How to Install Nmap on Linux Mint 22 and 21

Nmap gives Linux Mint a fast way to check which hosts are online, which ports are reachable, and which services respond on systems you administer. You can install Nmap on Linux Mint from the default APT repositories for the easiest maintenance path, or build the newest upstream source release from the official Nmap download page when you need the latest scanner tools before they reach the Ubuntu base repositories.

For most Mint desktops, the APT package is the better default because it updates with the rest of the system. The source-build path stays separate under /usr/local, verifies the upstream tarball checksum before compiling, and adds an update-nmap helper so future manual updates do not depend on remembering every build step.

Install Nmap on Linux Mint

Linux Mint 22.x and 21.x use Ubuntu-based repositories, so the default package versions follow the Noble and Jammy package bases. APT is the practical choice for most users, while the source build is useful when the current upstream Nmap release matters more than package-manager simplicity.

Method	Channel	Release track	Updates	Best for
APT package	Ubuntu-based Mint repositories	Mint default package	Normal APT upgrades	Most users who want simple install, removal, and security maintenance
Source build	Nmap release archive	Latest stable upstream tarball	Manual through update-nmap	Readers who need the newest upstream scanner and are comfortable compiling

Keep one active Nmap command path unless you deliberately want both methods installed. The APT package installs nmap under /usr/bin, while the source build installs under /usr/local/bin. On a standard Mint shell, /usr/local/bin wins first in PATH.

Refresh APT before installing Nmap on Linux Mint

Open a terminal from the applications menu or with your configured keyboard shortcut, then refresh the package index before installing anything new:

sudo apt update

These commands use sudo for tasks that need administrator privileges. If your account is not in the sudoers file yet, follow the guide to create and add users to sudoers on Linux Mint first.

Install Nmap from Linux Mint repositories

Install the default repository package when you want the Ubuntu-base scanner and normal APT updates:

sudo apt install nmap

This package installs the main nmap scanner and nping. The related ncat and ndiff tools are separate packages, and the Zenmap graphical frontend is available from the Mint 22.x package base only.

Verify the installed command:

command -v nmap
nmap --version

On Mint 22.x, relevant output includes:

/usr/bin/nmap
Nmap version 7.94SVN ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.4.6 openssl-3.0.13 libssh2-1.11.0 libz-1.3 libpcre2-10.42 libpcap-1.10.4 nmap-libdnet-1.12 ipv6

On Mint 21.x, relevant output includes:

/usr/bin/nmap
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.2 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6

The package revision and the CLI version string are not identical on Mint 21.x. APT reports 7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1, while the installed scanner prints Nmap version 7.80.

Linux Mint release	APT package version	nmap --version	Optional GUI package
Linux Mint 22.x	7.94+git20230807.3be01efb1+dfsg-3build2	7.94SVN	zenmap available
Linux Mint 21.x	7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1	7.80	No zenmap candidate

Install optional Nmap tools on Linux Mint

Install ncat when you need a modern netcat-style tool from the Nmap project, or ndiff when you compare two Nmap XML scan outputs:

sudo apt install ncat ndiff

On Mint 22.x only, install Zenmap if you specifically want the graphical frontend:

sudo apt install zenmap

Launch Zenmap from the applications menu, or run it from the terminal:

zenmap

Mint 21.x does not provide a zenmap package candidate from its default package base. Use terminal Nmap commands on Mint 21.x, or upgrade to a Mint release whose repositories include Zenmap.

Build the latest Nmap release from source on Linux Mint

Use the source build when you want the current stable Nmap release from nmap.org instead of the package version in your Mint release. The official Nmap source instructions use the same configure, compile, and install flow; this Mint version installs into the default upstream prefix, /usr/local, and uses --without-zenmap so the build stays focused on the terminal scanner tools.

