How to encrypt socket.io client using CLI (instead of through browser)?

This is less of a "what is wrong with my code" and more of a "is this possible or even required". I've been working on this CLI chat using socket.io and socket.io, and then I thought "what if this was a production server exposed to the internet - does this need security?"

I've seen a lot of stuff online about using nginx or express (or both) to achieve this - but no mention of any type of encryption if you were trying to do this via CLI (eg, "node file.js" for this to emit traffic to the webserver but securely). I've tried a few examples (as they were provided) and then adapted my existing code to incorporate the same config, but now I'm starting to think that perhaps it isn't possible because they are already secure? (In my understanding the server listening port is just for the server to bind client to another port to send data)

I can't seem to find a cut and dry answer (past forum posts seem to contradict each other on this) from what I've found.

I tried running my server and connecting up via 2 clients (one localhost on the same as the server and one on another IP on my LAN) and ran wireshark to see if I could see my other host (which I couldn't) but I could see unencrypted traffic being sent... So while this isn't broadcast traffic to all, how easy would this be to snoop on if you knew the exact port server & client were using to communicate?

Hope someone can help explain these nuances