É possível saber qual processo abriu uma conexão no Windows?

Use também a opção -b :

  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.

exemplo:

$netstat -ab

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    john:epmap             john:0                 LISTENING       1404
  c:\windows\system32\WS2_32.dll
  C:\WINDOWS\system32\RPCRT4.dll
  c:\windows\system32\rpcss.dll
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\ADVAPI32.dll
  [svchost.exe]

  TCP    john:3150              18-24-50-20.rdsnet.ro:50087  SYN_SENT        392
  [deluged.exe]

  TCP    john:3155              ool-18d24.static.optonline.net:20170  SYN_SENT        392
  [deluged.exe]

  TCP    john:3157              69-62-57-59-adsl-tan.dynamic.so-net.net.tw:10365  SYN_SENT        392
  [deluged.exe]

O Sysinternals Process Explorer informa quais conexões são abertas pelo aplicativo, embora eu não saiba se existe uma maneira de fazer a pesquisa inversa por conexão. Se você não tem muitos processos para verificar, isso deve funcionar.