
Deprecated Linux networking commands and their replacements - nailer
https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/
======
ComputerGuru
The first thing I do on any Linux machine is set up an `ifconfig` alias in my
shell. That's a command that I've been using for a lot longer than some of
these distributions have been around.

From the man page documentation for ifconfig:

> This program is obsolete! For replacement check ip addr and ip link. For
> statistics use ip -s link.

and

> Ifconfig uses obsolete kernel interface. It uses the ioctl access method to
> get the full address information, which limits hardware addresses to 8
> bytes. Since an Infiniband address is 20 bytes, only the first 8 bytes of
> Infiniband address are displayed.

I don't understand why ifconfig couldn't be upgraded to use whatever the new
IOCTL that is compatible with 20b+ addresses instead of being deprecated for
favor of a new command entirely.

Fortunately, my FreeBSD servers all take ifconfig out-of-the-box... and even
my Linux shell under Windows does, too.

~~~
foo101
On which Linux distribution did you find the "This program is obsolete!" note
in `man ifconfig`?

I have Debian 9 and I don't see it in my `man ifconfig`!

~~~
cmurf
Fedora 26.

    
    
        $ sudo dnf provides /usr/sbin/ifconfig
        net-tools-2.0-0.42.20160912git.fc26.x86_64 : Basic networking tools
        Repo        : @System

~~~
jwilk
[https://git.centos.org/raw/rpms/net-
tools.git/c7/SOURCES!net...](https://git.centos.org/raw/rpms/net-
tools.git/c7/SOURCES!net-tools-man.patch)

I believe this patch originates from Fedora, but I don't know how to get
Fedora source for this RPM. :-\

------
ktta
This[1] page covers a lot more commands. I didn't even know it was possible to
do some of those in linux without installing more packages. It is very long so
I would just bookmark it.

[1]:[http://baturin.org/docs/iproute2/](http://baturin.org/docs/iproute2/)

------
efoto
The post is from 2011 and it's been awhile since I started using 'ip' instead
of 'ifconfig', but everybody, myself included, seem to continue using
'netstat' and not 'ss'.

~~~
keeperofdakeys
I like most if the new tools, but the 'ss' command produces output that's hard
to skim. When outputting to a terminal it tries to justify the columns, hiding
some information on the next line. When you pipe it through cat (so it can't
detect a tty), the columns don't even line up.

~~~
vacri
> _When you pipe it through cat (so it can 't detect a tty), the columns don't
> even line up._

Weird. At first I thought it might be due to tabs, but it appears to be using
spaces.

~~~
inetknght
Honestly, why people don't use tabs in terminals is beyond me. It's easier to
parse in nearly every case that doesn't involve a text editor of some sort.

------
aexaey
_iw_ is not quite a complete replacement for _iwconfig_ and _iwlist_. Former
don't support some network card drivers, such as [1]. So if you happen to have
one of those, you have to use latter two, deprecated or not.

[1]
[https://github.com/lwfinger/rtl8188eu/](https://github.com/lwfinger/rtl8188eu/)

------
SwellJoe
My fingers still type ifconfig, netstat, and route, and then I correct myself
usually before hitting enter (though that took at least a couple of years).
The new commands are more consistent, and more logically laid out so I can't
argue against switching...but, my muscle memory doesn't know them yet (despite
having started switching years ago).

It seems pretty clear unlearning the old and learning the new is more work
than learning it for the first time, which may be why so many old-timers are
so disagreeable to changes like this, even if the new is clearly superior (and
for the average user, these may not be clearly superior enough to justify
extra effort). Hell, I caught myself typing an ipchains command a week or so
ago (while I'm busy learning about nftables which replaces
iptables/ip6tables!), and I haven't had a system that had ipchains in more
than a decade.

~~~
sandGorgon
is nftables production ready ? or is everyone still at iptables/ipchains ?

~~~
SwellJoe
You're fine sticking with iptables for now, if you don't experience any pain
from it. ipchains has been compltely dead for well over a decade (which is why
it's so ridiculous that I'd start typing an ipchains command); iptables
arrived in 2001 and was on everything by the mid-2000s. The difference with
that transition was that you _couldn 't_ keep using ipchains, because it was
replaced by iptables. nftables co-exists with iptables.

nftables works well and has been available in mainline Linux for a few years,
but there's little support for it at the distribution and tools and
documentation level. AFAIK, things like firewalld and other firewall
management tools don't support it yet (though firewalld will support it
transparently when it does arrive, so if you use firewalld to manage your
iptables firewalls, it'll probably Just Work when switching to nftables). We
don't yet support it in our products (while we do support firewalld, iptables,
and some third party firewall management tools like CSF have modules for
Webmin).

iptables continues to be supported at all levels, so there is no urgency to
switching, though nftables is clearly superior in nearly every way. It's an
awesome tool, but adoption has been very, very slow. I think that's
unfortunate, as it's an area where I'd be willing to learn new things. nft has
really clean syntax with super powerful abstractions and hooks into the
kernel.

