How to Install Nmap on Arch Linux

Nmap gives Arch Linux users a fast way to discover hosts, open ports, service banners, and basic operating-system fingerprints from the terminal. If you need to install Nmap on Arch Linux for firewall checks, network inventory, or authorized security testing, the official repository package is the clean path and includes the main scanner plus companion tools such as Ncat and Nping.

Install Nmap on Arch Linux

Update the System

Refresh package databases and apply pending upgrades before installing new packages on Arch:

sudo pacman -Syu

These commands use sudo for tasks that need root privileges. If your user is not in the sudoers file yet, run the commands as root or follow the guide on how to add and manage sudo users on Arch Linux.

Install the Nmap Package

Install the official Arch nmap package from the extra repository. No AUR helper is needed for the standard Nmap install:

sudo pacman -S nmap

The package installs the nmap scanner and also owns /usr/bin/ncat and /usr/bin/nping. Arch packages ndiff separately; it is pulled in by Zenmap if you install the graphical frontend later.

Package	Installed Commands	Role
nmap	nmap, ncat, nping	Network discovery, port scanning, packet generation, and socket testing.
zenmap	zenmap	Optional GTK frontend for saved scan profiles and visual result browsing.
ndiff	ndiff	Compares Nmap XML scan output; installed as a dependency of zenmap.

Verify Nmap

Check that the scanner is on your path and that Pacman owns the installed binary:

command -v nmap
pacman -Qo /usr/bin/nmap
nmap --version

Relevant output begins with the installed package owner and Nmap version:

/usr/bin/nmap
/usr/bin/nmap is owned by nmap 7.99-2
Nmap version 7.99 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.4.8 openssl-3.6.2 libssh2-1.11.1 libz-1.3.2 libpcre2-10.47 libpcap-1.10.6 nmap-libdnet-1.18.0 ipv6

Arch is a rolling-release distribution, so your package release and library versions may be newer than the example output. The important checks are that Pacman owns /usr/bin/nmap and nmap --version prints a valid Nmap build.

Optional: Install Zenmap on Arch Linux

Zenmap is useful when you want a graphical frontend for reusable scan profiles, saved results, and topology views. It is optional, and it pulls in GTK, Python, nmap, and ndiff dependencies, so terminal-only systems can skip it.

sudo pacman -S zenmap

Confirm the installed package state with Pacman:

pacman -Q zenmap ndiff

Relevant output includes both packages:

zenmap 7.99-2
ndiff 7.99-2

Launch Zenmap from your desktop menu or with zenmap in a graphical session. For privileged scan types such as SYN scans, OS detection, and UDP probes, use the command-line sudo nmap forms shown for raw scans.

Use Nmap Safely on Arch Linux

Only scan systems and networks you own or have explicit permission to test. Nmap is a normal administration tool on your own hosts, but scanning third-party networks without authorization can violate law, policy, or provider terms.

For a deeper command reference with timing templates, NSE scripts, and more scan examples, use the Nmap commands for beginners guide alongside the quick examples here.

Port State Definitions

Nmap reports a state for each port it probes. These states determine whether you should inspect the service, the host firewall, or the scan method.

Port State	Meaning
Open	An application is accepting TCP connections, UDP datagrams, or SCTP associations on the port.
Closed	The host responded, but no application is listening on that port.
Filtered	Nmap cannot determine whether the port is open because a firewall or filter blocks the probes or replies.
Unfiltered	The port is reachable, but the ACK scan cannot determine whether it is open or closed.
Open|Filtered	Nmap cannot distinguish between an open port and a filtered port because the scan type expects little or no response from open ports.
Closed|Filtered	Nmap cannot distinguish between a closed port and a filtered port. This state is mainly associated with the IP ID idle scan.

Basic Scanning Commands

Scan a single host by IP address or DNS name:

nmap 192.168.1.1
nmap example.com

Use the fast scan option when you only need the most common ports:

nmap -F 192.168.1.1

Scan localhost when you want to see which local services are exposed:

nmap localhost -p 22

Relevant lines from a local system with SSH enabled look like this; your local services may differ:

Nmap scan report for localhost (127.0.0.1)
Host is up (0.00043s latency).
PORT   STATE SERVICE
22/tcp open  ssh

Network Discovery Scans

Use CIDR notation to scan a subnet, or address ranges when you only need part of the network:

nmap 192.168.1.0/24
nmap 192.168.1.1-50
nmap 192.168.1.1,10,20,30

Discover live hosts without running a port scan:

nmap -sn 192.168.1.0/24

Scan IPv6 targets with the -6 flag:

nmap -6 ::1

Privileged Scan Types

OS detection, SYN scans, and UDP scans need raw socket access, so run those scans with sudo:

sudo nmap -O --osscan-guess 192.168.1.1
sudo nmap -sS 192.168.1.1
sudo nmap -sU -p 53,67,123,161 192.168.1.1

