From 1c0df1c018bb97f8c397a75bebe7d452d3f82a8e Mon Sep 17 00:00:00 2001
From: MatrixEditor <58256046+MatrixEditor@users.noreply.github.com>
Date: Sun, 22 Mar 2026 22:29:55 +0100
Subject: [PATCH 1/5] fix NETLOGON_LOGON_QUERY: add mailslot name alignment

---
 scapy/layers/smb.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py
index cf2ee2e868a..945eb9d676f 100644
--- a/scapy/layers/smb.py
+++ b/scapy/layers/smb.py
@@ -943,6 +943,10 @@ class NETLOGON_LOGON_QUERY(NETLOGON):
         LEShortEnumField("OpCode", 0x7, _NETLOGON_opcodes),
         StrNullField("ComputerName", ""),
         StrNullField("MailslotName", ""),
+        ConditionalField(
+            ByteField("MailslotPad", default=0x00),
+            lambda pkt: (len(pkt.MailslotName) + 1) % 2 != 0
+        ),
         StrNullFieldUtf16("UnicodeComputerName", ""),
         FlagsField("NtVersion", 0xB, -32, _NV_VERSION),
         XLEShortField("LmNtToken", 0xFFFF),

From c8c3a4bda0d7bf58afbfd27e5267f607fc977b61 Mon Sep 17 00:00:00 2001
From: MatrixEditor <58256046+MatrixEditor@users.noreply.github.com>
Date: Thu, 26 Mar 2026 06:43:35 +0000
Subject: [PATCH 2/5] Update scapy/layers/smb.py

Co-authored-by: Gabriel <10530980+gpotter2@users.noreply.github.com>
---
 scapy/layers/smb.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py
index 945eb9d676f..8a840082f01 100644
--- a/scapy/layers/smb.py
+++ b/scapy/layers/smb.py
@@ -942,11 +942,7 @@ class NETLOGON_LOGON_QUERY(NETLOGON):
     fields_desc = [
         LEShortEnumField("OpCode", 0x7, _NETLOGON_opcodes),
         StrNullField("ComputerName", ""),
-        StrNullField("MailslotName", ""),
-        ConditionalField(
-            ByteField("MailslotPad", default=0x00),
-            lambda pkt: (len(pkt.MailslotName) + 1) % 2 != 0
-        ),
+        PadField(StrNullField("MailslotName", ""), 2),
         StrNullFieldUtf16("UnicodeComputerName", ""),
         FlagsField("NtVersion", 0xB, -32, _NV_VERSION),
         XLEShortField("LmNtToken", 0xFFFF),

From d283cb16aed79b528fe04f9f63098a7a7dd459e3 Mon Sep 17 00:00:00 2001
From: MatrixEditor <58256046+MatrixEditor@users.noreply.github.com>
Date: Fri, 27 Mar 2026 23:00:06 +0100
Subject: [PATCH 3/5] tests: add NETLOGON_LOGON_QUERY unit test

