, some of them could compromise your system.
- And not every claim that a tool is deprecated is true! As usual, do your homework and make sure your utilities are up to date.