How does Wireshark differ from tcpdump?

• A. It is a purely command-line tool with no graphical interface.
• B. Wireshark runs on Windows only, tcpdump on Linux.
• C. Wireshark has a graphical front-end and integrated sorting and filtering options, while tcpdump is command-line based.
• D. Tcpdump can display GUI graphs.

Answer: (C)

The main idea here is the difference between a graphical, interactive packet analyzer and a plain command-line capture tool. Wireshark provides a graphical front-end that lets you view, filter, and sort captured packets visually, with built-in protocol decoders and color-coding to make it easy to explore a trace. You can apply display filters, inspect individual packet details, and see summaries and timelines all in one interface. Tcpdump, on the other hand, is a command-line tool that captures packets and prints a text summary to the terminal; you specify capture or display filters using its syntax, and analysis is typically done by piping output to other tools or saving to a file for later processing. Because of the GUI and integrated analysis features, Wireshark is the more interactive choice, while tcpdump is lightweight and suited for quick captures, scripting, or automated workflows. The other options are off because Wireshark does have a graphical interface, tcpdump runs beyond just Linux, and tcpdump does not display GUI graphs.