6 deprecated Linux commands and the tools you should be using instead

In software development, things change at incredible speed due to improvements in hardware and environments. For the same reason, tools change. Sometimes, older tools do not adapt well to changes, so they eventually fade and are replaced by other utilities (with the debatable point of the new tools being better than the previous ones).

This article shares a handful of older tools that you might be still using, what you should be using instead, and why you should switch to these improved alternatives that provide the same functionality, if not more. These tools are also well maintained. So here is my list, in no specific order.

egrep and fgrep: Use flags instead

The venerable grep command is one of the best examples of the philosophy of the Unix operating system:

Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams because that is a universal interface.

The egrep (extended grep) tool uses regular expressions to match a line. However, egrep was deprecated in favor of using regular grep with the flag grep -E. For example:

$ egrep '^[fj]' /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
josevnz:x:1000:1000:josevnz:/home/josevnz:/bin/bash

$ grep -E '^[fj]' /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
josevnz:x:1000:3000:josevnz:/home/josevnz:/bin/bash

Both examples match the lines that start with the letter j or f in the /etc/passwd file.

[ For more tips, download the Linux grep command cheat sheet. ]

Another example of adding a new flag is fgrep. The fixed grep command uses a fixed string for matching (no optimizations, so it is faster than a regexp) as opposed to -E. It's been replaced by grep -F. Here is a comparison:

$ fgrep 'josevnz' /etc/passwd
josevnz:x:1000:3000:josevnz:/home/josevnz:/bin/bash

$ grep -F 'josevnz' /etc/passwd
josevnz:x:1000:3000:josevnz:/home/josevnz:/bin/bash

Why were egrep and fgrep replaced?

It makes more sense to use flags for a tool to provide similar behavior. You just need to know that grep with a flag can use regular expressions or perform an exact search.

nslookup: Still alive but not well

Raise your hand if you have ever tried to get the IP address of a server like this:

$ nslookup kodegeek.com
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
Name:	kodegeek.com
Address: 50.63.7.206

An alternative for nslookup is dig. Here is a similar example to the one above:

$ dig @192.168.1.1 kodegeek.com A +noall +answer +nocmd
kodegeek.com.		600	IN	A	50.63.7.206

Below, the interactive mode shows how to get the pointer (PTR) record of the same server (this is a reverse lookup to get the server's name by providing the IP address):

> set type=ptr
> 50.63.7.206
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
206.7.63.50.in-addr.arpa	name = ip-50-63-7-206.ip.secureserver.net.

Authoritative answers can be found from:

The equivalent command in dig looks like this:

$ dig -x @192.168.1.1 kodegeek.com +noall +answer +nocmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22696
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1.1.168.\@192.in-addr.arpa.	IN	PTR

;; AUTHORITY SECTION:
in-addr.arpa.		3549	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2022033331 1800 900 604800 3600

;; Query time: 24 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue May 17 05:08:21 EDT 2022
;; MSG SIZE  rcvd: 122

kodegeek.com.		600	IN	A	50.63.7.206

The dig command can do things that nslookup cannot. For example, you can request a DNS transfer of a domain zone (including all record types) to make a backup of your DNS domain:

$ dig +short ns kodegeek.com
ns51.domaincontrol.com.
ns52.domaincontrol.com.
$ dig axfr kodegeek.com @ns51.domaincontrol.com.
# *Note:* In this case it won't work because kodegeek.com has a domain protection. But the domain in your intranet may work.

However, nslookup can do things that dig cannot, like the friendly interactive mode, which is very useful when exploring DNS domains. It can also run in non-interactive mode.

[ Download the Manage your Linux environment for success eBook to learn ways to streamline your work. ]

So what's the difference? The dig utility uses the operating system resolver libraries (the libraries that perform address lookups on DNS) and nslookup does not. The two may behave differently when resolving addresses.

Why was nslookup replaced?

Actually, nslookup was not replaced by dig (or host). Per Wikipedia:

nslookup was a member of the BIND name server software. Early... in the development of BIND 9, the Internet Systems Consortium planned to deprecate nslookup in favor of host and dig. This decision was reversed in 2004 with the release of BIND 9.3, and nslookup has been fully supported since then.

