Netstat no more

To find out which process and binary is responsible for binding that tcp socket, it's all aboard the ss port scanner:

$ ss -ltnp
State  Recv-Q  Send-Q  Local Address:Port  Peer Address:Port
LISTEN 0       128*
LISTEN 0       5 *
LISTEN 0       128                 *:8081             *:*     users:(("unexpected-binary",pid=28276,fd=3))
LISTEN 0       5               [::1]:631           [::]:*

Without -n, well-known ports are named rather than numbered (e.g. 8081 above is displayed as tproxy).

From the man page:

-t tcp sockets
-u udp sockets 
-l Display only listening sockets
-p Show process using socket
-n numeric. Do not try to resolve service names

May be useful to find the working directory, executable, envvars for the process:

$ ls -la /proc/28276/cwd
/proc/28276/cwd -> /code/goplay
$ ls -la /proc/28276/exe
/proc/28276/exe -> /code/goplay/unexpected-binary
$ strings /proc/28276/environ