Within Wireshark, you can comment on the entire capture to document what you found within the file. You might preserve this information, either for yourself, or to share with others when working with a team. Let's walk through an example of adding a comment using the Web Page.pcapng subset.

To add a comment to the file, you can do one of the following:

• Select the comments icon in the lower left-hand corner, which looks like a pad and pencil.
• Go to Statistics | Capture File Properties and include your comments in the space below the Capture file comments.

In my Web Page.pcapng file, I entered the comment, HTTP traffic with interesting images, and then clicked Save Comments, as shown in the following screenshot:

Keep in mind that when adding comments, Wireshark does not highlight spelling errors. Therefore, if you want the comments in your file to look professional, take the time to do a spellcheck.

While adding a comment to an entire file is handy, sometimes, you may want to preserve the details of one, or possibly a few, packets that you want to identify within the file that you found to be interesting.

Adding a comment to a single packet is similar to adding a comment to the entire file. However, in this case, while in a single packet, go to the Edit menu choice and select Packet Comment…, as shown in the following screenshot:

Wireshark will open a form where you can add your comment. If you would like to add more comments later, simply select the same packet and repeat the steps you took to add the original comment.

In addition, you can delete all packet comments by going to the Edit menu choice and selecting Delete all Packet Comments, as shown in the Packet Comment... screenshot.

Once you are done with the comments, you'll need to save them so you can view them later, as discussed next.