There are probably more legitimate reasons to use a packet sniffer than illegitimate ones, esp. if you are doing network programming -- it is more or less essential.
Wireshark is open source and available for all platforms. You probably don't need to go thru wireshark unless you are really interested, tho. I wrote a packet sniffer a few years ago after reading this:
Programming with pcap
WinPcap is a windows port of libpcap, so that might help.
Or, of course, if you just need a packet sniffer, use wireshark. WRT "how to focus on certain application that has higher risks", this is below the application layer. You can focus on whatever you want, the packet sniffer exposes everything indescriminately. If you want to focus on a particular application, you will have to figure out how to differentiate its messages from anything else, and write a filter or something.