Is it better to use Wireshark through GUI version or use command line via command prompt? Why?
Both have their advantages and disadvantages. The GUI is great because it provides an easy to use interface where various options to comb through data (TCP Stream following, Statistical data, General Packet Capture). Anyone can get into the GUI without very much knowledge and start capturing packets, which is its biggest strength. Command line on the other hand requires a bit more knowledge how to access the features that are readily available in the GUI. That being said the command line is extremely useful for batch jobs to either automate or speed up packet analysis. Hope this helps.