Install Nmap source-build dependencies

Install the compiler, download tools, archive support, and development headers used by the source build:

sudo apt install build-essential curl ca-certificates bzip2 libssh2-1-dev libssl-dev

build-essential provides the compiler and Make tooling, bzip2 extracts the source archive, and the development headers let Nmap compile with OpenSSL and SSH-related support. For a broader compiler setup, the guide to install GCC on Linux Mint explains the same build-essential package family. The documented source build creates nmap, ncat, and nping; install the APT ndiff package separately if you need that comparison utility.

Download and verify the latest Nmap tarball

Create a build directory in your home folder, then resolve the newest stable .tar.bz2 release from the Nmap archive:

if mkdir -p "$HOME/nmap-build" && cd "$HOME/nmap-build"; then
  TARBALL=$(curl -fsSL https://nmap.org/dist/ | grep -oE 'nmap-[0-9]+\.[0-9]+(\.[0-9]+)?\.tar\.bz2' | LC_ALL=C sort -Vu | tail -n 1)

  if [ -z "$TARBALL" ]; then
    printf 'Could not determine the latest Nmap tarball.\n' >&2
  else
    SOURCE_DIR="${TARBALL%.tar.bz2}"
    DIGEST_FILE="$TARBALL.digest.txt"

    printf 'Latest tarball: %s\nSource directory: %s\n' "$TARBALL" "$SOURCE_DIR"
  fi
else
  printf 'Could not create or enter the Nmap build directory.\n' >&2
fi

Continue only after the command prints both values. If it reports that it could not determine the latest tarball, check network access to nmap.org before downloading anything.

Latest tarball: nmap-7.99.tar.bz2
Source directory: nmap-7.99

Download the tarball and its digest file, then verify the SHA256 checksum before extraction:

curl -fLO --progress-bar "https://nmap.org/dist/$TARBALL"
curl -fLo "$DIGEST_FILE" "https://nmap.org/dist/sigs/$DIGEST_FILE"

EXPECTED_SHA256=$(grep -A1 'SHA256' "$DIGEST_FILE" | tr -d '[:space:]' | sed 's/.*SHA256=//' | tr '[:upper:]' '[:lower:]')
printf '%s  %s\n' "$EXPECTED_SHA256" "$TARBALL" | sha256sum -c -

Relevant output includes:

nmap-7.99.tar.bz2: OK

Extract the archive and enter the source directory:

tar -xjf "$TARBALL"
cd "$SOURCE_DIR"

Compile and install Nmap from source

Configure the source tree first. The --without-zenmap option keeps the build to the terminal tools and avoids pulling GUI-specific Python requirements into a scanner install.

./configure --without-zenmap

Relevant output includes:

Configuration complete.  Type make (or gmake on some *BSD machines) to compile.

Compile with all available CPU threads:

make -j"$(nproc)"

Install the compiled files under /usr/local:

sudo make install

Relevant output includes:

NPING SUCCESSFULLY INSTALLED
NMAP SUCCESSFULLY INSTALLED

Return to your home directory before verification so the test proves the installed command works outside the source tree:

cd "$HOME"
hash -r
command -v nmap
command -v ncat
command -v nping
nmap --version

On Mint 22.x, relevant output includes:

/usr/local/bin/nmap
/usr/local/bin/ncat
/usr/local/bin/nping
Nmap version 7.99 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.8 openssl-3.0.13 libssh2-1.11.0 libz-1.3 nmap-libpcre2-10.47 nmap-libpcap-1.10.6 nmap-libdnet-1.18.0 ipv6

On Mint 21.x, the same source release reports Nmap version 7.99 with the older Jammy OpenSSL and zlib library versions. The important checks are the /usr/local/bin/nmap path and the upstream Nmap version.

