Here is a description on how to answer the questions....

Some activity is abnormal, some is normal, and some is mixture of both. If it's normal network traffic without anything suspicious, don't overthink it; report on why it's normal and move on$.$ If you can't ascertain whether or not it's abnormal, tell me why and move on$.$ There are examples of both of those situations in the packet capture.

$($Good description vs poor description$)$

Poor:

IP xxx$.$xxx$.$xxx$.$xxx is accessing port $21$ over TCP on IP xx$.$xx$.$xx$.$xx

While this is a fact, it's not useful information as it missing the description which makes it relevant to what's going on$.$

Good:

IP xxx$.$xxx$.$xxx$.$xxx is attempting to connect to port $21$ on IP xxx$.$xxx$.$xxx$.$xxx$.$ Port $21$ is ftp$,$ which sends credentials in the clear. The series of packet captures shows that the intruder was attempting to guess passwords for user "sumowrestler". The intruder was eventually successful after the $5$th try. The passwords guessed were "password", "sumo", "wrestler", "beatles" and "sumo$1",$ the latter of which allowed the intruder to gain access to the computer.

$1.$ Is the activity occurring in packets $2-3$ abnormal? If so$,$ provide a detailed interpretation of what is occurring, and the possible uses of the information gained. If there$$s nothing suspicious, tell me so$,$ and explain why it$$s normal traffic.

$2.$ Is the activity occurring in packets $5-37$ abnormal? If so$,$ provide a detailed interpretation of what is occurring, and the possible uses of the information gained.

$3.$ Is the activity occurring in packets $42-84$ abnormal? If so$,$ provide a detailed interpretation of what is occurring, and the possible consequences.

$4.$ Is the activity occurring in packets $91-132$ abnormal? If so$,$ provide a detailed interpretation of what is occurring, and the possible consequences such as how many ports are involved and their associated services. What information would be gained and how could it be used by an attacker?

$5.$ Is the activity occurring in packets $139-1157$ abnormal? Hint: this is a TCP stream so you can select the first packet $>$ Right$-$Click $>$ "Follow TCP Stream" $($or Follow $>$ TCP Stream depending on your version$)$ and Wireshark will extract those packets in to a single readable stream. Provide a detailed description and interpretation of what is occurring along with possible consequences. There is a lot going on there; tell me what happened.

$6.$ Is the activity occurring in packets $1160-1182$ abnormal? If so$,$ provide a detailed interpretation of what is occurring. This may require a light Googling. Hint: This is also a TCP Stream; see above.

$7.$ Is the activity occurring in packets $1184-1475$ abnormal? If so$,$ provide a detailed interpretation of what is occurring, and the possible uses of the information gained. Hint: You guessed it $$ also a TCP Stream.

$8.$ Is the activity occurring in packets $1476$ through the end of the packet capture abnormal? If so$,$ provide a detailed interpretation of what is occurring, and the possible uses of the information gained.