During my last shift I posted a story where I noted increased traffic on ports 8800, 1100, and 5905 and asking if anyone had packets.  We didn't get any captures, but a week or so later, our friends over at MWcollect posted this story which I found very interesting/useful, so I wanted to point it out to the rest of you who may not follow their blog.  I haven't played much with libemu, but after reading this, I clearly need to spend some more time with it.

Update: (2008-07-02-13:55 UTC) The MWCollect guys, say this is the most current version of their story.  They also recommend that folks trying libemu for the first time use the SVN version as that is the most current version (bug fixes, etc.)  Thanx, Markus.