Install the update-nmap helper on Linux Mint

Add this helper after the first source install. It checks the current source-built version, resolves the newest stable tarball from nmap.org, verifies the SHA256 digest, rebuilds only when a newer release exists, and uses sudo only for the final make install step.

cat <<'EOF' | sudo tee /usr/local/bin/update-nmap >/dev/null
#!/usr/bin/env bash
set -euo pipefail

BUILD_CACHE="${XDG_CACHE_HOME:-$HOME/.cache}/nmap-build"
CURRENT_BIN="/usr/local/bin/nmap"

if [ "$(id -u)" -eq 0 ]; then
  echo "Run update-nmap as your regular user."
  echo "The script uses sudo only for the final install step."
  exit 1
fi

for cmd in curl grep sort sed tr sha256sum tar bzip2 make gcc g++ nproc sudo; do
  if ! command -v "$cmd" >/dev/null; then
    echo "Error: $cmd is required but not installed."
    echo "Install the source-build dependencies first, then try again."
    exit 1
  fi
done

if [ ! -x "$CURRENT_BIN" ]; then
  echo "Error: $CURRENT_BIN was not found."
  echo "Install the source-built copy of Nmap before using update-nmap."
  exit 1
fi

mkdir -p "$BUILD_CACHE"
cd "$BUILD_CACHE"

echo "Checking the latest Nmap release..."
TARBALL=$(curl -fsSL https://nmap.org/dist/ | grep -oE 'nmap-[0-9]+\.[0-9]+(\.[0-9]+)?\.tar\.bz2' | LC_ALL=C sort -Vu | tail -n 1 || true)

if [ -z "$TARBALL" ]; then
  echo "Error: Could not determine the latest Nmap tarball."
  exit 1
fi

SOURCE_DIR="${TARBALL%.tar.bz2}"
LATEST_VERSION="${TARBALL#nmap-}"
LATEST_VERSION="${LATEST_VERSION%.tar.bz2}"
CURRENT_VERSION=$("$CURRENT_BIN" --version 2>/dev/null | grep -oE '[0-9]+(\.[0-9]+)+' | head -n 1 || true)
CURRENT_VERSION="${CURRENT_VERSION:-missing}"

echo "Current version: $CURRENT_VERSION"
echo "Latest version:  $LATEST_VERSION"

if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then
  echo "Nmap is already up to date."
  exit 0
fi

echo "Cleaning the previous build cache..."
rm -rf "$BUILD_CACHE"/nmap-*/
rm -f "$BUILD_CACHE"/nmap-*.tar.bz2 "$BUILD_CACHE"/nmap-*.digest.txt

echo "Downloading $TARBALL..."
curl -fLO --progress-bar "https://nmap.org/dist/$TARBALL"
curl -fLo "$TARBALL.digest.txt" "https://nmap.org/dist/sigs/$TARBALL.digest.txt"

EXPECTED_SHA256=$(grep -A1 'SHA256' "$TARBALL.digest.txt" | tr -d '[:space:]' | sed 's/.*SHA256=//' | tr '[:upper:]' '[:lower:]')

if [ -z "$EXPECTED_SHA256" ]; then
  echo "Error: Could not read the SHA256 digest for $TARBALL."
  exit 1
fi

printf '%s  %s\n' "$EXPECTED_SHA256" "$TARBALL" | sha256sum -c -

echo "Extracting $TARBALL..."
tar -xjf "$TARBALL"

if [ ! -x "$SOURCE_DIR/configure" ] || [ ! -f "$SOURCE_DIR/nmap-services" ]; then
  echo "Error: Expected Nmap source files were not found after extraction."
  exit 1
fi

cd "$SOURCE_DIR"

echo "Configuring the build..."
./configure --without-zenmap

echo "Compiling Nmap..."
make -j"$(nproc)"

echo "Installing the new release..."
sudo make install
hash -r || true

NEW_VERSION=$("$CURRENT_BIN" --version 2>/dev/null | grep -oE '[0-9]+(\.[0-9]+)+' | head -n 1 || true)
NEW_VERSION="${NEW_VERSION:-unknown}"

cd "$BUILD_CACHE"
rm -rf "$SOURCE_DIR" "$TARBALL" "$TARBALL.digest.txt"
echo "Updated Nmap to $NEW_VERSION."
EOF
sudo chmod +x /usr/local/bin/update-nmap

Confirm that the helper is available from your shell:

command -v update-nmap

/usr/local/bin/update-nmap

Run the helper manually whenever you want to check for a new upstream release:

update-nmap

When the source build is already current, the output stays short:

Checking the latest Nmap release...
Current version: 7.99
Latest version:  7.99
Nmap is already up to date.

