SNMP
"....the controller oddly seems to be interested in collecting traffic from the relatively obscure SNMP ports 161 and 162."
One possibility is that there is some other exploit in the wild, that transfers information using SNMP, on the basis that SNMP packets to and from almost any device would not be considered out of the ordinary and would be unlikely to trigger an IDS/IPS.