Netstat no more
To find out which process and binary is responsible for binding that tcp socket, it's all aboard the ss port scanner:
$ ss -ltnp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 *:8081 *:* users:(("unexpected-binary",pid=28276,fd=3))
LISTEN 0 5 [::1]:631 [::]:*
Without -n, well-known ports
are named rather than numbered (e.g. 8081 above is displayed as tproxy).
From the man page:
-t tcp sockets
-u udp sockets
-l Display only listening sockets
-p Show process using socket
-n numeric. Do not try to resolve service names
May be useful to find the working directory, executable, envvars for the process:
$ ls -la /proc/28276/cwd
/proc/28276/cwd -> /code/goplay
$ ls -la /proc/28276/exe
/proc/28276/exe -> /code/goplay/unexpected-binary
$ strings /proc/28276/environ
USER=iain
SHELL=/bin/bash
PATH=/and/so/on
⁂