Avoid running update-nmap from cron. Source builds can fail because of changed dependencies, network failures, or compile errors, so run the helper manually and watch the output before relying on the updated scanner.

Use Nmap on Linux Mint

Start with narrow scans against systems you own or have permission to assess. For a broader command reference after the install is working, use the guide to Nmap commands for beginners.

Basic host and service scans can run as a normal user. Raw-packet features, including operating system detection with -O, need sudo because Nmap must open raw sockets.

Scan one host with Nmap on Linux Mint

Use a normal scan when you want to check the most common TCP ports on one target:

nmap 192.168.1.10

This checks Nmap’s default top 1,000 TCP ports and reports whether each port is open, closed, or filtered.

Discover live hosts on a local subnet

Use a ping scan when you only need host discovery and do not want to scan ports yet:

nmap -sn 192.168.1.0/24

The -sn option skips the port scan and focuses on whether hosts respond to discovery probes.

Detect service versions with Nmap

Add service detection when you want Nmap to identify the software behind open ports:

nmap -sV 192.168.1.10

The -sV option probes detected services and prints version information when the response is identifiable.

Run operating system detection with Nmap

Operating system fingerprinting uses raw packets, so run it with administrator privileges:

sudo nmap -O 192.168.1.10

The -O option compares target responses with Nmap’s fingerprint database and tries to identify the remote operating system.

Save Nmap output for later review

Save normal text output when you want a scan record you can compare later:

nmap -oN mint-scan.txt 192.168.1.10

Use XML output when another tool or ndiff will parse the result:

nmap -oX mint-scan.xml 192.168.1.10

Update or Remove Nmap on Linux Mint

Use the maintenance path that matches the method you installed. APT owns repository packages, while the source build owns files under /usr/local and the update-nmap helper.

Update APT-installed Nmap on Linux Mint

Refresh package metadata, then upgrade the repository package when a newer Mint package revision is available:

sudo apt update
sudo apt install --only-upgrade nmap

If you installed optional Nmap tools, upgrade them through APT as well:

sudo apt install --only-upgrade ncat ndiff

On Mint 22.x systems where Zenmap is installed, update it with:

sudo apt install --only-upgrade zenmap

Update source-built Nmap on Linux Mint

Run the updater from a normal user account. It compares the installed source-built version with the newest stable tarball before it downloads or compiles anything:

update-nmap

When upstream publishes a newer release, the helper downloads the new tarball, verifies the SHA256 digest, compiles the source, and installs the replacement under /usr/local. When the installed version is already current, it exits after the version check.

Remove APT-installed Nmap on Linux Mint

Remove the main Nmap package first:

sudo apt remove nmap

Verify the main package is no longer installed. No output means the package is gone:

dpkg -l nmap | grep '^ii'

Remove optional Nmap tools only if you installed them:

sudo apt remove ncat ndiff zenmap

APT leaves packages such as nmap-common and scanner libraries available for autoremove after the main package is gone. Preview the cleanup before accepting it:

sudo apt autoremove --dry-run

Continue only if the preview lists Nmap-related packages you no longer need, such as nmap-common, liblinear4, libssh2-1t64, liblua5.3-0, or lua-lpeg. If the preview includes unrelated packages, leave them installed or review them separately.

sudo apt autoremove

Remove source-built Nmap on Linux Mint

If the original build tree still exists, use Nmap’s upstream uninstall target from that source directory:

NMAP_VERSION=$(/usr/local/bin/nmap --version | grep -oE '[0-9]+(\.[0-9]+)+' | head -n 1 || true)

if [ -n "$NMAP_VERSION" ] && cd "$HOME/nmap-build/nmap-$NMAP_VERSION"; then
  sudo make uninstall
else
  printf 'Could not enter the saved Nmap source directory.\n' >&2
fi

If this command reports that the saved source directory is missing, use the direct fallback cleanup instead of running make uninstall.

