tcpdump piped through grep written to file. (Weird number 16)

Question

I have the following command (I changed the ip to 8.8.8.8 for privacy reasons):

tcpdump -i eth0 -nn udp portrange 27950-27970 and dst 8.8.8.8 | grep 'length 16$' > testfile

Pretty straight forward. I want all the incoming packets with the length of 16 written to a file, but for a very strange reason it doesn't work.

tcpdump -i eth0 -nn udp portrange 27950-27970 and dst 8.8.8.8 | grep 'length 16$'

This command works fine and displays exactly what I want, just not in a file. So I am positive the packets are there. When I use the same command but with length 34 like this:

tcpdump -i eth0 -nn udp portrange 27950-27970 and dst 8.8.8.8 | grep 'length 34$' > testfile

That does write it to the file, just not the packets I want. Why does the exact same command work with 34 and not with 16? What is so special about 16? I am completely confused because this seems impossible to me.

Originally I wanted to pipe the command again into sed. But piping also doesn't work with number 16. If I change "> testfile" to "| grep 8.8.8.8" then I won't get any output, and again with 34 I do get an output.

Can any of you make any sense of this all? Did I stumble upon a very strange bug? I have been trying and googling for hours but no luck.

Thank you very much in advance.

Answer 1

The problem was: I did try making tcpdump line buffered -l but I didn't make grep --line-buffered. That does seem to do the trick.

That was my first problem, up to the next one. How to make sed line buffered. And I can do that with the unbuffer command. So now I am a happy man. Thanks @A.B for the help.

edit: This does actually work. So don't mind the downvote. It was probably one of them angry kids who shouldn't own a computer.