- revert change when parsing NETLOGON_LOGON_QUERY: always use length of MailslotName as a reference
---
 scapy/layers/smb.py        | 6 +++++-
 test/scapy/layers/ldap.uts | 9 +++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py
index 8a840082f01..5cf0f2f5b20 100644
--- a/scapy/layers/smb.py
+++ b/scapy/layers/smb.py
@@ -942,7 +942,11 @@ class NETLOGON_LOGON_QUERY(NETLOGON):
     fields_desc = [
         LEShortEnumField("OpCode", 0x7, _NETLOGON_opcodes),
         StrNullField("ComputerName", ""),
-        PadField(StrNullField("MailslotName", ""), 2),
+        StrNullField("MailslotName", ""),
+        ConditionalField(
+            ByteField("MailslotPad", default=0x00),
+            lambda pkt: len(pkt.MailslotName) % 2 != 0
+        ),
         StrNullFieldUtf16("UnicodeComputerName", ""),
         FlagsField("NtVersion", 0xB, -32, _NV_VERSION),
         XLEShortField("LmNtToken", 0xFFFF),
diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts
index a4d1892e909..9560c14a9d2 100644
--- a/test/scapy/layers/ldap.uts
+++ b/test/scapy/layers/ldap.uts
@@ -215,3 +215,12 @@ pkt = NETLOGON(b'\x13\x00\\\x00\\\x00D\x00C\x001\x00\x00\x00\x00\x00D\x00O\x00M\
 assert pkt.NtVersion == 1
 assert pkt.UnicodeLogonServer == r"\\DC1"
 assert pkt.UnicodeDomainName == "DOMAIN"
+
+= Dissect NETLOGON_LOGON_QUERY - V1+V5+V5EX_WITH_IP
+
+pkt = NETLOGON(b'\x07\x00PC-001\x00\\MAILSLOT\\NET\\GETDC362\x00P\x00C\x00-\x000\x000\x001\x00\x00\x00\x0b\x00\x00\x00\xff\xff\xff\xff')
+
+assert pkt.ComputerName == b"PC-001"
+assert pkt.MailslotName == b"\\MAILSLOT\\NET\\GETDC362"
+assert pkt.NtVersion == 0x0b
+assert pkt.UnicodeComputerName == "PC-001"

From cc0e2249011acbcc85da8c15c49b577eb7b76355 Mon Sep 17 00:00:00 2001
From: MatrixEditor <58256046+MatrixEditor@users.noreply.github.com>
Date: Mon, 6 Apr 2026 07:49:05 +0200
Subject: [PATCH 4/5] fix: apply netlogon padding correctly

---
 scapy/layers/smb.py        |  2 +-
 test/scapy/layers/ldap.uts | 21 ++++++++++++++++-----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py
index 5cf0f2f5b20..9a2585b3c33 100644
--- a/scapy/layers/smb.py
+++ b/scapy/layers/smb.py
@@ -945,7 +945,7 @@ class NETLOGON_LOGON_QUERY(NETLOGON):
         StrNullField("MailslotName", ""),
         ConditionalField(
             ByteField("MailslotPad", default=0x00),
-            lambda pkt: len(pkt.MailslotName) % 2 != 0
+            lambda pkt: len(pkt.ComputerName) % 2 != 0
         ),
         StrNullFieldUtf16("UnicodeComputerName", ""),
         FlagsField("NtVersion", 0xB, -32, _NV_VERSION),
diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts
index 9560c14a9d2..7657daea674 100644
--- a/test/scapy/layers/ldap.uts
+++ b/test/scapy/layers/ldap.uts
@@ -218,9 +218,20 @@ assert pkt.UnicodeDomainName == "DOMAIN"
 
 = Dissect NETLOGON_LOGON_QUERY - V1+V5+V5EX_WITH_IP
 
-pkt = NETLOGON(b'\x07\x00PC-001\x00\\MAILSLOT\\NET\\GETDC362\x00P\x00C\x00-\x000\x000\x001\x00\x00\x00\x0b\x00\x00\x00\xff\xff\xff\xff')
+pkt = NETLOGON(b'\x07\x00PC\x00\\MAILSLOT\\NET\\GETDC598\x00P\x00C\x00\x00\x00\x0b\x00\x00 \xff\xff\xff\xff')
 
-assert pkt.ComputerName == b"PC-001"
-assert pkt.MailslotName == b"\\MAILSLOT\\NET\\GETDC362"
-assert pkt.NtVersion == 0x0b
-assert pkt.UnicodeComputerName == "PC-001"
+print(pkt.show())
+assert pkt.ComputerName == b"PC"
+assert pkt.MailslotName == b"\\MAILSLOT\\NET\\GETDC598"
+assert pkt.NtVersion == 0x2000000b
+assert pkt.UnicodeComputerName == "PC"
+
+= Dissect NETLOGON_LOGON_QUERY - V1+V5+V5EX_WITH_IP - with Padding
+
+pkt = NETLOGON(b'\x07\x00USER-PC\x00\\MAILSLOT\\NET\\GETDC725\x00\x00U\x00S\x00E\x00R\x00-\x00P\x00C\x00\x00\x00\x0b\x00\x00 \xff\xff\xff\xff')
+
+print(pkt.show())
+assert pkt.ComputerName == b"USER-PC"
+assert pkt.MailslotName == b"\\MAILSLOT\\NET\\GETDC725"
+assert pkt.NtVersion == 0x2000000b
+assert pkt.UnicodeComputerName == "USER-PC"

