I do not know how Little Snit does it (but I would like ...); I used these dTrace probes:
# The socket accepts by process name:
dtrace -n 'syscall :: accept *: entry {@ [execname] = count (); } '
# :
dtrace -n 'syscall:: connect *: entry {trace (execname); ustack(); } '
# :
dtrace -n 'tcp: accept-installed {@[args [3] → tcps_raddr, args [3] → tcps_lport] = count(); } '
( "DTrace: Oracle Solaris, Mac OS X FreeBSD Brendan Gregg Jim Mauro, Prentice Hall 2011" http://www.dtracebook.com/index.php/Network_Lower_Level_Protocols.)
DTraceToolkit: http://www.brendangregg.com/dtrace.html#DTraceToolkit
, tcpsnoop tcptop.