So it is perfectly fine to use both.

[ Get the guide to installing applications on Linux. ]

ifconfig, netstat, route: Try ip

You could use ifconfig to get information about network interfaces and change their settings. For example:

$ /sbin/ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:43:f9:d0:b4  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp1s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 00:1f:f3:46:38:96  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 30  bytes 1170 (1.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 30  bytes 1170 (1.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wls1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.16  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::ac00:48ea:c7a6:1488  prefixlen 64  scopeid 0x20<link>
        inet6 fd22:4e39:e630:1:6688:3ffd:ea5b:d9e9  prefixlen 64  scopeid 0x0<global>
        ether 00:23:6c:7b:db:ac  txqueuelen 1000  (Ethernet)
        RX packets 1115786  bytes 107099421 (102.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 548530  bytes 359598134 (342.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

However, ifconfig was replaced by ip. Here is how to list your network interfaces using ip:

$ ip address 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 00:1f:f3:46:38:96 brd ff:ff:ff:ff:ff:ff
3: wls1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:23:6c:7b:db:ac brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.16/24 brd 192.168.1.255 scope global noprefixroute wls1
       valid_lft forever preferred_lft forever
    inet6 fd22:4e39:e630:1:6688:3ffd:ea5b:d9e9/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::ac00:48ea:c7a6:1488/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:43:f9:d0:b4 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

Another useful tool is route. Use the following command to check the routing table (the information on how your machine connects to other machines):

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    600    0        0 wls1
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     600    0        0 wls1

The ip command can also show the routing table. The following example shows why this tool took over:

$ ip route list
default via 192.168.1.1 dev wls1 proto static metric 600 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.1.0/24 dev wls1 proto kernel scope link src 192.168.1.16 metric 600

Another utility that was replaced is netstat. With netstat, you can see the list of active connections, among other things. For example, to see the list of active listening TCP connections on your servers without name resolution, type:

$ /usr/bin/netstat --numeric --tcp --listen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
tcp6       0      0 :::9323                 :::*                    LISTEN     
tcp6       0      0 :::5355                 :::*                    LISTEN     
tcp6       0      0 :::9100                 :::*                    LISTEN    

In this case, the command ss is the replacement:

$ ss --numeric --tcp --listen
State               Recv-Q               Send-Q                             Local Address:Port                             Peer Address:Port              Process              
LISTEN              0                    32                                 192.168.122.1:53                                    0.0.0.0:*
LISTEN              0                    4096                               127.0.0.53%lo:53                                    0.0.0.0:*
LISTEN              0                    128                                      0.0.0.0:22                                    0.0.0.0:*
LISTEN              0                    128                                    127.0.0.1:631                                   0.0.0.0:*
LISTEN              0                    4096                                     0.0.0.0:5355                                  0.0.0.0:*
LISTEN              0                    128                                         [::]:22                                       [::]:*
LISTEN              0                    128                                        [::1]:631                                      [::]:*
LISTEN              0                    4096                                           *:9323                                        *:*
LISTEN              0                    4096                                        [::]:5355                                     [::]:*
LISTEN              0                    4096                                           *:9100                                        *:*

Why were ifconfig, route, and netstat deprecated?

In this case, a lack of maintenance was the downfall of these tools. Newer tools took their place, according to Wikipedia:

Many Linux distributions have deprecated the use of ifconfig and route in favor of the software suite iproute2, such as ArchLinux or RHEL since version 7, which has been available since 1999 for Linux 2.2. iproute2 includes support for all common functions of ifconfig(8), route(8), arp(8), and netstat(1). It also includes multicast configuration support, tunnel and virtual link management, traffic control, and low-level IPsec configuration, among other features.

Takeaway lessons

• It is a good idea to keep up with the latest tools, as developers fix bugs and add useful functionality that may not be present in older versions. It is all about being more productive.
• Old software tends not to get bug fixes. If left unattended, some of them could compromise your system.
• And not every claim that a tool is deprecated is true! As usual, do your homework and make sure your utilities are up to date.