Look at Winsock Layered Service Providers to monitor traffic. I believe LSPs are DLLs that get loaded into each process, so you should be able to call GetModuleFileName(NULL) to discover the EXE name when your DLL is loaded.
The Wikipedia article linked above shares my strongest concerns:
One major common issue with LSPs was that if they were to be removed or unregistered improperly or if the LSP was buggy, it would result in corruption of the Winsock catalog in the registry, and the entire TCP/IP stack would break and the computer could no longer access the network.
So if you are new to Windows programming and/or do not take proper precautions with writing these types of filter drives, then tread carefully. Otherwise, a bug in your program will easily screw up the user's machine.