Assuming you have a server with a bunch of processes (some which start at random time) listening on ports, and I want to understand what's going on. I can log all traffic using:

sudo tcpdump -w capture.pcap -i any

This is really helpful, and I see some payloads that I want to understand which process are responsible for sending. So I do the following:

netstat -nputwc > netlog

... this is FAR from perfect, as it only does a netstat every second or so (could miss some sockets opening / closing). So for some of the network packets, I see that a process was spin up, sent something out, then closed. So I have the PID but I have no idea which program is behind it. I know I can use strace to get the information I need, but that would require me knowing the PID ahead of time, which I do not:

strace -yfp <pid> -e trace=open,close,read,write,connect,accept

I would need something equivalent to strace, but that logs all process / socket information for all process in the system. In Windows, I used to use procmon (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx) for that purpose. Is there an equivalent tool for Linux?