When MAC flooding, why would an attacker specify IP addresses and/or TCP ports?


I’m specifically referring to the macof tool (part of the dsniff package).

As I understand it, MAC flooding is meant to overload a switch’s CAM table, which maps MAC addresses to switch ports.

Where does specifying IP addresses and/or TCP ports fit into this?

Does doing so allow an attacker to bypass a Layer 3 switch’s filters, ones that filter traffic based on IP addresses and/or TCP ports?