The SYN scan (-sS) sends a SYN packet and reads the response without completing the full TCP handshake. A connect scan (-sT) uses the operating system socket API, does not require root, and is useful when you cannot use raw packets, but it is usually slower and easier for services to log.

nmap -sT 192.168.1.1

Use aggressive scans sparingly because -A combines OS detection, service detection, script scanning, and traceroute:

sudo nmap -A 192.168.1.1

Service and Port Selection

Probe open ports for service names and versions:

nmap -sV 192.168.1.1

Restrict scans to selected ports, a port range, or every TCP port:

nmap -p 22,80,443,8080 192.168.1.1
nmap -p 1-1000 192.168.1.1
nmap -p- 192.168.1.1

The -p- form scans all 65,535 TCP ports and can take much longer than the default top-port scan.

Save Nmap Output

Save scan results when you need records for later review, XML processing, or comparison:

nmap -oN scan-results.txt 192.168.1.1
nmap -oX scan-results.xml 192.168.1.1
nmap -oG scan-results.gnmap 192.168.1.1
nmap -oA scan-results 192.168.1.1

The -oA option writes normal, XML, and grepable output files using the same base filename.

Open Nmap Help

Use the built-in help and manual page for the full option set:

nmap --help
man nmap

Troubleshoot Nmap on Arch Linux

nmap: command not found

If your shell cannot find nmap, confirm whether the package is installed:

pacman -Q nmap

If Pacman reports that the package was not found, install it again from the official repository:

sudo pacman -S nmap

When you need to confirm repository visibility, use an exact package search:

pacman -Ss '^nmap$'

extra/nmap 7.99-2
    Utility for network discovery and security auditing

Raw Scan Requires Root Privileges

Running a SYN scan without root privileges fails before the scan starts:

nmap -sS 127.0.0.1

You requested a scan type which requires root privileges.
QUITTING!

Run the raw scan with sudo, or use a TCP connect scan when root access is not available:

sudo nmap -sS 127.0.0.1
nmap -sT 127.0.0.1

Host Seems Down

If a target is online but blocks ping probes, tell Nmap to skip host discovery and scan it as up:

nmap -Pn 192.168.1.1

Use this for known hosts behind firewalls that drop ICMP or other discovery probes.

Scans Take Too Long

Large subnets, full port ranges, reverse DNS lookups, and UDP scans can slow results. Use timing, skip DNS lookups, and narrow the port set when you do not need exhaustive coverage:

nmap -T4 -n -F 192.168.1.0/24

-T3 is the default timing template. -T4 is more aggressive and usually reasonable on reliable local networks, but avoid high-speed templates against fragile systems or links you do not control.

All Ports Show as Filtered

Filtered results usually mean a firewall, router ACL, security group, or host policy is dropping probes or replies. Compare a few scan types before assuming the service is down:

sudo nmap -sA 192.168.1.1
sudo nmap -sS 192.168.1.1
nmap -Pn 192.168.1.1

An ACK scan can help identify filtering behavior, while -Pn separates host-discovery failure from port filtering.

Update Nmap on Arch Linux

Nmap and Zenmap update through Pacman with the rest of your Arch system. Use the normal full-system upgrade path rather than mixing in upstream source archives or manual binary replacements:

sudo pacman -Syu

Check the installed package release after the upgrade when you need to confirm what changed:

pacman -Q nmap

If Zenmap is installed too, include it in the package query:

pacman -Q nmap zenmap ndiff

Remove Nmap from Arch Linux

If you installed only Nmap, remove the scanner and orphaned dependencies when you no longer need it:

sudo pacman -Rns nmap

If Zenmap is installed, remove the GUI frontend and scanner together because zenmap depends on nmap:

sudo pacman -Rns zenmap nmap

Verify removal with Pacman first:

pacman -Q nmap

error: package 'nmap' was not found

If your shell previously cached the command path, clear the shell hash table before checking command discovery:

hash -r
command -v nmap

If Pacman refuses removal because another package depends on Nmap or Zenmap, keep the required package installed or remove the dependent package intentionally. Do not use force-removal flags such as -Rdd on a normal system.

Additional Resources

• Nmap official website for project documentation
• Nmap Network Scanning book for the upstream reference text
• Nmap port scanning techniques for upstream scan-type details
• ArchWiki Nmap page for Arch-specific notes
• Arch Zenmap package page for current GUI package metadata

Conclusion

With the official Arch package installed, Nmap can handle quick host checks, full port sweeps, service detection, IPv6 scans, and saved reports from the same command-line tool. Keep scans limited to authorized systems, update through Pacman with the rest of the system, and pair the results with firewall tools such as Firewalld on Arch Linux or UFW on Arch Linux when you need to close exposed services.