nmap is smart enough to determine what service is being offered on a given port and what OS is running.

The above combined with the offending computer usually being a Mac and it's named something like "Bob Smith's Computer" is enough to common-sense narrow it down within a minute or two without having to use passive mode.

(Also with the repeat offender I kept his MAC handy.)

Then just initiate as many TCP connections as you can a la Python or whatever is handy.

(of course your mileage may vary with this approach such as when clients are isolated from communicating with each other.)

Won't the program listening on the socket just drop the connection if it's getting stuff that doesn't make sense or correspond to a session that it is aware of?

Or is the idea just to spam multiple connections?

It sounds more like connection flooding to me. TCP SYN flooding would also work, although modern IP stacks should cope reasonably well with that if syncookies are used.

That said ... considering these are Macs, they probably have mDNS open to IPv6 link-local traffic. It might make more sense to flood the offending machine with valid, unicasted mDNS packets. I don't know how well the Apple mDNS daemon copes with high traffic volume, but in my experience Avahi (on an Atom-powered netbook, admittedly) can regularly use over 50% CPU on a wireless network with an oversized local subnet. Hypothetically, deliberately flooding an OS X system with complex but valid mDNS announcements could have interesting results...

I should probably point out that Windows systems tend to be protected from this. Firstly, iTunes or Bonjour must be installed separately. Secondly, Windows Firewall tends to kick in with its "Public" profile, blocking inbound traffic by default. Thirdly, Windows machines tend to use mDNS over IPv4 multicast instead of IPv6 unless an auto-configured external address exists. This further reduces the traffic seen, although this last point is no protection from deliberate floods.