Using the Cisco EPC feature and bringing data in Wireshark thereafter

edit

Forum,

Over the past 30 days i have been using a Cisco EPC session on a newer switch to capture a clients traffic for analysis. I am able to capture the data, export the file, and then move it via tftp. I can then load it into Wireshark.
The challenge I have is that the traffic, once loaded into Wireshark, is unidirectional as it is displayed. That being said, I specifically within the EPC configuration use the keywork "both" on the selected interface, which is supposed to capture traffic to and from vs. me just seeing the client as the initiator in all the frames. Has anyone else seen this behavior? Any insight would be greatly appreciated at this point. Thank you!

KMNRuser