...
The relevant part from the SNMP-RFCs https://www.rfc-editor.org/rfc/rfc1155 and https://www.rfc-editor.org/rfc/rfc1902 are:
Code Block language bash theme RDark TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295).
- INTEGER in ASN.1 is always signed, so when doing the BER encoding of such a value, one must add a leading zero for large numbers, otherwise interpreted as negative (2's complement). This is exactly what the faulty device doesn't do. If one likes to play around with such things a bit, there is https://lapo.it/asn1js/.
- tcpdump's output is not really correct; it seems to try to "fix" the value. One can do this by hand, BTW: -471450490 + 2^32 = 3823516806, which are the values we see above. This "fixing" is, in fact, incorrect; I guess it's tcpdump trying to be nice to the reader.
- The decoding on the Checkmk side is done by a rather standard library, which behaves in a totally correct way, so there is not much that can be done on our side.
...