Well-known ports, TCP vs UDP, and how services claim a number
How port numbers route traffic to the right service, why the 0-1023 range is special, and what the TCP, UDP and TCP/UDP labels really mean.
A port is an address for a program
An IP address gets a packet to the right machine, but a single machine runs many network programs at once. The port number is the second half of the address that says which program should receive the packet. When you open a website, your browser dials port 443 on the server so the web service answers rather than the mail or database service. Ports are 16-bit numbers, giving a range of 0 to 65535, and conventions decide which service listens where.
Why 0 to 1023 are the well-known ports
The lowest 1024 ports are reserved for foundational services and, on Unix-like systems, historically required administrator privileges to bind. That restriction meant only trusted system software could claim a low port, which is why HTTP sits on 80, HTTPS on 443, SSH on 22 and DNS on 53. Registered ports from 1024 to 49151 cover application-specific services like MySQL on 3306 or RDP on 3389, and the dynamic range above 49151 is left for the short-lived ports your own outgoing connections borrow.
TCP, UDP, and why some entries list both
TCP and UDP are two transports that ride on top of IP. TCP sets up a connection and guarantees ordered, reliable delivery, which suits web pages, file transfers and remote logins. UDP is connectionless and lightweight, trading reliability for speed, which suits DNS queries, streaming and time sync. A service can register the same number on both transports, which is why entries like DNS on 53 and NFS on 2049 carry a TCP/UDP badge in this tool.
Defaults are conventions, not guarantees
Seeing a port open does not prove which service is behind it, and a service is not bound to its usual number. Administrators often move SSH off 22 or run a second web server on 8080 to avoid clashes, so the mapping here tells you the customary owner rather than a certainty. To confirm what is actually listening, tools like ss, netstat or nmap inspect a live host. Use this lookup to recognize a number quickly, then verify on the machine when it matters.