From 3ae1cf55e67cfce46927eab1a413d57984877a9a Mon Sep 17 00:00:00 2001
From: gpotter2 <10530980+gpotter2@users.noreply.github.com>
Date: Wed, 20 May 2026 20:43:16 +0200
Subject: [PATCH 5/5] SMB & Netbios: better formatting

Co-Authored-By: MatrixEditor <58256046+MatrixEditor@users.noreply.github.com>
---
 scapy/layers/netbios.py       | 33 +++++++++++++++++++++++------
 scapy/layers/smb.py           | 39 +++++++++++++++++++++++++++++------
 test/scapy/layers/netbios.uts |  2 +-
 3 files changed, 61 insertions(+), 13 deletions(-)

diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py
index 3d20a0ae65b..68e34c54e61 100644
--- a/scapy/layers/netbios.py
+++ b/scapy/layers/netbios.py
@@ -84,12 +84,33 @@ def post_build(self, p, pay):
 
 
 _NETBIOS_SUFFIXES = {
-    0x4141: "workstation",
-    0x4141 + 0x03: "messenger service",
-    0x4141 + 0x200: "file server service",
-    0x4141 + 0x10b: "domain master browser",
-    0x4141 + 0x10c: "domain controller",
-    0x4141 + 0x10e: "browser election service"
+    0x4141 + 0x00: "Workstation Service",
+    0x4141 + 0x01: "Messenger Service",
+    0x4141 + 0x03: "Messenger service",
+    0x4141 + 0x06: "RAS Server Service",
+    0x4141 + 0x1B: "Exchange MTA",
+    0x4141 + 0x1F: "NetDDE Service",
+    0x4141 + 0x20: "File Server Service",
+    0x4141 + 0x21: "RAS Client Service",
+    0x4141 + 0x22: "Exchange Interchange Service",
+    0x4141 + 0x23: "Exchange Store",
+    0x4141 + 0x24: "Exchange Directory",
+    0x4141 + 0x30: "Modern Sharing Server Service",
+    0x4141 + 0x31: "Modern Sharing Client Service",
+    0x4141 + 0x43: "SMS Client Remote Control",
+    0x4141 + 0x44: "SMS Admin Remote Control Tool",
+    0x4141 + 0x45: "SMS Client Remote Chat",
+    0x4141 + 0x46: "SMS Client Remote Transfer",
+    0x4141 + 0x4C: "DEC Pathworks TCP/IP Service",
+    0x4141 + 0x52: "DEC Pathworks TCP/IP Service",
+    0x4141 + 0x6A: "Exchange IMC",
+    0x4141 + 0x87: "Exchange MTA",
+    0x4141 + 0xBE: "Network Monitor Agent",
+    0x4141 + 0xBF: "Network Monitor Apps",
+    0x4141 + 0x10b: "Domain Master Browser",
+    0x4141 + 0x10c: "Domain Controller",
+    0x4141 + 0x10e: "Browser Election Service",
+    0x4141 + 0x200: "File Server Service",
 }
 
