Some prior work has been done to reverse engineer the communication protocol with the Edimax IC-1000 by Mario Becroft. To see his code, go to http://gem.win.co.nz/mb/misc/edicam/.
According to the previously mentioned camera utility, and some packet captures of the Java video client built into the camera, it turns out that the clients do their job in a very simple manner: a sequence of bytes (the request) is sent, the camera sends back four bytes and then a JPEG image. Once another request is sent, the camera sends back another four bytes, and then another JPEG.
The camera accepts TCP connections on port 4321. The proper request sequence is {0x30,0x31,0x31,0x30}; this can be followed by 0x0d (CR) or 0x0a (LF), or both if desired, but it seems the camera just throws anything after the first four bytes away. That four byte sequence corresponds to the string "0110" without a null terminator. The camera will then send back four bytes; the first two are a network byte order short corresponding to the size of the image that's going to come next, and the last two are just 0x1 0x0. These two junk bytes can be discarded. All data after those four bytes is the JPEG image.
Here's a simple method for individual image retrieval using netcat.