I always wondered why my ASA, which I monitor with a netflo9 sensor, has a lot of traffic from a fileserver to IP 220.127.116.11. According to "google" its ipv6 traffic. But ipv6 is turned off and I dont see why my fileserver should generate that much traffic with IPv6. Its a Windows 2008 R2 Machine.
Is there any sensor I may add for this machine to get a better overview what exactly is generating that many traffic, without using a third party tool?