On the packet inception section there is a question on the username of a malicious employee. I understand that I am supposed to look through the .pcap file for unusual conversations. Is there anymore hints other than the one provided?
I have changed filters in Wireshark to look at the different protocols and nothing seems obvious to me. Is there a specific tab in the packet details window that I am supposed to use?