Is there a way to associate packets with executing binaries? I would be open to traditional sniffing methods or even dtrace for that matter.
I have a specific issue on a system with very high traffic. Sniffing "all" packets and filtering them is becoming a very burdensome problem and eliminating packet emission from all but the offending app is not possible in this scenario.
You don't mention what OS you're running on said system, but if it's running Windows you can use Microsoft Network Monitor, which shows the process ID for each "conversation" so it should allow you to focus your analysis. "Filtering" traffic per process ID is as simple as selecting the process in the left pane and viewing it's traffic in the right pane.
Not sure this is what you require, but netstat can help you associate process id with network port. In wireshark you can then filter on that port number, to only sniff a specific process id's packets.
On windows there is an experimental build that does this, as described on the mailing list: http://www.wireshark.org/lists/wireshark-dev/201212/msg00069.html
Recently I ran into a really nice solution for this problem and wanted to share. It is found in the DTrace Book: http://www.dtracebook.com
You'll want to pull down the examples from here: http://www.dtracebook.com/images/dtbook_scripts.tar.gz
I'm running no OS X. I extracted the scripts to dtbook under my ~/bin and executed the appropriate script as follows:
sudo ~/bin/dtbook/Chap6/soconnect_mac.d
Which will then give you all processes with their connections. I usually pipe that into grep and search for apps specifically now.