So, if you manage a lot of Linux firewalls, or a few very complex ones, maybe
you want to switch already...I would, if I were in that situation. But, I just
use firewalld, because my firewall needs are minimal these days.

~~~
sandGorgon
do you see a python 2 -> python 3 situation happening with nftables ? because
that is a shame.

I personally cant wait for pfsense quality products to come on Linux.

~~~
SwellJoe
I think Linux is just such a big ecosystem now, with such a huge variety of
dependent parties, that nothing can change fast anymore, and nothing can ever
die. So many products are built around iptables, so many docs assume iptables,
etc. It's just cheaper for people to keep using iptables. Doing an
ipchains->iptables style conversion where the next version of Linux just
completely removed the old thing, wouldn't be feasible today. Linux is orders
of magnitude bigger than it was from the transition 2.2 to 2.4 (I think that
was when the iptables switch happened).

It's "only" been four years since nftables made it to mainline kernel, so
we're not quite into Python 3 territory, but I wouldn't be surprised if we're
still having this conversation in five more years. There's just no movement
toward nftables, at all, that I perceive. I think it's partly because
firewalls matter less today than they once did. So much is in the cloud now,
where the firewall is somebody else's problem. It might even end up being a
Perl 5->6 situation, but we won't know for a few more years.

------
gsich
ifconfig is far superior to ip, depending on the use case. Mostly I want to
see the current IP, MAC, amount of traffic transfered. Sometimes MTU. Can't do
that with one command in ip.

~~~
ktta

      ip -s a
    

If you want human readable byte/packet numbers

    
    
      ip -s -h a
    

`ip` is actually really cool once you get to know all the features. I missed
seeing ifconfig's familiar output but got over it rather (suprisingly)
quickly.

~~~
gsich
but how is that better then ifconfig? with this I see bytes/packets. But not
IP, for that I have to use a different command...

~~~
ktta
Have you actually tried using the command in my comment?

------
mschuster91
Hmm. Problem is, ifconfig and netstat are available on OS X too, while ip and
ss are not...

------
shmerl
Good to know that ifconfig is supposed to he phased out. I'm not a sysadmin,
so I've never heard about it.

~~~
isatty
Your comment doesn't make sense. Why is it good to know that a command that
you haven't even heard about is phased out?

Fwiw you don't need to be a sysadmin to have known of ifconfig. Hell how is it
possible to have set up networking on Linux distributions without knowing this
command?

~~~
shaklee3
I think he means he hadn't heard about it being phased out.

~~~
mathw
Mmm. I had no idea either. I was surprised to see how old the linked article
is!

I'm not a sysadmin, but I use Linux every day. Just can't keep up anymore...

~~~
pnutjam
I'm a sysadmin and I hadn't heard this until last year. It explains why only
root can do an ifconfig on SLES, but anyone can run 'ip a'

~~~
shmerl
In Debian both of them sit in /sbin so it boils down to whether /sbin is in
the PATH by default. I think it better should be, rather than not.

------
a3n
From a casual net commands user POV, I like that 'ip' plus a sub-command has
taken over a good part of this. It's nice to look in one man page, and
discover other things ip does, without having to be aware (or ignorant!) of
other commands.

------
est
cant recommand ss enough.

    
    
        ss -4tanpioe state established

~~~
edgan
lsof -i -n -P | grep ESTABLISHED

~~~
est
ss is a lot faster IIRC

------
ausjke
ip is a great tool, the only thing I am still not used to is that, ip's output
is more like for machines instead of human to digest, at least for me. I feel
a sugar wrapper is needed for more enjoyable reading on the terminal.

this post is very useful, hope the author can make a github page for it...

~~~
shaklee3
-h

~~~
ausjke
correct, I do use that, still not as good IMHO

------
gbrown_
My favorite feature of ip(8) is its ability to load kernel modules
[https://twitter.com/lucabruno/status/902934379835662336](https://twitter.com/lucabruno/status/902934379835662336)

~~~
digi_owl
Favorite in the serious sense, or the WTF sense?

Like i didn't dislike it enough already. Would not surprise me if it had the
Poettering stamp of approval...

~~~
gbrown_
> Favorite in the serious sense, or the WTF sense?

The WTF sense.

------
erobbins
so I see "not apparent" in many replacement columns... which means the
original is not deprecated at all, but still the only show in town.

~~~
boomboomsubban
No, it means the author didn't find it in their research time. Which seems
crazy, one of them is "iptunnel -v" and version is the first flag covered in
the ip man page

------
dmourati
Flame bait title. I know some of these but not all. All the supposedly
deprecated commands still work six years after posting.

~~~
awalton
'Deprecated' means "stop using this", not "this doesn't work anymore", albeit
the former usually implies the latter, especially over time.

The Linux kernel's promise not to break userspace means lots of ancient shit
still works even though maybe it shouldn't...

~~~
nailer
Also ifconfig doesn't work at all in some cases. Virtual IP on a vlan on a
bond, liks most trading systems use? Won't show up.