 _NETBIOS_QRTYPES = {
diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py
index 9a2585b3c33..5b4e5678c4b 100644
--- a/scapy/layers/smb.py
+++ b/scapy/layers/smb.py
@@ -943,11 +943,7 @@ class NETLOGON_LOGON_QUERY(NETLOGON):
         LEShortEnumField("OpCode", 0x7, _NETLOGON_opcodes),
         StrNullField("ComputerName", ""),
         StrNullField("MailslotName", ""),
-        ConditionalField(
-            ByteField("MailslotPad", default=0x00),
-            lambda pkt: len(pkt.ComputerName) % 2 != 0
-        ),
-        StrNullFieldUtf16("UnicodeComputerName", ""),
+        ReversePadField(StrNullFieldUtf16("UnicodeComputerName", ""), 2),
         FlagsField("NtVersion", 0xB, -32, _NV_VERSION),
         XLEShortField("LmNtToken", 0xFFFF),
         XLEShortField("Lm20Token", 0xFFFF),
@@ -1155,7 +1151,38 @@ class BRWS_HostAnnouncement(BRWS):
         StrFixedLenField("ServerName", b"", length=16),
         ByteField("OSVersionMajor", 6),
         ByteField("OSVersionMinor", 1),
-        LEIntField("ServerType", 4611),
+        FlagsField("ServerType", 4611, -32, {
+            0x00000001: "SV_TYPE_WORKSTATION",
+            0x00000002: "SV_TYPE_SERVER",
+            0x00000004: "SV_TYPE_SQLSERVER",
+            0x00000008: "SV_TYPE_DOMAIN_CTRL",
+            0x00000010: "SV_TYPE_DOMAIN_BAKCTRL",
+            0x00000020: "SV_TYPE_TIME_SOURCE",
+            0x00000040: "SV_TYPE_AFP",
+            0x00000080: "SV_TYPE_NOVELL",
+            0x00000100: "SV_TYPE_DOMAIN_MEMBER",
+            0x00000200: "SV_TYPE_PRINTQ_SERVER",
+            0x00000400: "SV_TYPE_DIALIN_SERVER",
+            0x00000800: "SV_TYPE_SERVER_UNIX,",
+            0x00001000: "SV_TYPE_NT",
+            0x00002000: "SV_TYPE_WFW",
+            0x00004000: "SV_TYPE_SERVER_MFPN",
+            0x00008000: "SV_TYPE_SERVER_NT",
+            0x00010000: "SV_TYPE_POTENTIAL_BROWSER",
+            0x00020000: "SV_TYPE_BACKUP_BROWSER",
+            0x00040000: "SV_TYPE_MASTER_BROWSER",
+            0x00080000: "SV_TYPE_DOMAIN_MASTER",
+            0x00400000: "SV_TYPE_WINDOWS",
+            0x00800000: "SV_TYPE_DFS",
+            0x01000000: "SV_TYPE_CLUSTER_NT",
+            0x02000000: "SV_TYPE_TERMINALSERVER",
+            0x04000000: "SV_TYPE_CLUSTER_VS_NT",
+            0x10000000: "SV_TYPE_DCE",
+            0x20000000: "SV_TYPE_ALTERNATE_XPORT",
+            0x40000000: "SV_TYPE_LOCAL_LIST_ONLY",
+            0x80000000: "SV_TYPE_DOMAIN_ENUM",
+            0xFFFFFFFF: "SV_TYPE_ALL",
+        }),
         ByteField("BrowserConfigVersionMajor", 21),
         ByteField("BrowserConfigVersionMinor", 1),
         XLEShortField("Signature", 0xAA55),
diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts
index eaff95decfe..9145b328284 100644
--- a/test/scapy/layers/netbios.uts
+++ b/test/scapy/layers/netbios.uts
@@ -8,7 +8,7 @@
 
 = NBNSQueryRequest - build & dissect
 
-z = NBNSHeader()/NBNSQueryRequest(SUFFIX="file server service", QUESTION_NAME='TEST1', QUESTION_TYPE='NB')
+z = NBNSHeader()/NBNSQueryRequest(SUFFIX="File Server Service", QUESTION_NAME='TEST1', QUESTION_TYPE='NB')
 
 assert raw(z) == b'\x00\x00\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 FEEFFDFEDBCACACACACACACACACACACA\x00\x00 \x00\x01'