Remove the updater and build directories after make uninstall finishes:

sudo rm -f /usr/local/bin/update-nmap
rm -rf "$HOME/nmap-build"
rm -rf "${XDG_CACHE_HOME:-$HOME/.cache}/nmap-build"

The fallback cleanup permanently deletes source-built Nmap binaries, man pages, shared data, the Ncat certificate bundle, and the updater helper from /usr/local. Use it only for the source method documented here, not for files you installed under a custom prefix.

If the build tree no longer exists, remove the source-installed files directly:

sudo rm -f /usr/local/bin/nmap /usr/local/bin/ncat /usr/local/bin/nping /usr/local/bin/update-nmap
sudo rm -f /usr/local/share/man/man1/nmap.1 /usr/local/share/man/man1/ncat.1 /usr/local/share/man/man1/nping.1
sudo rm -f /usr/local/share/man/*/man1/nmap.1
sudo rm -rf /usr/local/share/nmap /usr/local/share/ncat
rm -rf "$HOME/nmap-build"
rm -rf "${XDG_CACHE_HOME:-$HOME/.cache}/nmap-build"

Clear Bash’s command cache and verify the source-built commands are gone:

hash -r
command -v nmap
command -v ncat
command -v nping
command -v update-nmap

If you still have the APT package installed, nmap and nping fall back to /usr/bin. If you removed both methods, these checks return no output.

Troubleshoot Nmap on Linux Mint

Most Nmap issues on Linux Mint come from a missing package, a path change after switching methods, a disabled repository component, or a scan type that needs raw socket privileges.

Fix nmap command not found on Linux Mint

If the shell returns nmap: command not found, clear Bash’s command cache and check the active command path:

hash -r
command -v nmap

No output means neither an APT-installed nor source-built nmap command is available in your current PATH. Install the APT package again if you want the default Mint version:

sudo apt update
sudo apt install nmap

If you built from source and expected that copy to exist, check the direct path before reinstalling:

test -x /usr/local/bin/nmap && /usr/local/bin/nmap --version

Fix unable to locate package nmap on Linux Mint

If APT cannot locate nmap, confirm whether the package candidate is visible:

apt-cache policy nmap

On a standard Mint install, the candidate comes from the Ubuntu base repositories. If the candidate is still (none) after sudo apt update, restore the official repositories through Software Sources, then refresh APT and retry the install.

Fix the Nmap root privileges error on Linux Mint

Options such as -O fail without root privileges because they need raw socket access:

TCP/IP fingerprinting (for OS scan) requires root privileges.
QUITTING!

Re-run that scan with sudo:

sudo nmap -O 127.0.0.1

If you are checking an SSH service on a Mint machine you manage, the guide to install OpenSSH on Linux Mint covers the server-side package and service checks before you scan it from another host.

Fix update-nmap dependency errors on Linux Mint

The updater stops before downloading when a required tool is missing. The error names the command it could not find:

Error: gcc is required but not installed.
Install the source-build dependencies first, then try again.

Reinstall the source-build dependencies, then run the helper again:

sudo apt install build-essential curl ca-certificates bzip2 libssh2-1-dev libssl-dev
update-nmap

Fix Ncat or Ndiff missing after installing Nmap

The APT nmap package installs nmap and nping, but it only suggests ncat and ndiff. Install those packages separately when a tutorial or workflow expects them:

sudo apt install ncat ndiff

If you used the source build above, ncat and nping are installed under /usr/local/bin. The documented source build does not add ndiff, so keep the APT ndiff package installed if you need XML scan comparisons.

Conclusion

Nmap is ready on Linux Mint through either the easy APT package or a checksum-verified source build with a reusable updater. Start with a narrow scan against systems you control, then use the removal path that matches the install method when you switch between packaged and source-built copies.